Add support for UserKnownHostsFile ssh option

Array option ssh_config_user_known_hosts_file implemented

README.md

@@ -658,6 +658,12 @@ File mode of the global known_hosts file
 
 - *Default*: '0644'
 
+ssh_config_user_known_hosts_file
+----------------------------------
+Array of user's known_hosts files
+
+- *Default*: undefined
+
 manage_root_ssh_config
 ----------------------
 Manage SSH config of root. Valid values are 'true' and 'false'.

manifests/init.pp

@@ -98,6 +98,7 @@ class ssh (
   $ssh_config_global_known_hosts_owner = 'root',
   $ssh_config_global_known_hosts_group = 'root',
   $ssh_config_global_known_hosts_mode  = '0644',
+  $ssh_config_user_known_hosts_file    = undef,
   $keys                                = undef,
   $manage_root_ssh_config              = false,
   $root_ssh_config_content             = "# This file is being maintained by Puppet.\n# DO NOT EDIT\n",
@@ -647,6 +648,11 @@ class ssh (
   }
 
   validate_absolute_path($ssh_config_global_known_hosts_file)
+
+  if $ssh_config_user_known_hosts_file != undef {
+    validate_array($ssh_config_user_known_hosts_file)
+  }
+
   validate_string($ssh_config_global_known_hosts_owner)
   validate_string($ssh_config_global_known_hosts_group)
   validate_re($ssh_config_global_known_hosts_mode, '^[0-7]{4}$',

spec/classes/init_spec.rb

@@ -327,6 +327,9 @@ describe 'ssh' do
                                                  'hmac-sha1-etm@openssh.com',
         ],
         :ssh_config_global_known_hosts_file => '/etc/ssh/ssh_known_hosts2',
+        :ssh_config_user_known_hosts_file   => [ '.ssh/known_hosts1',
+                                                 '.ssh/known_hosts2',
+        ],
         :ssh_hostbasedauthentication        => 'yes',
         :ssh_strict_host_key_checking       => 'ask',
         :ssh_enable_ssh_keysign             => 'yes',
@@ -359,6 +362,7 @@ describe 'ssh' do
     it { should contain_file('ssh_config').with_content(/^\s*Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc$/) }
     it { should contain_file('ssh_config').with_content(/^\s*MACs hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com$/) }
     it { should contain_file('ssh_config').with_content(/^\s*GlobalKnownHostsFile \/etc\/ssh\/ssh_known_hosts2$/) }
+    it { should contain_file('ssh_config').with_content(/^\s*UserKnownHostsFile \.ssh\/known_hosts1 \.ssh\/known_hosts2$/) }
     it { should contain_file('ssh_config').with_content(/^\s*HostbasedAuthentication yes$/) }
     it { should contain_file('ssh_config').with_content(/^\s*StrictHostKeyChecking ask$/) }
     it { should contain_file('ssh_config').with_content(/^\s*EnableSSHKeysign yes$/) }
@@ -2290,6 +2294,37 @@ describe 'ssh' do
     end
   end
 
+  describe 'with parameter ssh_config_user_known_hosts_file' do
+    let :facts do
+      default_facts.merge(
+        {
+        }
+      )
+    end
+
+    context 'when set to an array of paths' do
+      let (:params) {{'ssh_config_user_known_hosts_file' => ['valid/path1','/valid/path2'] }}
+
+      it { should contain_file('ssh_config').with_content(/^\s*UserKnownHostsFile valid\/path1 \/valid\/path2$/) }
+    end
+
+    ['YES',true,2.42,a = { 'ha' => 'sh' }].each do |value|
+       context "specified as invalid value #{value} (as #{value.class})" do
+         let(:params) { { :ssh_config_user_known_hosts_file => value } }
+
+         if value.is_a?(Hash)
+           value = '{ha => sh}'
+         end
+
+         it 'should fail' do
+           expect {
+             should contain_class('ssh')
+           }.to raise_error(Puppet::Error, /is not an Array/)
+         end
+       end
+     end
+  end
+
   describe 'with parameter ssh_config_global_known_hosts_owner' do
     let :facts do
       default_facts.merge(

templates/ssh_config.erb

@@ -100,3 +100,6 @@ GSSAPIDelegateCredentials <%= @ssh_gssapidelegatecredentials %>
 # EnableSSHKeysign no
   EnableSSHKeysign <%= @ssh_enable_ssh_keysign %>
 <% end -%>
+<% if @ssh_config_user_known_hosts_file -%>
+  UserKnownHostsFile <%= @ssh_config_user_known_hosts_file.join(' ') %>
+<% end -%>