diff --git a/README.md b/README.md index 23fb415..2ccd380 100644 --- a/README.md +++ b/README.md @@ -299,6 +299,12 @@ Export node SSH key. Valid values are 'present' and 'absent'. - *Default*: 'present' +ssh_key_import +-------------- +Import all exported node SSH keys. Valid values are 'true' and 'false'. + +- *Default*: 'true' + ssh_key_type ------------ Encryption type for SSH key. Valid values are 'rsa', 'dsa', 'ssh-dss' and 'ssh-rsa' diff --git a/manifests/init.pp b/manifests/init.pp index 958ca51..f86b12f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -40,6 +40,7 @@ class ssh ( $service_hasrestart = 'true', $service_hasstatus = 'true', $ssh_key_ensure = 'present', + $ssh_key_import = 'true', $ssh_key_type = 'ssh-rsa', $keys = undef, $manage_root_ssh_config = 'false', @@ -80,6 +81,19 @@ class ssh ( } } + case type($ssh_key_import) { + 'string': { + validate_re($ssh_key_import, '^(true|false)$', "ssh::ssh_key_import may be either 'true' or 'false' and is set to <${ssh_key_import}>.") + $ssh_key_import_real = str2bool($ssh_key_import) + } + 'boolean': { + $ssh_key_import_real = $ssh_key_import + } + default: { + fail('ssh::ssh_key_import type must be true or false.') + } + } + case type($ssh_config_sendenv_xmodifiers) { 'string': { $ssh_config_sendenv_xmodifiers_real = str2bool($ssh_config_sendenv_xmodifiers) @@ -267,8 +281,10 @@ class ssh ( require => Package[$packages_real], } - # import all nodes' ssh keys - Sshkey <<||>> + if $ssh_key_import_real == 'true' { + # import all nodes' ssh keys + Sshkey <<||>> + } # remove ssh key's not managed by puppet resources { 'sshkey': diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 33b4291..32b2853 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -898,4 +898,57 @@ describe 'ssh' do end end end + + describe 'with ssh_key_import parameter specified' do + context 'as a non-boolean or non-string' do + let(:params) { { :ssh_key_import => ['not_a_boolean','or_a_string'] } } + + it 'should fail' do + expect { should raise_error(Puppet::Error) } + end + end + + context 'as an invalid string' do + let(:params) { { :ssh_key_import => 'invalid_string' } } + let(:facts) do + { :osfamily => 'RedHat', + :lsbmajdistrelease => '6', + } + end + + it 'should fail' do + expect { should raise_error(Puppet::Error,/^ssh::ssh_key_import may be either 'true' or 'false' and is set to ./) } + end + end + + ['true',true].each do |value| + context "as #{value}" do + let(:params) { { :ssh_key_import => value } } + let(:facts) do + { :osfamily => 'RedHat', + :lsbmajdistrelease => '6', + } + end + + it { should compile.with_all_deps } + + it { should contain_class('ssh') } + end + end + + ['false',false].each do |value| + context "as #{value}" do + let(:params) { { :ssh_key_import => value } } + let(:facts) do + { :osfamily => 'RedHat', + :lsbmajdistrelease => '6', + } + end + + it { should compile.with_all_deps } + + it { should contain_class('ssh') } + end + end + end end