puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add option to not import ssh keys

Browse Source
This commit is contained in:
Martin Hagstrom 2014-02-20 16:38:08 +01:00
parent ccfce3d093
commit 6236973bf8
3 changed files with 77 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -299,6 +299,12 @@ Export node SSH key. Valid values are 'present' and 'absent'.
- *Default*: 'present' - *Default*: 'present'
ssh_key_import
--------------
Import all exported node SSH keys. Valid values are 'true' and 'false'.
- *Default*: 'true'
ssh_key_type ssh_key_type
------------ ------------
Encryption type for SSH key. Valid values are 'rsa', 'dsa', 'ssh-dss' and 'ssh-rsa' Encryption type for SSH key. Valid values are 'rsa', 'dsa', 'ssh-dss' and 'ssh-rsa'

20
manifests/init.pp
View File

@ -40,6 +40,7 @@ class ssh (
$service_hasrestart = 'true', $service_hasrestart = 'true',
$service_hasstatus = 'true', $service_hasstatus = 'true',
$ssh_key_ensure = 'present', $ssh_key_ensure = 'present',
$ssh_key_import = 'true',
$ssh_key_type = 'ssh-rsa', $ssh_key_type = 'ssh-rsa',
$keys = undef, $keys = undef,
$manage_root_ssh_config = 'false', $manage_root_ssh_config = 'false',
@ -80,6 +81,19 @@ class ssh (
} }
} }
case type($ssh_key_import) {
'string': {
validate_re($ssh_key_import, '^(true|false)$', "ssh::ssh_key_import may be either 'true' or 'false' and is set to <${ssh_key_import}>.")
$ssh_key_import_real = str2bool($ssh_key_import)
}
'boolean': {
$ssh_key_import_real = $ssh_key_import
}
default: {
fail('ssh::ssh_key_import type must be true or false.')
}
}
case type($ssh_config_sendenv_xmodifiers) { case type($ssh_config_sendenv_xmodifiers) {
'string': { 'string': {
$ssh_config_sendenv_xmodifiers_real = str2bool($ssh_config_sendenv_xmodifiers) $ssh_config_sendenv_xmodifiers_real = str2bool($ssh_config_sendenv_xmodifiers)
@ -267,8 +281,10 @@ class ssh (
require => Package[$packages_real], require => Package[$packages_real],
} }
# import all nodes' ssh keys if $ssh_key_import_real == 'true' {
Sshkey <<||>> # import all nodes' ssh keys
Sshkey <<||>>
}
# remove ssh key's not managed by puppet # remove ssh key's not managed by puppet
resources { 'sshkey': resources { 'sshkey':

53
spec/classes/init_spec.rb
View File

@ -898,4 +898,57 @@ describe 'ssh' do
end end
end end
end end
describe 'with ssh_key_import parameter specified' do
context 'as a non-boolean or non-string' do
let(:params) { { :ssh_key_import => ['not_a_boolean','or_a_string'] } }
it 'should fail' do
expect { should raise_error(Puppet::Error) }
end
end
context 'as an invalid string' do
let(:params) { { :ssh_key_import => 'invalid_string' } }
let(:facts) do
{ :osfamily => 'RedHat',
:lsbmajdistrelease => '6',
}
end
it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::ssh_key_import may be either 'true' or 'false' and is set to <invalid_string>./) }
end
end
['true',true].each do |value|
context "as #{value}" do
let(:params) { { :ssh_key_import => value } }
let(:facts) do
{ :osfamily => 'RedHat',
:lsbmajdistrelease => '6',
}
end
it { should compile.with_all_deps }
it { should contain_class('ssh') }
end
end
['false',false].each do |value|
context "as #{value}" do
let(:params) { { :ssh_key_import => value } }
let(:facts) do
{ :osfamily => 'RedHat',
:lsbmajdistrelease => '6',
}
end
it { should compile.with_all_deps }
it { should contain_class('ssh') }
end
end
end
end end