From 1c78f1e73241be3a11d7d04de7e9ead77c06ab8b Mon Sep 17 00:00:00 2001 From: Andrei Brezan Date: Mon, 9 May 2016 17:37:58 +0200 Subject: [PATCH] Change sshd_config_port to support multiple port numbers, string/integer/array --- README.md | 2 +- manifests/init.pp | 17 ++++++++++++++++- spec/classes/init_spec.rb | 33 ++++++++++++++++++++++++++------- templates/sshd_config.erb | 4 +++- 4 files changed, 46 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 3da375e..ca229bd 100644 --- a/README.md +++ b/README.md @@ -196,7 +196,7 @@ String or Array to specify address(es) for which sshd will bind. Corresponds to sshd_config_port --------------------------- -String to specify listen port for sshd. Port option in sshd_config. +String, Integer or Array to specify listen port[s] for sshd. Port option in sshd_config. - *Default*: '22' diff --git a/manifests/init.pp b/manifests/init.pp index 5c71ea5..bda2f05 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -442,7 +442,22 @@ class ssh ( if $ssh_config_hash_known_hosts_real != undef { validate_re($ssh_config_hash_known_hosts_real, '^(yes|no)$', "ssh::ssh_config_hash_known_hosts may be either 'yes' or 'no' and is set to <${ssh_config_hash_known_hosts_real}>.") } - validate_re($sshd_config_port, '^\d+$', "ssh::sshd_config_port must be a valid number and is set to <${sshd_config_port}>.") + case type3x($sshd_config_port) { + 'string': { + validate_re($sshd_config_port, '^\d+$', "ssh::sshd_config_port must be a valid number and is set to <${sshd_config_port}>.") + $sshd_config_port_array = [ str2num($sshd_config_port) ] + } + 'array': { + $sshd_config_port_array = $sshd_config_port + } + 'integer': { + $sshd_config_port_array = [ $sshd_config_port ] + } + default: { + fail('ssh:sshd_config_port must be a string, an integer or an array. ') + } + } + validate_numeric($sshd_config_port_array, 65535, 1) if $sshd_kerberos_authentication != undef { validate_re($sshd_kerberos_authentication, '^(yes|no)$', "ssh::sshd_kerberos_authentication may be either 'yes' or 'no' and is set to <${sshd_kerberos_authentication}>.") } diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 4c8cb58..4f4d3c1 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -950,21 +950,40 @@ describe 'ssh' do end end - context 'with sshd_config_port not being a valid number' do + describe 'sshd_config_port param' do let :facts do default_facts.merge( { } ) end - let :params do - { :sshd_config_port => '22invalid' } + + context 'when set to an array' do + let (:params) {{'sshd_config_port' => ['22222', '22223'] }} + + it { should contain_file('sshd_config').with_content(/^Port 22222\nPort 22223$/) } end - it 'should fail' do - expect { - should contain_class('ssh') - }.to raise_error(Puppet::Error,/ssh::sshd_config_port must be a valid number and is set to <22invalid>\./) + context 'when set to a string' do + let (:params) {{'sshd_config_port' => '22222' }} + + it { should contain_file('sshd_config').with_content(/^Port 22222$/) } + end + + context 'when set to an integer' do + let (:params) {{'sshd_config_port' => 22222 }} + + it { should contain_file('sshd_config').with_content(/^Port 22222$/) } + end + + context 'when not set to a valid number' do + let (:params) {{'sshd_config_port' => '22invalid' }} + + it 'should fail' do + expect { + should contain_class('ssh') + }.to raise_error(Puppet::Error,/ssh::sshd_config_port must be a valid number and is set to <22invalid>\./) + end end end diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index c795967..1992bf7 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb @@ -14,7 +14,9 @@ # default value. #Port 22 -Port <%= @sshd_config_port %> +<% @sshd_config_port_array.each do |p| -%> +<%= "Port #{p}" %> +<% end -%> #Protocol 2,1 Protocol 2 #AddressFamily any