Add parameter to set AuthorizedPrincipalsFile setting
This commit is contained in:
David Hollinger
parent
ec5141de84
commit
717a237cc0
@ -117,6 +117,7 @@ class ssh (
|
|||||||
$sshd_config_permittunnel = undef,
|
$sshd_config_permittunnel = undef,
|
||||||
$sshd_config_hostcertificate = undef,
|
$sshd_config_hostcertificate = undef,
|
||||||
$sshd_config_trustedusercakeys = undef,
|
$sshd_config_trustedusercakeys = undef,
|
||||||
|
$sshd_config_authorized_principals_file = undef,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
case $::osfamily {
|
case $::osfamily {
|
||||||
@ -500,6 +501,11 @@ class ssh (
|
|||||||
default: { $sshd_config_trustedusercakeys_real = $sshd_config_trustedusercakeys }
|
default: { $sshd_config_trustedusercakeys_real = $sshd_config_trustedusercakeys }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
case $sshd_config_authorized_principals_file {
|
||||||
|
'unset', undef: { $sshd_config_authorized_principals_file_real = undef }
|
||||||
|
default: { $sshd_config_authorized_principals_file_real = $sshd_config_authorized_principals_file }
|
||||||
|
}
|
||||||
|
|
||||||
# validate params
|
# validate params
|
||||||
if $ssh_config_ciphers != undef {
|
if $ssh_config_ciphers != undef {
|
||||||
validate_array($ssh_config_ciphers)
|
validate_array($ssh_config_ciphers)
|
||||||
@ -850,6 +856,10 @@ class ssh (
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if $sshd_config_authorized_principals_file_real != undef {
|
||||||
|
validate_string($sshd_config_authorized_principals_file_real)
|
||||||
|
}
|
||||||
|
|
||||||
package { $packages_real:
|
package { $packages_real:
|
||||||
ensure => installed,
|
ensure => installed,
|
||||||
source => $ssh_package_source_real,
|
source => $ssh_package_source_real,
|
||||||
|
|||||||
@ -1097,6 +1097,20 @@ describe 'sshd_config_print_last_log param' do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'with sshd_config_authorized_principals_file param' do
|
||||||
|
['unset', '.ssh/authorized_principals'].each do |value|
|
||||||
|
context "set to #{value}" do
|
||||||
|
let (:params) { { :sshd_config_authorized_principals_file => value } }
|
||||||
|
|
||||||
|
if value == 'unset'
|
||||||
|
it { should contain_file('sshd_config').without_content(/^\s*AuthorizedPrincipalsFile/)}
|
||||||
|
else
|
||||||
|
it { should contain_file('sshd_config').with_content(/^AuthorizedPrincipalsFile \.ssh\/authorized_principals/)}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe 'sshd_config_trustedusercakeys param' do
|
describe 'sshd_config_trustedusercakeys param' do
|
||||||
['unset', '/etc/ssh/authorized_users_ca.pub', 'none'].each do |value|
|
['unset', '/etc/ssh/authorized_users_ca.pub', 'none'].each do |value|
|
||||||
context "set to #{value}" do
|
context "set to #{value}" do
|
||||||
|
|||||||
@ -271,3 +271,6 @@ HostCertificate <%= cert %>
|
|||||||
<% if @sshd_config_trustedusercakeys_real -%>
|
<% if @sshd_config_trustedusercakeys_real -%>
|
||||||
TrustedUserCAKeys <%= @sshd_config_trustedusercakeys_real %>
|
TrustedUserCAKeys <%= @sshd_config_trustedusercakeys_real %>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
|
<% if @sshd_config_authorized_principals_file_real -%>
|
||||||
|
AuthorizedPrincipalsFile <%= @sshd_config_authorized_principals_file_real %>
|
||||||
|
<% end -%>
|
||||||
Loading…
x
Reference in New Issue
Block a user