Add parameter to set AuthorizedPrincipalsFile setting

2017-07-21 16:47:19 -05:00 · 2017-07-21 16:47:19 -05:00 · 717a237cc0
commit 717a237cc0
parent ec5141de84
3 changed files with 141 additions and 114 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -117,6 +117,7 @@ class ssh (
  $sshd_config_permittunnel               = undef,
  $sshd_config_hostcertificate            = undef,
  $sshd_config_trustedusercakeys          = undef,
+  $sshd_config_authorized_principals_file = undef,
 ) {

  case $::osfamily {
@ -500,6 +501,11 @@ class ssh (
    default: { $sshd_config_trustedusercakeys_real = $sshd_config_trustedusercakeys }
  }

+  case $sshd_config_authorized_principals_file {
+    'unset', undef: { $sshd_config_authorized_principals_file_real = undef }
+    default: { $sshd_config_authorized_principals_file_real = $sshd_config_authorized_principals_file }
+  }
+
  # validate params
  if $ssh_config_ciphers != undef {
    validate_array($ssh_config_ciphers)
@ -850,6 +856,10 @@ class ssh (
    }
  }

+  if $sshd_config_authorized_principals_file_real != undef {
+    validate_string($sshd_config_authorized_principals_file_real)
+  }
+
  package { $packages_real:
    ensure    => installed,
    source    => $ssh_package_source_real,
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@ -1097,6 +1097,20 @@ describe 'sshd_config_print_last_log param' do
    end
  end

+  context 'with sshd_config_authorized_principals_file param' do
+    ['unset', '.ssh/authorized_principals'].each do |value|
+      context "set to #{value}" do
+        let (:params) { { :sshd_config_authorized_principals_file => value } }
+
+        if value == 'unset'
+          it { should contain_file('sshd_config').without_content(/^\s*AuthorizedPrincipalsFile/)}
+        else
+          it { should contain_file('sshd_config').with_content(/^AuthorizedPrincipalsFile \.ssh\/authorized_principals/)}
+        end
+      end
+    end
+  end
+
  describe 'sshd_config_trustedusercakeys param' do
    ['unset', '/etc/ssh/authorized_users_ca.pub', 'none'].each do |value|
      context "set to #{value}" do
--- a/templates/sshd_config.erb
+++ b/templates/sshd_config.erb
@ -271,3 +271,6 @@ HostCertificate <%= cert %>
 <% if @sshd_config_trustedusercakeys_real -%>
 TrustedUserCAKeys <%= @sshd_config_trustedusercakeys_real %>
 <% end -%>
+<% if @sshd_config_authorized_principals_file_real -%>
+AuthorizedPrincipalsFile <%= @sshd_config_authorized_principals_file_real %>
+<% end -%>