puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Allow sshd_config_trustedusercakeys to be 'none' as per the docs

Browse Source
This commit is contained in:
Garrett Honeycutt 2017-05-17 10:51:46 -04:00
parent b67aefd3c4
commit 84f0078a32
3 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -578,7 +578,7 @@ Absolute path to the OpenSSH Host CA Certificate (HostCertificate) for use with
sshd_config_trustedusercakeys sshd_config_trustedusercakeys
----------------------------- -----------------------------
Absolute path to the OpenSSH User CA Certificate (TrustedUserCAKeys) for use with SSH CA Validation for Users. Absolute path to the OpenSSH User CA Certificate (TrustedUserCAKeys) for use with SSH CA Validation for Users or the string 'none'.
- *Default*: undefined - *Default*: undefined

3
manifests/init.pp
View File

@ -830,8 +830,11 @@ class ssh (
} }
if $sshd_config_trustedusercakeys_real != undef { if $sshd_config_trustedusercakeys_real != undef {
# TrustedUserCAKeys may be a path to the keys or 'none'
if $sshd_config_trustedusercakeys_real != 'none' {
validate_absolute_path($sshd_config_trustedusercakeys_real) validate_absolute_path($sshd_config_trustedusercakeys_real)
} }
}
package { $packages_real: package { $packages_real:
ensure => installed, ensure => installed,

2
spec/classes/init_spec.rb
View File

@ -1040,7 +1040,7 @@ describe 'ssh' do
end end
describe 'sshd_config_trustedusercakeys param' do describe 'sshd_config_trustedusercakeys param' do
['unset', '/etc/ssh/authorized_users_ca.pub'].each do |value| ['unset', '/etc/ssh/authorized_users_ca.pub', 'none'].each do |value|
context "set to #{value}" do context "set to #{value}" do
let (:params) { { :sshd_config_trustedusercakeys => value } } let (:params) { { :sshd_config_trustedusercakeys => value } }