Allow sshd_config_trustedusercakeys to be 'none' as per the docs

README.md

@@ -578,7 +578,7 @@ Absolute path to the OpenSSH Host CA Certificate (HostCertificate) for use with
 
 sshd_config_trustedusercakeys
 -----------------------------
-Absolute path to the OpenSSH User CA Certificate (TrustedUserCAKeys) for use with SSH CA Validation for Users.
+Absolute path to the OpenSSH User CA Certificate (TrustedUserCAKeys) for use with SSH CA Validation for Users or the string 'none'.
 
 - *Default*: undefined
 

manifests/init.pp

@@ -830,8 +830,11 @@ class ssh (
   }
 
   if $sshd_config_trustedusercakeys_real != undef {
+    # TrustedUserCAKeys may be a path to the keys or 'none'
+    if $sshd_config_trustedusercakeys_real != 'none' {
       validate_absolute_path($sshd_config_trustedusercakeys_real)
     }
+  }
 
   package { $packages_real:
     ensure    => installed,

spec/classes/init_spec.rb

@@ -1040,7 +1040,7 @@ describe 'ssh' do
   end
 
   describe 'sshd_config_trustedusercakeys param' do
-    ['unset', '/etc/ssh/authorized_users_ca.pub'].each do |value|
+    ['unset', '/etc/ssh/authorized_users_ca.pub', 'none'].each do |value|
       context "set to #{value}" do
         let (:params) { { :sshd_config_trustedusercakeys => value } }