From 88f857d6b60901d81e060d4f4d7ddf3b54629f62 Mon Sep 17 00:00:00 2001
From: Garrett Honeycutt <code@garretthoneycutt.com>
Date: Sat, 4 Jun 2016 10:34:50 -0400
Subject: [PATCH] Work with apazga on adding config options for ssh_config

---
 README.md                 | 4 ++--
 manifests/init.pp         | 2 +-
 spec/classes/init_spec.rb | 8 +++++++-
 templates/ssh_config.erb  | 6 +++---
 4 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 548b5dd..0c26d24 100644
--- a/README.md
+++ b/README.md
@@ -160,9 +160,9 @@ String for HostbasedAuthentication option in ssh_config. Valid values are 'yes'
 ssh_strict_host_key_checking
 -----------------------------
 *string* For StrictHostKeyChecking setting in ssh_config. Valid values are
-'yes', 'no' or ask.
+'yes', 'no' or 'ask'.
 
-- *Default*: ask
+- *Default*: undef
 
 ssh_enable_ssh_keysign
 -----------------------------
diff --git a/manifests/init.pp b/manifests/init.pp
index 7560ea2..1fcb7fd 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -492,7 +492,7 @@ class ssh (
   }
 
   if $ssh_strict_host_key_checking != undef {
-    validate_re($ssh_strict_host_key_checking, '^(yes|no|ask)$', "ssh::ssh_ssh_strict_host_key_checking may be 'yes', 'no' or ask and is set to <${ssh_strict_host_key_checking}>.")
+    validate_re($ssh_strict_host_key_checking, '^(yes|no|ask)$', "ssh::ssh_strict_host_key_checking may be 'yes', 'no' or 'ask' and is set to <${ssh_strict_host_key_checking}>.")
   }
 
   if $ssh_enable_ssh_keysign != undef {
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index 310a7ea..60799d9 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -316,6 +316,9 @@ describe 'ssh' do
                                                  'hmac-sha1-etm@openssh.com',
         ],
         :ssh_config_global_known_hosts_file => '/etc/ssh/ssh_known_hosts2',
+        :ssh_hostbasedauthentication        => 'yes',
+        :ssh_strict_host_key_checking       => 'ask',
+        :ssh_enable_ssh_keysign             => 'yes',
       }
     end
 
@@ -345,6 +348,9 @@ describe 'ssh' do
     it { should contain_file('ssh_config').with_content(/^\s*Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc$/) }
     it { should contain_file('ssh_config').with_content(/^\s*MACs hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com$/) }
     it { should contain_file('ssh_config').with_content(/^\s*GlobalKnownHostsFile \/etc\/ssh\/ssh_known_hosts2$/) }
+    it { should contain_file('ssh_config').with_content(/^\s*HostbasedAuthentication yes$/) }
+    it { should contain_file('ssh_config').with_content(/^\s*StrictHostKeyChecking ask$/) }
+    it { should contain_file('ssh_config').with_content(/^\s*EnableSSHKeysign yes$/) }
   end
 
   context 'with params used in sshd_config set on valid osfamily' do
@@ -1800,7 +1806,7 @@ describe 'ssh' do
         it 'should fail' do
           expect {
             should contain_class('ssh')
-          }.to raise_error(Puppet::Error,/ssh::ssh_strict_host_key_checking may be either 'yes' or 'no' and is set to <#{Regexp.escape(value.to_s)}>\./)
+          }.to raise_error(Puppet::Error,/ssh::ssh_strict_host_key_checking may be 'yes', 'no' or 'ask' and is set to <#{Regexp.escape(value.to_s)}>\./)
         end
       end
     end
diff --git a/templates/ssh_config.erb b/templates/ssh_config.erb
index bc6ece2..d83f9ed 100644
--- a/templates/ssh_config.erb
+++ b/templates/ssh_config.erb
@@ -96,7 +96,7 @@ GSSAPIDelegateCredentials <%= @ssh_gssapidelegatecredentials %>
 <% if @ssh_config_macs -%>
   MACs <%= @ssh_config_macs.join(',') %>
 <% end -%>
-<% if @ssh_enable_ssh_keysign -%>
-#  EnableSSHKeysign no
-   EnableSSHKeysign yes
+<% if not @ssh_enable_ssh_keysign.nil? -%>
+# EnableSSHKeysign no
+  EnableSSHKeysign <%= @ssh_enable_ssh_keysign %>
 <% end -%>