Work with apazga on adding config options for ssh_config

2016-06-04 10:34:50 -04:00 · 2016-06-04 10:34:50 -04:00 · 88f857d6b6
commit 88f857d6b6
parent b48e066f21
4 changed files with 13 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -160,9 +160,9 @@ String for HostbasedAuthentication option in ssh_config. Valid values are 'yes'
 ssh_strict_host_key_checking
 -----------------------------
 *string* For StrictHostKeyChecking setting in ssh_config. Valid values are
-'yes', 'no' or ask.
+'yes', 'no' or 'ask'.

- *Default*: ask
+- *Default*: undef

 ssh_enable_ssh_keysign
 -----------------------------
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -492,7 +492,7 @@ class ssh (
  }

  if $ssh_strict_host_key_checking != undef {
-    validate_re($ssh_strict_host_key_checking, '^(yes|no|ask)$', "ssh::ssh_ssh_strict_host_key_checking may be 'yes', 'no' or ask and is set to <${ssh_strict_host_key_checking}>.")
+    validate_re($ssh_strict_host_key_checking, '^(yes|no|ask)$', "ssh::ssh_strict_host_key_checking may be 'yes', 'no' or 'ask' and is set to <${ssh_strict_host_key_checking}>.")
  }

  if $ssh_enable_ssh_keysign != undef {
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@ -316,6 +316,9 @@ describe 'ssh' do
                                                 'hmac-sha1-etm@openssh.com',
        ],
        :ssh_config_global_known_hosts_file => '/etc/ssh/ssh_known_hosts2',
+        :ssh_hostbasedauthentication        => 'yes',
+        :ssh_strict_host_key_checking       => 'ask',
+        :ssh_enable_ssh_keysign             => 'yes',
      }
    end

@ -345,6 +348,9 @@ describe 'ssh' do
    it { should contain_file('ssh_config').with_content(/^\s*Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc$/) }
    it { should contain_file('ssh_config').with_content(/^\s*MACs hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com$/) }
    it { should contain_file('ssh_config').with_content(/^\s*GlobalKnownHostsFile \/etc\/ssh\/ssh_known_hosts2$/) }
+    it { should contain_file('ssh_config').with_content(/^\s*HostbasedAuthentication yes$/) }
+    it { should contain_file('ssh_config').with_content(/^\s*StrictHostKeyChecking ask$/) }
+    it { should contain_file('ssh_config').with_content(/^\s*EnableSSHKeysign yes$/) }
  end

  context 'with params used in sshd_config set on valid osfamily' do
@ -1800,7 +1806,7 @@ describe 'ssh' do
        it 'should fail' do
          expect {
            should contain_class('ssh')
-          }.to raise_error(Puppet::Error,/ssh::ssh_strict_host_key_checking may be either 'yes' or 'no' and is set to <#{Regexp.escape(value.to_s)}>\./)
+          }.to raise_error(Puppet::Error,/ssh::ssh_strict_host_key_checking may be 'yes', 'no' or 'ask' and is set to <#{Regexp.escape(value.to_s)}>\./)
        end
      end
    end
--- a/templates/ssh_config.erb
+++ b/templates/ssh_config.erb
@ -96,7 +96,7 @@ GSSAPIDelegateCredentials <%= @ssh_gssapidelegatecredentials %>
 <% if @ssh_config_macs -%>
  MACs <%= @ssh_config_macs.join(',') %>
 <% end -%>
-<% if @ssh_enable_ssh_keysign -%>
-#  EnableSSHKeysign no
-   EnableSSHKeysign yes
+<% if not @ssh_enable_ssh_keysign.nil? -%>
+# EnableSSHKeysign no
+  EnableSSHKeysign <%= @ssh_enable_ssh_keysign %>
 <% end -%>