diff --git a/README.md b/README.md index 480cc4e..31ffe99 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,12 @@ Boolean to set 'SendEnv XMODIFIERS' in ssh_config. This option is only valid on - *Default*: false +ssh_config_template +-------------------- +*string* The template used to generate ssh_config. + +- *Default*: 'ssh/ssh_config.erb' + ssh_config_ciphers ------------------ Array of ciphers to be used with the Ciphers option in ssh_config. @@ -157,6 +163,12 @@ SyslogFacility option in sshd_config. - *Default*: 'AUTH' +sshd_config_template +-------------------- +*string* The template used to generate sshd_config. + +- *Default*: 'ssh/sshd_config.erb' + sshd_config_login_grace_time ---------------------------- LoginGraceTime option in sshd_config. diff --git a/manifests/init.pp b/manifests/init.pp index 582d076..ddffa5c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -22,6 +22,7 @@ class ssh ( $ssh_config_sendenv_xmodifiers = false, $ssh_config_ciphers = undef, $ssh_config_macs = undef, + $ssh_config_template = 'ssh/ssh_config.erb', $ssh_sendenv = 'USE_DEFAULTS', $sshd_config_path = '/etc/ssh/sshd_config', $sshd_config_owner = 'root', @@ -30,6 +31,7 @@ class ssh ( $sshd_config_mode = 'USE_DEFAULTS', $sshd_config_port = '22', $sshd_config_syslog_facility = 'AUTH', + $sshd_config_template = 'ssh/sshd_config.erb', $sshd_config_login_grace_time = '120', $sshd_config_challenge_resp_auth = 'yes', $sshd_config_print_motd = 'yes', @@ -479,6 +481,13 @@ class ssh ( } } + #ssh_config template + validate_string($ssh_config_template) + + #sshd_config template + validate_string($sshd_config_template) + + #loglevel $supported_loglevel_vals=['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE'] validate_re($sshd_config_loglevel, $supported_loglevel_vals) @@ -524,7 +533,7 @@ class ssh ( owner => $ssh_config_owner, group => $ssh_config_group, mode => $ssh_config_mode, - content => template('ssh/ssh_config.erb'), + content => template($ssh_config_template), require => Package[$packages_real], } @@ -534,7 +543,7 @@ class ssh ( mode => $sshd_config_mode_real, owner => $sshd_config_owner, group => $sshd_config_group, - content => template('ssh/sshd_config.erb'), + content => template($sshd_config_template), require => Package[$packages_real], } diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index db53821..e93a074 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -967,6 +967,69 @@ describe 'ssh' do end end + + context 'when ssh_config_template has a nonstandard value' do + context 'and that value is not valid' do + let :facts do + { + :fqdn => 'monkey.example.com', + :osfamily => 'RedHat', + :root_home => '/root', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end + let (:params) {{'ssh_config_template' => false}} + it 'should fail' do + expect { subject }.to raise_error(Puppet::Error, /is not a string/) + end + end + context 'and that value is valid' do + let :facts do + { + :fqdn => 'monkey.example.com', + :osfamily => 'RedHat', + :root_home => '/root', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end + let (:params) {{'ssh_config_template' => 'ssh/sshd_config.erb'}} + it 'should lay down the ssh_config file from the specified template' do + should contain_file('ssh_config').with_content(/OpenBSD: sshd_config/) + end + end + end + + context 'when sshd_config_template has a nonstandard value' do + context 'and that value is not valid' do + let :facts do + { + :fqdn => 'monkey.example.com', + :osfamily => 'RedHat', + :root_home => '/root', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end + let (:params) {{'sshd_config_template' => false}} + it 'should fail' do + expect { subject }.to raise_error(Puppet::Error, /is not a string/) + end + end + context 'and that value is valid' do + let :facts do + { + :fqdn => 'monkey.example.com', + :osfamily => 'RedHat', + :root_home => '/root', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end + let (:params) {{'sshd_config_template' => 'ssh/ssh_config.erb'}} + it 'should lay down the sshd_config file from the specified template' do + should contain_file('sshd_config').with_content(/OpenBSD: ssh_config/) + end + end + end + context 'with manage_root_ssh_config set to \'true\' on valid osfamily' do let :facts do {