Add parameters to specify the template used to generate sshd_config and ssh_config

README.md

@@ -95,6 +95,12 @@ Boolean to set 'SendEnv XMODIFIERS' in ssh_config. This option is only valid on
 
 - *Default*: false
 
+ssh_config_template
+--------------------
+*string* The template used to generate ssh_config.
+
+- *Default*: 'ssh/ssh_config.erb'
+
 ssh_config_ciphers
 ------------------
 Array of ciphers to be used with the Ciphers option in ssh_config.
@@ -157,6 +163,12 @@ SyslogFacility option in sshd_config.
 
 - *Default*: 'AUTH'
 
+sshd_config_template
+--------------------
+*string* The template used to generate sshd_config.
+
+- *Default*: 'ssh/sshd_config.erb'
+
 sshd_config_login_grace_time
 ----------------------------
 LoginGraceTime option in sshd_config.

manifests/init.pp

@@ -22,6 +22,7 @@ class ssh (
   $ssh_config_sendenv_xmodifiers    = false,
   $ssh_config_ciphers               = undef,
   $ssh_config_macs                  = undef,
+  $ssh_config_template              = 'ssh/ssh_config.erb',
   $ssh_sendenv                      = 'USE_DEFAULTS',
   $sshd_config_path                 = '/etc/ssh/sshd_config',
   $sshd_config_owner                = 'root',
@@ -30,6 +31,7 @@ class ssh (
   $sshd_config_mode                 = 'USE_DEFAULTS',
   $sshd_config_port                 = '22',
   $sshd_config_syslog_facility      = 'AUTH',
+  $sshd_config_template             = 'ssh/sshd_config.erb',
   $sshd_config_login_grace_time     = '120',
   $sshd_config_challenge_resp_auth  = 'yes',
   $sshd_config_print_motd           = 'yes',
@@ -479,6 +481,13 @@ class ssh (
     }
   }
 
+  #ssh_config template
+  validate_string($ssh_config_template)
+
+  #sshd_config template
+  validate_string($sshd_config_template)
+
+
   #loglevel
   $supported_loglevel_vals=['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE']
   validate_re($sshd_config_loglevel, $supported_loglevel_vals)
@@ -524,7 +533,7 @@ class ssh (
     owner   => $ssh_config_owner,
     group   => $ssh_config_group,
     mode    => $ssh_config_mode,
-    content => template('ssh/ssh_config.erb'),
+    content => template($ssh_config_template),
     require => Package[$packages_real],
   }
 
@@ -534,7 +543,7 @@ class ssh (
     mode    => $sshd_config_mode_real,
     owner   => $sshd_config_owner,
     group   => $sshd_config_group,
-    content => template('ssh/sshd_config.erb'),
+    content => template($sshd_config_template),
     require => Package[$packages_real],
   }
 

spec/classes/init_spec.rb

@@ -967,6 +967,41 @@ describe 'ssh' do
     end
   end
 
+
+  context 'when ssh_config_template has a nonstandard value' do
+    context 'and that value is not valid' do
+      let (:facts) {{:fqdn => 'monkey.example.com', :osfamily  => 'RedHat', :root_home => '/root', :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='}}
+      let (:params) {{'ssh_config_template' => false}}
+      it 'should fail' do
+        expect { subject }.to raise_error(Puppet::Error, /is not a string/)
+      end
+    end
+    context 'and that value is valid' do
+      let (:facts) {{:fqdn => 'monkey.example.com', :osfamily  => 'RedHat', :root_home => '/root', :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='}}
+      let (:params) {{'ssh_config_template' => 'ssh/sshd_config.erb'}}
+      it 'should lay down the ssh_config file from the specified template' do
+        should contain_file('ssh_config').with_content(/OpenBSD: sshd_config/)
+      end
+    end
+  end
+
+  context 'when sshd_config_template has a nonstandard value' do
+    context 'and that value is not valid' do
+      let (:facts) {{:fqdn => 'monkey.example.com', :osfamily  => 'RedHat', :root_home => '/root', :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='}}
+      let (:params) {{'sshd_config_template' => false}}
+      it 'should fail' do
+        expect { subject }.to raise_error(Puppet::Error, /is not a string/)
+      end
+    end
+    context 'and that value is valid' do
+      let (:facts) {{:fqdn => 'monkey.example.com', :osfamily  => 'RedHat', :root_home => '/root', :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='}}
+      let (:params) {{'sshd_config_template' => 'ssh/ssh_config.erb'}}
+      it 'should lay down the sshd_config file from the specified template' do
+        should contain_file('sshd_config').with_content(/OpenBSD: ssh_config/)
+      end
+    end
+  end
+
   context 'with manage_root_ssh_config set to \'true\' on valid osfamily' do
     let :facts do
       {