puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update HostCertificate to take an array of certs

Browse Source
This commit is contained in:
David Hollinger 2017-07-21 10:00:03 -05:00
parent 4cf13caf74
commit ec5141de84
3 changed files with 20 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
manifests/init.pp
View File

@ -839,6 +839,7 @@ class ssh (
} }
if $sshd_config_hostcertificate_real != undef { if $sshd_config_hostcertificate_real != undef {
validate_array($sshd_config_hostcertificate_real)
validate_absolute_path($sshd_config_hostcertificate_real) validate_absolute_path($sshd_config_hostcertificate_real)
} }

20
spec/classes/init_spec.rb
View File

@ -1068,16 +1068,22 @@ describe 'sshd_config_print_last_log param' do
end end
describe 'sshd_config_hostcertificate param' do describe 'sshd_config_hostcertificate param' do
['unset', '/etc/ssh/ssh_host_key-cert.pub'].each do |value| context 'unset value' do
context "set to #{value}" do let(:params) { { :sshd_config_hostcertificate => 'unset' } }
let (:params) { { :sshd_config_hostcertificate => value } }
if value == 'unset'
it { should contain_file('sshd_config').without_content(/^\s*HostCertificate/) } it { should contain_file('sshd_config').without_content(/^\s*HostCertificate/) }
else
it { should contain_file('sshd_config').with_content(/^HostCertificate #{value}/) }
end end
context 'with a certificate' do
let(:params) { { :sshd_config_hostcertificate => ['/etc/ssh/ssh_host_key-cert.pub'] } }
it { should contain_file('sshd_config').with_content(/^HostCertificate \/etc\/ssh\/ssh_host_key-cert\.pub/) }
end end
context 'with multiple certs' do
let(:params) { { :sshd_config_hostcertificate => [ '/etc/ssh/ssh_host_key-cert.pub', '/etc/ssh/ssh_host_key-cert2.pub'] } }
it { should contain_file('sshd_config').with_content(/^HostCertificate \/etc\/ssh\/ssh_host_key-cert\.pub\nHostCertificate \/etc\/ssh\/ssh_host_key-cert2\.pub/)}
end end
end end
@ -1087,7 +1093,7 @@ describe 'sshd_config_print_last_log param' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/"invalid" is not an absolute path/) }.to raise_error(Puppet::PreformattedError,/"invalid" is not an Array/)
end end
end end

4
templates/sshd_config.erb
View File

@ -264,7 +264,9 @@ Match <%= key %>
<% end -%> <% end -%>
<% end -%> <% end -%>
<% if @sshd_config_hostcertificate_real -%> <% if @sshd_config_hostcertificate_real -%>
HostCertificate <%= @sshd_config_hostcertificate_real %> <% @sshd_config_hostcertificate_real.each do |cert| -%>
HostCertificate <%= cert %>
<% end -%>
<% end -%> <% end -%>
<% if @sshd_config_trustedusercakeys_real -%> <% if @sshd_config_trustedusercakeys_real -%>
TrustedUserCAKeys <%= @sshd_config_trustedusercakeys_real %> TrustedUserCAKeys <%= @sshd_config_trustedusercakeys_real %>