puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Ability to use hiera_array for sshd_config's deny/allow users

Browse Source
This commit is contained in:
gmcgrath 2014-07-21 02:31:14 -04:00 committed by Garrett Honeycutt
parent 5c097ef286
commit ec91c40a5a
2 changed files with 38 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
manifests/init.pp
View File

@ -366,22 +366,6 @@ class ssh (
validate_array($sshd_config_macs) validate_array($sshd_config_macs)
} }
if $sshd_config_denyusers != undef {
validate_array($sshd_config_denyusers)
}
if $sshd_config_denygroups != undef {
validate_array($sshd_config_denygroups)
}
if $sshd_config_allowusers != undef {
validate_array($sshd_config_allowusers)
}
if $sshd_config_allowgroups != undef {
validate_array($sshd_config_allowgroups)
}
if $ssh_config_hash_known_hosts_real != undef { if $ssh_config_hash_known_hosts_real != undef {
validate_re($ssh_config_hash_known_hosts_real, '^(yes|no)$', "ssh::ssh_config_hash_known_hosts may be either 'yes' or 'no' and is set to <${ssh_config_hash_known_hosts_real}>.") validate_re($ssh_config_hash_known_hosts_real, '^(yes|no)$', "ssh::ssh_config_hash_known_hosts may be either 'yes' or 'no' and is set to <${ssh_config_hash_known_hosts_real}>.")
} }
@ -499,6 +483,40 @@ class ssh (
$supported_loglevel_vals=['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE'] $supported_loglevel_vals=['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE']
validate_re($sshd_config_loglevel, $supported_loglevel_vals) validate_re($sshd_config_loglevel, $supported_loglevel_vals)
#enable hiera merging for allow groups and allow users
if $hiera_merge_real == true {
$real_sshd_config_denygroups = hiera_array('ssh::sshd_config_denygroups', undef)
$real_sshd_config_denyusers = hiera_array('ssh::sshd_config_denyusers', undef)
$real_sshd_config_allowgroups = hiera_array('ssh::sshd_config_allowgroups', undef)
$real_sshd_config_allowusers = hiera_array('ssh::sshd_config_allowusers', undef)
}
else{
$real_sshd_config_denygroups = $sshd_config_denygroups
$real_sshd_config_denyusers = $sshd_config_denyusers
$real_sshd_config_allowgroups = $sshd_config_allowgroups
$real_sshd_config_allowusers = $sshd_config_allowusers
}
if $real_sshd_config_denyusers != undef {
validate_array($real_sshd_config_denyusers)
}
if $real_sshd_config_denygroups != undef {
validate_array($real_sshd_config_denygroups)
}
if $real_sshd_config_allowusers != undef {
validate_array($real_sshd_config_allowusers)
}
if $real_sshd_config_allowgroups != undef {
validate_array($real_sshd_config_allowgroups)
}
package { $packages_real: package { $packages_real:
ensure => installed, ensure => installed,
source => $ssh_package_source_real, source => $ssh_package_source_real,

8
templates/sshd_config.erb
View File

@ -167,14 +167,14 @@ Ciphers <%= @sshd_config_ciphers.join(',') %>
MACs <%= @sshd_config_macs.join(',') %> MACs <%= @sshd_config_macs.join(',') %>
<% end -%> <% end -%>
<% if @sshd_config_denyusers -%> <% if @sshd_config_denyusers -%>
DenyUsers <%= @sshd_config_denyusers.join(' ') %> DenyUsers <%= @real_sshd_config_denyusers.join(' ') %>
<% end -%> <% end -%>
<% if @sshd_config_denygroups -%> <% if @sshd_config_denygroups -%>
DenyGroups <%= @sshd_config_denygroups.join(' ') %> DenyGroups <%= @real_sshd_config_denygroups.join(' ') %>
<% end -%> <% end -%>
<% if @sshd_config_allowusers -%> <% if @sshd_config_allowusers -%>
AllowUsers <%= @sshd_config_allowusers.join(' ') %> AllowUsers <%= @real_sshd_config_allowusers.join(' ') %>
<% end -%> <% end -%>
<% if @sshd_config_allowgroups -%> <% if @sshd_config_allowgroups -%>
AllowGroups <%= @sshd_config_allowgroups.join(' ') %> AllowGroups <%= @real_sshd_config_allowgroups.join(' ') %>
<% end -%> <% end -%>