diff --git a/README.md b/README.md index c73ae9b..74de5a1 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,15 @@ This module has been tested to work on the following systems with Puppet v3. # Parameters # +hiera_merge +----------- +Boolean to merges all found instances of ssh::keys in Hiera. This is useful for specifying +SSH keys at different levels of the hierarchy and having them all included in the catalog. + +This will default to 'true' in future versions. + +- *Default*: false + ssh_config_hash_known_hosts --------------------------- HashKnownHosts in ssh_config. diff --git a/manifests/init.pp b/manifests/init.pp index 6ca47d8..938c58a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -3,6 +3,7 @@ # Manage ssh client and server # class ssh ( + $hiera_merge = false, $packages = 'USE_DEFAULTS', $permit_root_login = 'yes', $purge_keys = 'true', @@ -66,6 +67,19 @@ class ssh ( fail('ssh::sshd_config_banner must be set to be able to use sshd_banner_content.') } + case type($hiera_merge) { + 'string': { + validate_re($hiera_merge, '^(true|false)$', "ssh::hiera_merge may be either 'true' or 'false' and is set to <${hiera_merge}>.") + $hiera_merge_real = str2bool($hiera_merge) + } + 'boolean': { + $hiera_merge_real = $hiera_merge + } + default: { + fail('ssh::hiera_merge type must be true or false.') + } + } + case type($ssh_config_sendenv_xmodifiers) { 'string': { $ssh_config_sendenv_xmodifiers_real = str2bool($ssh_config_sendenv_xmodifiers) @@ -264,7 +278,13 @@ class ssh ( # manage users' ssh authorized keys if present if $keys != undef { - validate_hash($keys) - create_resources(ssh_authorized_key, $keys) + if $hiera_merge_real == true { + $keys_real = hiera_hash('ssh::keys') + } else { + $keys_real = $keys + notice('Future versions of the ssh module will default ssh::hiera_merge_real to true') + } + validate_hash($keys_real) + create_resources('ssh_authorized_key', $keys_real) } } diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 244cca2..7918ceb 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -840,4 +840,62 @@ describe 'ssh' do }.to raise_error(Puppet::Error) end end + + describe 'with hiera_merge parameter specified' do + context 'as a non-boolean or non-string' do + let(:params) { { :hiera_merge => ['not_a_boolean','or_a_string'] } } + let(:facts) do + { :osfamily => 'RedHat', + :lsbmajdistrelease => '6', + } + end + + it 'should fail' do + expect { should raise_error(Puppet::Error) } + end + end + + context 'as an invalid string' do + let(:params) { { :hiera_merge => 'invalid_string' } } + let(:facts) do + { :osfamily => 'RedHat', + :lsbmajdistrelease => '6', + } + end + + it 'should fail' do + expect { should raise_error(Puppet::Error,/^ssh::hiera_merge may be either 'true' or 'false' and is set to ./) } + end + end + + ['true',true].each do |value| + context "as #{value}" do + let(:params) { { :hiera_merge => value } } + let(:facts) do + { :osfamily => 'RedHat', + :lsbmajdistrelease => '6', + } + end + + it { should compile.with_all_deps } + + it { should contain_class('ssh') } + end + end + + ['false',false].each do |value| + context "as #{value}" do + let(:params) { { :hiera_merge => value } } + let(:facts) do + { :osfamily => 'RedHat', + :lsbmajdistrelease => '6', + } + end + + it { should compile.with_all_deps } + + it { should contain_class('ssh') } + end + end + end end