Merge pull request #48 from ghoneycutt/hiera_merge

Hiera merge

README.md

@@ -20,6 +20,15 @@ This module has been tested to work on the following systems with Puppet v3.
 
 # Parameters #
 
+hiera_merge
+-----------
+Boolean to merges all found instances of ssh::keys in Hiera. This is useful for specifying
+SSH keys at different levels of the hierarchy and having them all included in the catalog.
+
+This will default to 'true' in future versions.
+
+- *Default*: false
+
 ssh_config_hash_known_hosts
 ---------------------------
 HashKnownHosts in ssh_config.

manifests/init.pp

@@ -3,6 +3,7 @@
 # Manage ssh client and server
 #
 class ssh (
+  $hiera_merge                      = false,
   $packages                         = 'USE_DEFAULTS',
   $permit_root_login                = 'yes',
   $purge_keys                       = 'true',
@@ -66,6 +67,19 @@ class ssh (
     fail('ssh::sshd_config_banner must be set to be able to use sshd_banner_content.')
   }
 
+  case type($hiera_merge) {
+    'string': {
+      validate_re($hiera_merge, '^(true|false)$', "ssh::hiera_merge may be either 'true' or 'false' and is set to <${hiera_merge}>.")
+      $hiera_merge_real = str2bool($hiera_merge)
+    }
+    'boolean': {
+      $hiera_merge_real = $hiera_merge
+    }
+    default: {
+      fail('ssh::hiera_merge type must be true or false.')
+    }
+  }
+
   case type($ssh_config_sendenv_xmodifiers) {
     'string': {
       $ssh_config_sendenv_xmodifiers_real = str2bool($ssh_config_sendenv_xmodifiers)
@@ -264,7 +278,13 @@ class ssh (
 
   # manage users' ssh authorized keys if present
   if $keys != undef {
-    validate_hash($keys)
+    if $hiera_merge_real == true {
-    create_resources(ssh_authorized_key, $keys)
+      $keys_real = hiera_hash('ssh::keys')
+    } else {
+      $keys_real = $keys
+      notice('Future versions of the ssh module will default ssh::hiera_merge_real to true')
+    }
+    validate_hash($keys_real)
+    create_resources('ssh_authorized_key', $keys_real)
   }
 }

spec/classes/init_spec.rb

@@ -840,4 +840,62 @@ describe 'ssh' do
       }.to raise_error(Puppet::Error)
     end
   end
+
+  describe 'with hiera_merge parameter specified' do
+    context 'as a non-boolean or non-string' do
+      let(:params) { { :hiera_merge => ['not_a_boolean','or_a_string'] } }
+      let(:facts) do
+        { :osfamily          => 'RedHat',
+          :lsbmajdistrelease => '6',
+        }
+      end
+
+      it 'should fail' do
+        expect { should raise_error(Puppet::Error) }
+      end
+    end
+
+    context 'as an invalid string' do
+      let(:params) { { :hiera_merge => 'invalid_string' } }
+      let(:facts) do
+        { :osfamily          => 'RedHat',
+          :lsbmajdistrelease => '6',
+        }
+      end
+
+      it 'should fail' do
+        expect { should raise_error(Puppet::Error,/^ssh::hiera_merge may be either 'true' or 'false' and is set to <invalid_string>./) }
+      end
+    end
+
+    ['true',true].each do |value|
+      context "as #{value}" do
+        let(:params) { { :hiera_merge => value } }
+        let(:facts) do
+          { :osfamily          => 'RedHat',
+            :lsbmajdistrelease => '6',
+          }
+        end
+
+        it { should compile.with_all_deps }
+
+        it { should contain_class('ssh') }
+      end
+    end
+
+    ['false',false].each do |value|
+      context "as #{value}" do
+        let(:params) { { :hiera_merge => value } }
+        let(:facts) do
+          { :osfamily          => 'RedHat',
+            :lsbmajdistrelease => '6',
+          }
+        end
+
+        it { should compile.with_all_deps }
+
+        it { should contain_class('ssh') }
+      end
+    end
+  end
 end