Showing with 91 additions and 19 deletions.

+1 −1 Modulefile

+6 −0 README.md

+5 −0 manifests/init.pp

+1 −16 metadata.json

+71 −0 spec/classes/init_spec.rb

+7 −2 templates/sshd_config.erb
diff --git a/Modulefile b/Modulefile
@@ -1,5 +1,5 @@
 name    'ghoneycutt-ssh'
-version '3.21.0'
+version '3.22.0'
 source 'git://github.com/ghoneycutt/puppet-module-ssh.git'
 author 'ghoneycutt'
 license 'Apache License, Version 2.0'

diff --git a/README.md b/README.md
@@ -160,6 +160,12 @@ sshd_config's mode. The default is '0600' on Linux and '0644' on Solaris.
 
 - *Default*: 'USE_DEFAULTS'
 
+sshd_listen_address
+-------------------
+String or Array to specify address(es) for which sshd will bind. Corresponds to ListenAddress in sshd_config.
+
+- *Default*: undef
+
 sshd_config_port
 ---------------------------
 String to specify listen port for sshd. Port option in sshd_config.

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -65,6 +65,7 @@
   $sshd_gssapicleanupcredentials    = 'USE_DEFAULTS',
   $sshd_acceptenv                   = 'USE_DEFAULTS',
   $sshd_config_hostkey              = 'USE_DEFAULTS',
+  $sshd_listen_address              = undef,
   $service_ensure                   = 'running',
   $service_name                     = 'USE_DEFAULTS',
   $service_enable                   = 'true',
@@ -348,6 +349,10 @@
     $sshd_config_hostkey_real = $sshd_config_hostkey
   }
 
+  if $sshd_listen_address {
+    validate_array($sshd_listen_address)
+  }
+
   if $service_hasstatus == 'USE_DEFAULTS' {
     $service_hasstatus_real = $default_service_hasstatus
   } else {

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "ghoneycutt-ssh",
-  "version": "3.21.0",
+  "version": "3.22.0",
   "author": "ghoneycutt",
   "summary": "Manages SSH",
   "license": "Apache License, Version 2.0",
@@ -81,21 +81,6 @@
   "types": [
 
   ],
-  "checksums": {
-    "CHANGELOG": "15458e8eb413081b0a9cec5ef4d51ba8",
-    "Gemfile": "6992d521994d948eb6e48acd733a07bf",
-    "Gemfile.lock": "44926a4ba8c7b0f743f80b5428f68602",
-    "LICENSE": "567e6cc3941d464d60c74d1f4abd5f46",
-    "Modulefile": "4ed3bc9b0cf23322b9833a8703923ecf",
-    "README.md": "5142cf1dea17b3807de22c2c4c6d6310",
-    "Rakefile": "8ff6a0f7db638421d1742c5d365d0266",
-    "manifests/init.pp": "8882c6076300739497333d5fd6cd7b53",
-    "spec/classes/init_spec.rb": "1417340881748aad86e4a6c272e0d304",
-    "spec/spec_helper.rb": "3ea886dd135e120afa31e0aab12e85b0",
-    "templates/ssh_config.erb": "4b811f9ebdebe44e66876957461f22d0",
-    "templates/sshd_config.erb": "881549e01eb8510377ec5c5b80feed9f",
-    "tests/init.pp": "423466ae46899d6a0480aa9910b096d2"
-  },
   "dependencies": [
     {"name":"puppetlabs/stdlib","version_requirement":">= 3.2.0"},
     {"name":"ghoneycutt/common","version_requirement":">= 1.0.2"},

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -81,6 +81,7 @@
         it { should contain_file('sshd_config').with_content(/^GSSAPIAuthentication yes$/) }
         it { should contain_file('sshd_config').with_content(/^GSSAPICleanupCredentials yes$/) }
         it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
+        it { should contain_file('sshd_config').without_content(/^\s*ListenAddress/) }
         it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
         it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange no$/) }
         it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) }
@@ -211,6 +212,7 @@
     it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) }
     it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) }
     it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) }
+    it { should contain_file('sshd_config').without_content(/^\s*ListenAddress/) }
 
     it {
       should contain_service('sshd_service').with({
@@ -312,6 +314,7 @@
     it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) }
     it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) }
     it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) }
+    it { should contain_file('sshd_config').without_content(/^\s*ListenAddress/) }
 
     it {
       should contain_service('sshd_service').with({
@@ -412,6 +415,7 @@
     it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) }
     it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) }
     it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) }
+    it { should contain_file('sshd_config').without_content(/^\s*ListenAddress/) }
 
     it {
       should contain_service('sshd_service').with({
@@ -519,6 +523,7 @@
     it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) }
     it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) }
     it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) }
+    it { should contain_file('sshd_config').without_content(/^\s*ListenAddress/) }
 
     it {
       should contain_service('sshd_service').with({
@@ -626,6 +631,7 @@
     it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) }
     it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) }
     it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) }
+    it { should contain_file('sshd_config').without_content(/^\s*ListenAddress/) }
 
     it {
       should contain_service('sshd_service').with({
@@ -733,6 +739,7 @@
     it { should contain_file('sshd_config').without_content(/^\s*DenyGroups/) }
     it { should contain_file('sshd_config').without_content(/^\s*AllowUsers/) }
     it { should contain_file('sshd_config').without_content(/^\s*AllowGroups/) }
+    it { should contain_file('sshd_config').without_content(/^\s*ListenAddress/) }
 
     it {
       should contain_service('sshd_service').with({
@@ -882,6 +889,9 @@
         :sshd_config_allowgroups         => [ 'ssh',
                                               'security',
         ],
+        :sshd_listen_address             => [ '192.168.1.1',
+                                              '2001:db8::dead:f00d',
+        ],
       }
     end
 
@@ -931,6 +941,7 @@
     it { should contain_file('sshd_config').with_content(/^\s*DenyGroups nossh wheel$/) }
     it { should contain_file('sshd_config').with_content(/^\s*AllowUsers foo bar$/) }
     it { should contain_file('sshd_config').with_content(/^\s*AllowGroups ssh security$/) }
+    it { should contain_file('sshd_config').with_content(/^ListenAddress 192.168.1.1\nListenAddress 2001:db8::dead:f00d$/) }
 
     it {
       should contain_file('sshd_banner').with({
@@ -945,6 +956,66 @@
     }
   end
 
+  describe 'sshd_listen_address param' do
+    context 'when set to an array' do
+      let :facts do
+        {
+          :fqdn      => 'monkey.example.com',
+          :osfamily  => 'RedHat',
+          :root_home => '/root',
+          :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
+        }
+      end
+      let (:params) {{'sshd_listen_address' => ['192.168.1.1','2001:db8::dead:f00d'] }}
+
+      it { should contain_file('sshd_config').with_content(/^ListenAddress 192.168.1.1\nListenAddress 2001:db8::dead:f00d$/) }
+    end
+
+    context 'when set to a string' do
+      let :facts do
+        {
+          :fqdn      => 'monkey.example.com',
+          :osfamily  => 'RedHat',
+          :root_home => '/root',
+          :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
+        }
+      end
+      let (:params) {{'sshd_listen_address' => ['192.168.1.1'] }}
+
+      it { should contain_file('sshd_config').with_content(/^ListenAddress 192.168.1.1$/) }
+    end
+
+    context 'when not set' do
+      let :facts do
+        {
+          :fqdn      => 'monkey.example.com',
+          :osfamily  => 'RedHat',
+          :root_home => '/root',
+          :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
+        }
+      end
+
+      it { should_not contain_file('sshd_config').with_content(/^\s*ListenAddress/) }
+    end
+
+
+    context 'when set to an invalid type (not string or array)' do
+      let :facts do
+        {
+          :fqdn      => 'monkey.example.com',
+          :osfamily  => 'RedHat',
+          :root_home => '/root',
+          :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
+        }
+      end
+      let (:params) {{'sshd_listen_address' => true }}
+
+      it 'should fail' do
+        expect { subject }.to raise_error(Puppet::Error)
+      end
+    end
+  end
+
   describe 'sshd_loglevel param' do
     context 'when set to an invalid value' do
       let :facts do

diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb
@@ -18,8 +18,13 @@ Port <%= @sshd_config_port %>
 #Protocol 2,1
 Protocol 2
 #AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
+<% if @sshd_listen_address.class == Array -%>
+<% @sshd_listen_address.each do |val| -%>
+ListenAddress <%= val %>
+<% end -%>
+<% elsif @sshd_listen_address.class == String -%>
+ListenAddress <%= @sshd_listen_address %>
+<% end -%>
 
 # HostKey for protocol version 1
 #HostKey /etc/ssh/ssh_host_key