Showing with 60 additions and 7 deletions.

+24 −6 README.md

+6 −0 manifests/init.pp

+1 −1 metadata.json

+26 −0 spec/classes/init_spec.rb

+3 −0 templates/sshd_config.erb
diff --git a/README.md b/README.md
@@ -2,11 +2,22 @@
 
 Manage ssh client and server.
 
-The module uses exported resources to manage ssh keys and removes ssh keys that are not managed by puppet. This behavior is managed by the parameters ssh_key_ensure and purge_keys.
+The module uses exported resources to manage ssh keys and removes ssh keys that
+are not managed by puppet. This behavior is managed by the parameters
+ssh_key_ensure and purge_keys.
+
+This module may be used with a simple `include ::ssh`
+
+===
+
+### Table of Contents
+1. [Compatibility](#compatibility)
+1. [Parameters](#parameters)
+1. [Examples](#sample-usage)
 
 ===
 
-# Compatability
+# Compatibility
 
 This module has been tested to work on the following systems with Puppet
 versions v3, v3 with future parser and v4 with  Ruby versions 1.8.7 (Puppet v3
@@ -137,6 +148,12 @@ in ssh_config.
 
 - *Default*: undef
 
+sshd_addressfamily
+----------------
+Specifies the value of the AddressFamily setting in sshd_config. Valid values are 'any', 'inet' (IPv4 only), 'inet6' (IPv6 only) and undef. A value of undef will ensure that AddressFamily is not in the configuration.
+
+- *Default*: 'any'
+
 sshd_config_path
 ----------------
 Path to sshd_config.
@@ -417,14 +434,15 @@ Match directive is supported on SSH >= 5.x.
 - *Default*: undef
 
 - *Hiera example*:
-<pre>
+
+``` yaml
 ssh::sshd_config_match:
   'User JohnDoe':
     - 'AllowTcpForwarding yes'
   'Address 2.4.2.0':
     - 'X11Forwarding yes'
     - 'PasswordAuthentication no'
-</pre>
+```
 
 keys
 ----
@@ -619,7 +637,7 @@ This works by passing the ssh::keys hash to the ssh_authorized_keys type with cr
 ## Sample usage:
 Push authorized key "root_for_userX" and remove key "root_for_userY" through Hiera.
 
-<pre>
+``` yaml
 ssh::keys:
   root_for_userX:
     ensure: present
@@ -635,4 +653,4 @@ ssh::keys:
   root_for_userY:
     ensure: absent
     user: root
-</pre>
+```
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -79,6 +79,7 @@
   $sshd_ignoreuserknownhosts           = 'no',
   $sshd_ignorerhosts                   = 'yes',
   $manage_service                      = true,
+  $sshd_addressfamily                  = 'any',
   $service_ensure                      = 'running',
   $service_name                        = 'USE_DEFAULTS',
   $service_enable                      = true,
@@ -768,4 +769,9 @@
     validate_hash($keys_real)
     create_resources('ssh_authorized_key', $keys_real)
   }
+
+  if $sshd_addressfamily != undef {
+    validate_re($sshd_addressfamily, '^(any|inet|inet6)$',
+      "ssh::sshd_addressfamily can be undef, 'any', 'inet' or 'inet6' and is set to ${sshd_addressfamily}.")
+  }
 }
diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "ghoneycutt-ssh",
-  "version": "3.32.0",
+  "version": "3.33.0",
   "author": "ghoneycutt",
   "summary": "Manages SSH",
   "license": "Apache-2.0",

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -3414,4 +3414,30 @@
     end
   end
 
+  describe 'with parameter sshd_addressfamily' do
+    let(:facts) do
+      { :fqdn      => 'monkey.example.com',
+        :osfamily  => 'RedHat',
+        :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
+      }
+    end
+
+    ['any','inet','inet6'].each do |value|
+      context "set to a valid entry of #{value}" do
+        let(:params) { { :sshd_addressfamily => value } }
+        it { should contain_file('sshd_config').with_content(/^AddressFamily #{value}$/) }
+      end
+    end
+
+    ['foo','bar',123].each do |value|
+      context "specified as invalid value #{value}" do
+        let(:params) { { :sshd_addressfamily => value } }
+        it do
+          expect {
+            should contain_class('ssh')
+          }.to raise_error(Puppet::Error,/ssh::sshd_addressfamily can be undef, 'any', 'inet' or 'inet6' and is set to/)
+        end
+      end
+    end
+  end
 end
diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb
@@ -18,6 +18,9 @@ Port <%= @sshd_config_port %>
 #Protocol 2,1
 Protocol 2
 #AddressFamily any
+<% if @sshd_addressfamily != nil -%>
+AddressFamily <%= @sshd_addressfamily %>
+<% end -%>
 <% if @sshd_listen_address.class == Array -%>
 <% @sshd_listen_address.each do |val| -%>
 ListenAddress <%= val %>