Showing with 120 additions and 4 deletions.

+4 −0 CHANGELOG.md

+14 −0 README.md

+16 −0 manifests/init.pp

+1 −1 metadata.json

+80 −1 spec/classes/init_spec.rb

+5 −2 templates/ssh_config.erb
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+### v3.41.0 - 2016-06-20
+  * Add ability to specify an array for GlobalKnownHostsFile in ssh_config.
+  * Add support for UserKnownHostsFile in ssh_config.
+
 ### v3.40.0 - 2016-06-09
   * Add ability to specify multiple ports
 

diff --git a/README.md b/README.md
@@ -640,6 +640,13 @@ File of the global known_hosts file
 
 - *Default*: '/etc/ssh/ssh_known_hosts'
 
+ssh_config_global_known_hosts_list
+----------------------------------
+Array of additional known_hosts files to be added to GlobalKnownHostsFile
+option together with `ssh_config_global_known_hosts_file`.
+
+- *Default*: undef
+
 ssh_config_global_known_hosts_owner
 ----------------------------------
 Owner of the global known_hosts file
@@ -658,6 +665,13 @@ File mode of the global known_hosts file
 
 - *Default*: '0644'
 
+ssh_config_user_known_hosts_file
+--------------------------------
+Array of user's known_hosts files used in the ssh config option
+UserKnownHostsFile.
+
+- *Default*: undef
+
 manage_root_ssh_config
 ----------------------
 Manage SSH config of root. Valid values are 'true' and 'false'.

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -95,9 +95,11 @@
   $ssh_key_import                      = true,
   $ssh_key_type                        = 'ssh-rsa',
   $ssh_config_global_known_hosts_file  = '/etc/ssh/ssh_known_hosts',
+  $ssh_config_global_known_hosts_list  = undef,
   $ssh_config_global_known_hosts_owner = 'root',
   $ssh_config_global_known_hosts_group = 'root',
   $ssh_config_global_known_hosts_mode  = '0644',
+  $ssh_config_user_known_hosts_file    = undef,
   $keys                                = undef,
   $manage_root_ssh_config              = false,
   $root_ssh_config_content             = "# This file is being maintained by Puppet.\n# DO NOT EDIT\n",
@@ -647,6 +649,20 @@
   }
 
   validate_absolute_path($ssh_config_global_known_hosts_file)
+  $ssh_config_global_known_hosts_file_real = any2array($ssh_config_global_known_hosts_file)
+
+  if $ssh_config_global_known_hosts_list != undef {
+    validate_array($ssh_config_global_known_hosts_list)
+    validate_absolute_path($ssh_config_global_known_hosts_list)
+    $ssh_config_global_known_hosts_list_real = concat($ssh_config_global_known_hosts_file_real, $ssh_config_global_known_hosts_list)
+  } else {
+    $ssh_config_global_known_hosts_list_real = $ssh_config_global_known_hosts_file_real
+  }
+
+  if $ssh_config_user_known_hosts_file != undef {
+    validate_array($ssh_config_user_known_hosts_file)
+  }
+
   validate_string($ssh_config_global_known_hosts_owner)
   validate_string($ssh_config_global_known_hosts_group)
   validate_re($ssh_config_global_known_hosts_mode, '^[0-7]{4}$',

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "ghoneycutt-ssh",
-  "version": "3.40.0",
+  "version": "3.41.0",
   "author": "ghoneycutt",
   "summary": "Manages SSH",
   "license": "Apache-2.0",

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -327,6 +327,12 @@
                                                  'hmac-sha1-etm@openssh.com',
         ],
         :ssh_config_global_known_hosts_file => '/etc/ssh/ssh_known_hosts2',
+        :ssh_config_global_known_hosts_list => [ '/etc/ssh/ssh_known_hosts3',
+					         '/etc/ssh/ssh_known_hosts4',
+	],
+        :ssh_config_user_known_hosts_file   => [ '.ssh/known_hosts1',
+                                                 '.ssh/known_hosts2',
+        ],
         :ssh_hostbasedauthentication        => 'yes',
         :ssh_strict_host_key_checking       => 'ask',
         :ssh_enable_ssh_keysign             => 'yes',
@@ -358,7 +364,8 @@
     it { should contain_file('ssh_config').with_content(/^  SendEnv XMODIFIERS$/) }
     it { should contain_file('ssh_config').with_content(/^\s*Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc$/) }
     it { should contain_file('ssh_config').with_content(/^\s*MACs hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com$/) }
-    it { should contain_file('ssh_config').with_content(/^\s*GlobalKnownHostsFile \/etc\/ssh\/ssh_known_hosts2$/) }
+    it { should contain_file('ssh_config').with_content(/^\s*GlobalKnownHostsFile \/etc\/ssh\/ssh_known_hosts2 \/etc\/ssh\/ssh_known_hosts3 \/etc\/ssh\/ssh_known_hosts4$/) }
+    it { should contain_file('ssh_config').with_content(/^\s*UserKnownHostsFile \.ssh\/known_hosts1 \.ssh\/known_hosts2$/) }
     it { should contain_file('ssh_config').with_content(/^\s*HostbasedAuthentication yes$/) }
     it { should contain_file('ssh_config').with_content(/^\s*StrictHostKeyChecking ask$/) }
     it { should contain_file('ssh_config').with_content(/^\s*EnableSSHKeysign yes$/) }
@@ -2290,6 +2297,78 @@
     end
   end
 
+  describe 'with parameter ssh_config_global_known_hosts_list' do
+    let :facts do
+      default_facts.merge(
+        {
+        }
+      )
+    end
+
+    context 'when set to an array of valid absolute paths' do
+      let (:params) {{'ssh_config_global_known_hosts_list' => ['/valid/path1','/valid/path2'] }}
+
+      it { should contain_file('ssh_config').with_content(/^\s*GlobalKnownHostsFile.*\/valid\/path1 \/valid\/path2$/) }
+    end
+
+    context 'specified as an invalid path' do
+      let(:params) {{ :ssh_config_global_known_hosts_list => ['/valid/path','invalid/path'] }}
+
+      it 'should fail' do
+        expect {
+          should contain_class('ssh')
+        }.to raise_error(Puppet::Error,/\"invalid\/path\" is not an absolute path\./)
+      end
+    end
+
+    ['YES',true,2.42,a = { 'ha' => 'sh' }].each do |value|
+       context "specified as invalid value #{value} (as #{value.class})" do
+         let(:params) { { :ssh_config_global_known_hosts_list => value } }
+
+         if value.is_a?(Hash)
+           value = '{ha => sh}'
+         end
+
+         it 'should fail' do
+           expect {
+             should contain_class('ssh')
+           }.to raise_error(Puppet::Error, /is not an Array/)
+         end
+       end
+     end
+  end
+
+  describe 'with parameter ssh_config_user_known_hosts_file' do
+    let :facts do
+      default_facts.merge(
+        {
+        }
+      )
+    end
+
+    context 'when set to an array of paths' do
+      let (:params) {{'ssh_config_user_known_hosts_file' => ['valid/path1','/valid/path2'] }}
+
+      it { should contain_file('ssh_config').with_content(/^\s*UserKnownHostsFile valid\/path1 \/valid\/path2$/) }
+    end
+
+    ['YES',true,2.42,a = { 'ha' => 'sh' }].each do |value|
+       context "specified as invalid value #{value} (as #{value.class})" do
+         let(:params) { { :ssh_config_user_known_hosts_file => value } }
+
+         if value.is_a?(Hash)
+           value = '{ha => sh}'
+         end
+
+         it 'should fail' do
+           expect {
+             should contain_class('ssh')
+           }.to raise_error(Puppet::Error, /is not an Array/)
+         end
+       end
+     end
+  end
+
   describe 'with parameter ssh_config_global_known_hosts_owner' do
     let :facts do
       default_facts.merge(

diff --git a/templates/ssh_config.erb b/templates/ssh_config.erb
@@ -57,8 +57,8 @@
 <% if @ssh_config_hash_known_hosts_real != nil -%>
    HashKnownHosts <%= @ssh_config_hash_known_hosts_real %>
 <% end -%>
-<% if @ssh_config_global_known_hosts_file -%>
-   GlobalKnownHostsFile <%= @ssh_config_global_known_hosts_file %>
+<% if @ssh_config_global_known_hosts_list_real -%>
+   GlobalKnownHostsFile <%= @ssh_config_global_known_hosts_list_real.join(' ') %>
 <% end -%>
 Host *
 #  GSSAPIAuthentication yes
@@ -100,3 +100,6 @@ GSSAPIDelegateCredentials <%= @ssh_gssapidelegatecredentials %>
 # EnableSSHKeysign no
   EnableSSHKeysign <%= @ssh_enable_ssh_keysign %>
 <% end -%>
+<% if @ssh_config_user_known_hosts_file -%>
+  UserKnownHostsFile <%= @ssh_config_user_known_hosts_file.join(' ') %>
+<% end -%>