Showing with 91 additions and 4 deletions.
  1. +1 −1 Modulefile
  2. +9 −0 README.md
  3. +22 −2 manifests/init.pp
  4. +59 −1 spec/classes/init_spec.rb
2 changes: 1 addition & 1 deletion Modulefile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name 'ghoneycutt-ssh'
version '3.5.0'
version '3.6.0'
source 'git://github.com/ghoneycutt/puppet-module-ssh.git'
author 'ghoneycutt'
license 'Apache License, Version 2.0'
Expand Down
9 changes: 9 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,15 @@ This module has been tested to work on the following systems with Puppet v3.

# Parameters #

hiera_merge
-----------
Boolean to merges all found instances of ssh::keys in Hiera. This is useful for specifying
SSH keys at different levels of the hierarchy and having them all included in the catalog.

This will default to 'true' in future versions.

- *Default*: false

ssh_config_hash_known_hosts
---------------------------
HashKnownHosts in ssh_config.
Expand Down
24 changes: 22 additions & 2 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
# Manage ssh client and server
#
class ssh (
$hiera_merge = false,
$packages = 'USE_DEFAULTS',
$permit_root_login = 'yes',
$purge_keys = 'true',
Expand Down Expand Up @@ -66,6 +67,19 @@
fail('ssh::sshd_config_banner must be set to be able to use sshd_banner_content.')
}

case type($hiera_merge) {
'string': {
validate_re($hiera_merge, '^(true|false)$', "ssh::hiera_merge may be either 'true' or 'false' and is set to <${hiera_merge}>.")
$hiera_merge_real = str2bool($hiera_merge)
}
'boolean': {
$hiera_merge_real = $hiera_merge
}
default: {
fail('ssh::hiera_merge type must be true or false.')
}
}

case type($ssh_config_sendenv_xmodifiers) {
'string': {
$ssh_config_sendenv_xmodifiers_real = str2bool($ssh_config_sendenv_xmodifiers)
Expand Down Expand Up @@ -264,7 +278,13 @@

# manage users' ssh authorized keys if present
if $keys != undef {
validate_hash($keys)
create_resources(ssh_authorized_key, $keys)
if $hiera_merge_real == true {
$keys_real = hiera_hash('ssh::keys')
} else {
$keys_real = $keys
notice('Future versions of the ssh module will default ssh::hiera_merge_real to true')
}
validate_hash($keys_real)
create_resources('ssh_authorized_key', $keys_real)
}
}
60 changes: 59 additions & 1 deletion spec/classes/init_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -532,7 +532,7 @@

it 'should fail' do
expect {
should include_class('ssh')
should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh_config_hash_known_hosts may be either \'yes\' or \'no\' and is set to <invalid>./)
end
end
Expand Down Expand Up @@ -840,4 +840,62 @@
}.to raise_error(Puppet::Error)
end
end

describe 'with hiera_merge parameter specified' do
context 'as a non-boolean or non-string' do
let(:params) { { :hiera_merge => ['not_a_boolean','or_a_string'] } }
let(:facts) do
{ :osfamily => 'RedHat',
:lsbmajdistrelease => '6',
}
end

it 'should fail' do
expect { should raise_error(Puppet::Error) }
end
end

context 'as an invalid string' do
let(:params) { { :hiera_merge => 'invalid_string' } }
let(:facts) do
{ :osfamily => 'RedHat',
:lsbmajdistrelease => '6',
}
end

it 'should fail' do
expect { should raise_error(Puppet::Error,/^ssh::hiera_merge may be either 'true' or 'false' and is set to <invalid_string>./) }
end
end

['true',true].each do |value|
context "as #{value}" do
let(:params) { { :hiera_merge => value } }
let(:facts) do
{ :osfamily => 'RedHat',
:lsbmajdistrelease => '6',
}
end

it { should compile.with_all_deps }

it { should contain_class('ssh') }
end
end

['false',false].each do |value|
context "as #{value}" do
let(:params) { { :hiera_merge => value } }
let(:facts) do
{ :osfamily => 'RedHat',
:lsbmajdistrelease => '6',
}
end

it { should compile.with_all_deps }

it { should contain_class('ssh') }
end
end
end
end