.github/workflows/ci.yaml

@@ -15,11 +15,11 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - ruby: 2.7.0
+          - ruby: 2.7.6
             puppet: 7
             fixtures: .fixtures.yml
             allow_failure: false
-          - ruby: 2.7.0
+          - ruby: 2.7.6
             puppet: 7
             fixtures: .fixtures-latest.yml
             allow_failure: true
@@ -50,7 +50,9 @@ jobs:
           - "debian-10"
           - "centos-7"
           - "rocky-8"
+          - "rocky-9"
           - "ubuntu-1804"
+          - "ubuntu-2204"
         puppet:
           - "puppet7"
     env:

CHANGELOG.md

@@ -2,6 +2,14 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [v4.1.0](https://github.com/ghoneycutt/puppet-module-ssh/tree/v4.1.0) (2023-04-06)
+
+[Full Changelog](https://github.com/ghoneycutt/puppet-module-ssh/compare/v4.0.0...v4.1.0)
+
+### UNCATEGORIZED PRS; LABEL THEM ON GITHUB
+
+- OS support updates and manage config.d files [\#402](https://github.com/ghoneycutt/puppet-module-ssh/pull/402) ([treydock](https://github.com/treydock))
+
 ## [v4.0.0](https://github.com/ghoneycutt/puppet-module-ssh/tree/v4.0.0) (2022-11-28)
 
 [Full Changelog](https://github.com/ghoneycutt/puppet-module-ssh/compare/v3.62.0...v4.0.0)
@@ -78,7 +86,7 @@ All notable changes to this project will be documented in this file. The format
 ### UNCATEGORIZED PRS; LABEL THEM ON GITHUB
 
 - Disable ServerkeyBits on RHEL 7.4 and later [\#278](https://github.com/ghoneycutt/puppet-module-ssh/pull/278) ([tuxmea](https://github.com/tuxmea))
-- Fixing an inaccuracy within README.md [\#266](https://github.com/ghoneycutt/puppet-module-ssh/pull/266) ([zyamada](https://github.com/zyamada))
+- Fixing an inaccuracy within README.md [\#266](https://github.com/ghoneycutt/puppet-module-ssh/pull/266) ([meowomancer](https://github.com/meowomancer))
 
 ## [v3.57.0](https://github.com/ghoneycutt/puppet-module-ssh/tree/v3.57.0) (2017-12-11)
 
@@ -558,7 +566,6 @@ All notable changes to this project will be documented in this file. The format
 
 - Add macs params [\#72](https://github.com/ghoneycutt/puppet-module-ssh/pull/72) ([ghoneycutt](https://github.com/ghoneycutt))
 - Add ability to specify Ciphers option in ssh\_config and sshd\_config [\#71](https://github.com/ghoneycutt/puppet-module-ssh/pull/71) ([ghoneycutt](https://github.com/ghoneycutt))
-- Add StrictModes parameter for sshd [\#68](https://github.com/ghoneycutt/puppet-module-ssh/pull/68) ([ghoneycutt](https://github.com/ghoneycutt))
 
 ## [v3.12.0](https://github.com/ghoneycutt/puppet-module-ssh/tree/v3.12.0) (2014-05-22)
 
@@ -574,6 +581,7 @@ All notable changes to this project will be documented in this file. The format
 
 ### UNCATEGORIZED PRS; LABEL THEM ON GITHUB
 
+- Add StrictModes parameter for sshd [\#68](https://github.com/ghoneycutt/puppet-module-ssh/pull/68) ([ghoneycutt](https://github.com/ghoneycutt))
 - Add version dependency to firewall module to support Forge [\#65](https://github.com/ghoneycutt/puppet-module-ssh/pull/65) ([ghoneycutt](https://github.com/ghoneycutt))
 
 ## [v3.10.0](https://github.com/ghoneycutt/puppet-module-ssh/tree/v3.10.0) (2014-05-16)
@@ -721,4 +729,4 @@ All notable changes to this project will be documented in this file. The format
 
 
 
-\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
+\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*

Gemfile

@@ -17,32 +17,23 @@ ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments
 minor_version = ruby_version_segments[0..1].join('.')
 
 group :development do
-  gem "facter", '< 4.0',                                         require: false
-  gem "fast_gettext", '1.1.0',                                   require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0')
-  gem "fast_gettext",                                            require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0')
-  gem "json_pure", '<= 2.0.1',                                   require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0')
-  gem "json", '= 1.8.1',                                         require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9')
-  gem "json", '= 2.0.4',                                         require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-  gem "json", '= 2.1.0',                                         require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-  gem "rb-readline", '= 0.5.5',                                  require: false, platforms: [:mswin, :mingw, :x64_mingw]
-  gem "puppet-module-posix-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby]
-  gem "puppet-module-posix-dev-r#{minor_version}", '~> 1.0',     require: false, platforms: [:ruby]
-  gem "puppet-module-win-default-r#{minor_version}", '~> 1.0',   require: false, platforms: [:mswin, :mingw, :x64_mingw]
-  gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0',       require: false, platforms: [:mswin, :mingw, :x64_mingw]
-  gem "puppet-lint-param-docs",                                  require: false
-  gem "voxpupuli-puppet-lint-plugins", '>= 3.0',                 require: false
-  gem "github_changelog_generator",                              require: false, git: 'https://github.com/skywinder/github-changelog-generator', ref: '20ee04ba1234e9e83eb2ffb5056e23d641c7a018' if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2')
+  gem "voxpupuli-test", '5.4.1',    require: false
+  gem "faraday", '~> 1.0',          require: false
+  gem "github_changelog_generator", require: false
+  gem "puppet-blacksmith",          require: false
+  gem "puppet-strings",             require: false
+  gem "rubocop-performance",        require: false
 end
 group :system_tests do
-  gem "puppet-module-posix-system-r#{minor_version}", '~> 0.5',                  require: false, platforms: [:ruby]
-  gem "puppet-module-win-system-r#{minor_version}", '~> 0.5',                    require: false, platforms: [:mswin, :mingw, :x64_mingw]
-  gem "beaker", *location_for(ENV['BEAKER_VERSION'] || '~> 4.0')
+  gem "beaker", *location_for(ENV['BEAKER_VERSION'] || '~> 4.29')
   gem "beaker-abs", *location_for(ENV['BEAKER_ABS_VERSION'] || '~> 0.1')
   gem "beaker-pe",                                                               require: false
   gem "beaker-hostgenerator"
   gem "beaker-rspec"
   gem "beaker-docker"
   gem "beaker-puppet"
+  gem "beaker-puppet_install_helper",                                            require: false
+  gem "beaker-module_install_helper",                                            require: false
 end
 
 puppet_version = ENV['PUPPET_GEM_VERSION']

README.md

@@ -29,12 +29,15 @@ known to work on many, many platforms since its creation in 2010.
 
 ### Known to work
 
+ * Archlinux
  * Debian 10
  * Debian 11
  * EL 7
  * EL 8
+ * EL 9
  * Ubuntu 18.04 LTS
  * Ubuntu 20.04 LTS
+ * Ubuntu 22.04 LTS
  * Solaris 10
  * Solaris 11
 
@@ -115,6 +118,72 @@ ssh::config_entry { 'jenkins github.com':
 }
 ```
 
+# Manage configurations files in .d directories
+SSH supports configuration files in .d directories via the `include` directive. This module enables you to also manage these files. You need to set directives for the server (eg: /etc/ssh/sshd_config.d) and client (eg: /etc/ssh/ssh_config.d) part seperatly as they support different directives.
+
+You can activate the management by ensuring `$include` is defined and pass a hash with the needed SSH directives and their values.
+Directives can be passed as hash via the `$ssh::config_files` and `$ssh::server::config_files` parameters. Directives passed as hash via `lines` will be checked for correct names and values. Directives passed as array via `custom` will not be checked and will be added to the configuration file. Similar to the main configuration files.
+
+Different file permissions can be specified via `owner`, `group`, or `mode`.
+You can remove a file by setting `ensure` to `absent`.
+
+## Sample usage:
+Manage the client configuration file /etc/ssh/ssh_config.d/50-redhat.conf with some directives and default file permissions (0644 root:root).
+``` yaml
+ssh::include: /etc/ssh/ssh_config.d/*.conf
+ssh::config_files:
+  '50-redhat':
+    lines:
+      Match: 'final all'
+      Include: '/etc/crypto-policies/back-ends/openssh.config'
+      GSSAPIAuthentication: 'yes'
+      ForwardX11Trusted: 'yes'
+```
+
+Manage the server configuration file /etc/ssh/sshd_config.d/50-redhat.conf with some directives and default file permissions (0600 root:root).
+``` yaml
+ssh::server::include: /etc/ssh/sshd_config.d/*.conf
+ssh::server::config_files:
+  '50-redhat':
+    lines:
+      Include: '/etc/crypto-policies/back-ends/opensshserver.config'
+      SyslogFacility: 'AUTHPRIV'
+      ChallengeResponseAuthentication: 'no'
+      GSSAPIAuthentication: 'yes'
+      GSSAPICleanupCredentials: 'no'
+      UsePAM: 'yes'
+      X11Forwarding: 'yes'
+      PrintMotd: 'no'
+```
+You can also specify different file permissions by setting $owner, $group, or $mode accordingly:
+``` yaml
+ssh::include: /etc/ssh/ssh_config.d/*.conf
+ssh::config_files:
+  '50-redhat':
+    owner: 'name'
+    group: 'group'
+    mode:  '0664'
+    lines:
+      Match: 'final all'
+      GSSAPIAuthentication: 'yes'
+```
+Using directives that are not supported by this module:
+``` yaml
+ssh::include: /etc/ssh/ssh_config.d/*.conf
+ssh::config_files:
+  '50-redhat':
+    custom:
+      - 'Directive1 Value1'
+      - 'Directive2 Value2'
+```
+
+Remove the file /etc/ssh/ssh_config.d/50-redhat.conf:
+``` yaml
+ssh::include: /etc/ssh/ssh_config.d/*.conf
+ssh::config_files:
+  '50-redhat':
+    ensure: 'absent'
+```
 
 ## Upgrading