Merge pull request #333 from jhoblitt/IT-3497/negated-criteria

fix support for negated ssh client match block criteria
saz · Aug 4, 2022 · ec47d72 · ec47d72
2 parents 5cc99ac + 7f1a892
commit ec47d72
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 7 deletions.
diff --git a/spec/acceptance/client_spec.rb b/spec/acceptance/client_spec.rb
@@ -15,12 +15,19 @@ class { 'ssh':
               'GSSAPIDelegateCredentials' => "yes",
             },
             client_match_block => {
-              '!foo' => {
-                'type'    => 'user',
+              'foo' => {
+                'type'    => '!localuser',
                 'options' => {
                   'ProxyCommand' => '/usr/bin/sss_ssh_knownhostsproxy -p %p %h',
                 },
               },
+              'bar' => {
+                'type' => 'host',
+                'options' => {
+                  'ForwardX11' => 'no',
+                  'PasswordAuthentication' => 'yes',
+                },
+              },
             },
           }
         PP
@@ -43,7 +50,10 @@ class { 'ssh':
             Host *
                 HashKnownHosts yes
                 SendEnv LANG LC_*
-            Match user !foo
+            Match host bar
+                ForwardX11 no
+                PasswordAuthentication yes
+            Match !localuser foo
                 ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
           SSH
         end

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -187,8 +187,8 @@
         let :params do
           {
             client_match_block: {
-              '!foo' => {
-                'type' => 'user',
+              'foo' => {
+                'type' => '!localuser',
                 'options' => {
                   'ProxyCommand' => '/usr/bin/sss_ssh_knownhostsproxy -p %p %h',
                 },
@@ -205,8 +205,8 @@
         end
 
         it do
-          is_expected.not_to contain_ssh__client__matchblock('!foo').with(
-            type: 'user',
+          is_expected.not_to contain_ssh__client__matchblock('foo').with(
+            type: '!localuser',
             options: {
               'ProxyCommand' => '/usr/bin/sss_ssh_knownhostsproxy -p %p %h',
             },

diff --git a/spec/type_aliases/sshclientmatch_spec.rb b/spec/type_aliases/sshclientmatch_spec.rb
@@ -4,13 +4,21 @@
 
 describe 'Ssh::ClientMatch' do
   known_criteria = %w[
+    !all
     all
+    !canonical
     canonical
+    !exec
     exec
+    !final
     final
+    !host
     host
+    !localuser
     localuser
+    !originalhost
     originalhost
+    !user
     user
   ]
   it { is_expected.to allow_values(*known_criteria) }

diff --git a/types/clientmatch.pp b/types/clientmatch.pp
@@ -1,11 +1,19 @@
 # OpenSSH client `Match` criteria. See `ssh_config(5)`
 type Ssh::ClientMatch = Enum[
+  '!all',
   'all',
+  '!canonical',
   'canonical',
+  '!exec',
   'exec',
+  '!final',
   'final',
+  '!host',
   'host',
+  '!localuser',
   'localuser',
+  '!originalhost',
   'originalhost',
+  '!user',
   'user',
 ]