1 # store ssh authorized_keys snippets that roles on different hosts can then
2 # collect using ssh::authorized_key_collect
4 define ssh::authorized_key_add(
9 Array[Stdlib::IP::Address] $from_hosts = $base::public_addresses,
11 $from = $from_hosts.join(',')
13 if (size(split($key, "\n")) > 1) {
14 fail('More than one line in key for ssh::authorized_key')
16 if (size(split($command, '"')) > 1) {
17 fail('command must not contain double quotes')
19 if (size(split($from, '"')) > 1) {
20 fail('from_hosts must not contain double quotes')
23 $from_space = $from_hosts.join(' ')
25 @@concat::fragment { "ssh::authorized_key::${name} ${target_user} ${from}":
26 tag => "ssh::authorized_key::fragment::${collect_tag}::${target_user}",
27 target => "/etc/ssh/userkeys/${target_user}",
30 command="${command}",from="${from}",restrict ${key}
34 @@ferm::rule { "ssh-${target_user}-${name}":
35 tag => "ssh::authorized_key::ferm::${collect_tag}::${target_user}",
36 description => "allow ssh for ssh to ${target_user}",
39 rule => "saddr (${from_space}) ACCEPT",