1 # store ssh authorized_keys snippets that roles on different hosts can then
2 # collect using ssh::authorized_key_collect
4 define ssh::authorized_key_add(
9 String $restrict = 'restrict',
10 Array[Stdlib::IP::Address] $from_hosts = $base::public_addresses,
12 $from = $from_hosts.join(',')
14 if (size(split($key, "\n")) > 1) {
15 fail('More than one line in key for ssh::authorized_key')
17 if (size(split($command, '"')) > 1) {
18 fail('command must not contain double quotes')
20 if (size(split($from, '"')) > 1) {
21 fail('from_hosts must not contain double quotes')
24 $from_space = $from_hosts.join(' ')
27 @@concat::fragment { "ssh::authorized_key::${name} ${target_user} from ${::hostname}":
28 tag => "ssh::authorized_key::fragment::${collect_tag}::${target_user}",
29 target => "/etc/ssh/userkeys/${target_user}",
33 command="${command}",from="${from}",${restrict} ${key}
37 notify{ "Warning, ssh key for ${name}, ${target_user} not defined (yet?).": }
40 @@ferm::rule { "ssh-${collect_tag}_${target_user}-${name}_from_${::hostname}":
41 tag => "ssh::authorized_key::ferm::${collect_tag}::${target_user}",
42 description => "allow ssh for ssh to ${target_user}",
45 rule => "saddr (${from_space}) ACCEPT",