Allow providing multiple tags to authorized_key_add

diff --git a/modules/ssh/manifests/authorized_key_add.pp b/modules/ssh/manifests/authorized_key_add.pp
index c1fdae3..3e700cc 100644 (file)
--- a/modules/ssh/manifests/authorized_key_add.pp
+++ b/modules/ssh/manifests/authorized_key_add.pp
@@ -5,7 +5,7 @@ define ssh::authorized_key_add(
   String $target_user,
   String $command,
   String $key,
-  String $collect_tag,
+  Variant[Array[String], String] $collect_tag,
   String $restrict = 'restrict',
   Array[Stdlib::IP::Address] $from_hosts = $base::public_addresses,
 ) {
@@ -21,11 +21,19 @@ define ssh::authorized_key_add(
     fail('from_hosts must not contain double quotes')
   }
 
+  if $collect_tag =~ String {
+    $raw_tags = [ $collect_tag ]
+  } else {
+    $raw_tags = $collect_tag
+  }
+  $ssh_tags = $raw_tags.map |$t| { "ssh::authorized_key::fragment::${t}::${target_user}" }
+  $ferm_tags = $raw_tags.map |$t| { "ssh::authorized_key::ferm::${t}::${target_user}" }
+
   $from_space = $from_hosts.join(' ')
 
   if $key {
     @@concat::fragment { "ssh::authorized_key::${name} ${target_user} from ${::hostname}":
-      tag     => "ssh::authorized_key::fragment::${collect_tag}::${target_user}",
+      tag     => $ssh_tags,
       target  => "/etc/ssh/userkeys/${target_user}",
       order   => '200',
       content => @("EOF"),
@@ -37,8 +45,8 @@ define ssh::authorized_key_add(
     notify{ "Warning, ssh key for ${name}, ${target_user} not defined (yet?).": }
   }
 
-  @@ferm::rule { "ssh-${collect_tag}_${target_user}-${name}_from_${::hostname}":
-    tag         => "ssh::authorized_key::ferm::${collect_tag}::${target_user}",
+  @@ferm::rule { "ssh-${raw_tags[0]}_${target_user}-${name}_from_${::hostname}":
+    tag         => $ssh_tags,
     description => "allow ssh for ssh to ${target_user}",
     domain      => '(ip ip6)',
     chain       => 'ssh',