From: Peter Palfrader Date: Sun, 8 Sep 2019 07:07:57 +0000 (+0200) Subject: Allow providing multiple tags to authorized_key_add X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=d0da84bb12b150445ac26174dc0dbf8bb4186206;p=mirror%2Fdsa-puppet.git Allow providing multiple tags to authorized_key_add --- diff --git a/modules/ssh/manifests/authorized_key_add.pp b/modules/ssh/manifests/authorized_key_add.pp index c1fdae3ec..3e700cc64 100644 --- a/modules/ssh/manifests/authorized_key_add.pp +++ b/modules/ssh/manifests/authorized_key_add.pp @@ -5,7 +5,7 @@ define ssh::authorized_key_add( String $target_user, String $command, String $key, - String $collect_tag, + Variant[Array[String], String] $collect_tag, String $restrict = 'restrict', Array[Stdlib::IP::Address] $from_hosts = $base::public_addresses, ) { @@ -21,11 +21,19 @@ define ssh::authorized_key_add( fail('from_hosts must not contain double quotes') } + if $collect_tag =~ String { + $raw_tags = [ $collect_tag ] + } else { + $raw_tags = $collect_tag + } + $ssh_tags = $raw_tags.map |$t| { "ssh::authorized_key::fragment::${t}::${target_user}" } + $ferm_tags = $raw_tags.map |$t| { "ssh::authorized_key::ferm::${t}::${target_user}" } + $from_space = $from_hosts.join(' ') if $key { @@concat::fragment { "ssh::authorized_key::${name} ${target_user} from ${::hostname}": - tag => "ssh::authorized_key::fragment::${collect_tag}::${target_user}", + tag => $ssh_tags, target => "/etc/ssh/userkeys/${target_user}", order => '200', content => @("EOF"), @@ -37,8 +45,8 @@ define ssh::authorized_key_add( notify{ "Warning, ssh key for ${name}, ${target_user} not defined (yet?).": } } - @@ferm::rule { "ssh-${collect_tag}_${target_user}-${name}_from_${::hostname}": - tag => "ssh::authorized_key::ferm::${collect_tag}::${target_user}", + @@ferm::rule { "ssh-${raw_tags[0]}_${target_user}-${name}_from_${::hostname}": + tag => $ssh_tags, description => "allow ssh for ssh to ${target_user}", domain => '(ip ip6)', chain => 'ssh',