Puppet Function: sshserver_options_to_augeas_sshd_config
- Defined in:
- lib/puppet/parser/functions/sshserver_options_to_augeas_sshd_config.rb
- Function type:
- Ruby 3.x API
Overview
This function will convert a key-value hash to a format understandable by the augeas sshd_config provider It will also optionally deal with keys that should be absent, and inject static parameters if supplied.
Usage: sshserver_options_to_augeas_sshd_config($options_present, $options_absent, $other_parameters)
-
$options_hash is mandatory and must be a hash.
-
$options_absent is optional and can be either a single value or an array.
-
$other_parameters is optional and must be a hash.
Example: $options = {
'Match User www-data' => {
'PasswordAuthentication' => 'yes',
'X11Forwarding' => 'no',
},
'Match Group bamboo' => {
'ForcedCommand' => '/bin/echo hello world',
},
'X11Forwarding' => 'yes',
'DebianBanner' => '/etc/banner.net',
'AllowGroups' => ["sshgroups", "admins"],
}
$options_absent = [‘DebianBanner’,‘NoneField’] $other_parameters = { ‘target’ => ‘/etc/ssh/sshd_config’ }
$options_final_augeas = sshserver_options_to_augeas_sshd_config($options, $options_absent, $other_parameters)
In this case, the value of $options_final_augeas would be:
‘PasswordAuthentication User www-data’ => {
'ensure' => 'present',
'condition' => 'User www-data',
'key' => 'PasswordAuthentication',
'value' => 'yes',
'target' => '/etc/ssh/sshd_config',
}
'X11Forwarding User www-data' => {
'ensure' => 'present',
'condition' => 'User www-data',
'key' => 'X11Forwarding',
'value' => 'no',
'target' => '/etc/ssh/sshd_config',
}
'ForcedCommand Group bamboo' => {
'ensure' => 'present',
'condition' => 'Group bamboo',
'key' => 'ForcedCommand',
'value' => '/bin/echo hello world',
'target' => '/etc/ssh/sshd_config',
}
'X11Forwarding' => {
'ensure' => 'present',
'key' => 'X11Forwarding',
'value' => 'yes',
'target' => '/etc/ssh/sshd_config',
}
'DebianBanner' => {
'ensure' => 'absent',
'key' => 'DebianBanner',
'target' => '/etc/ssh/sshd_config',
}
'AllowGroups' => {
'ensure' => 'present',
'key' => 'AllowGroups',
'value' => ['sshgroups','admins'],
'target' => '/etc/ssh/sshd_config',
}
'NoneField' => {
'ensure' => 'absent',
'key' => 'NoneField',
'target' => '/etc/ssh/sshd_config',
}
Note how the word “Match” is stripped a
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 |
# File 'lib/puppet/parser/functions/sshserver_options_to_augeas_sshd_config.rb', line 4 newfunction(:sshserver_options_to_augeas_sshd_config, type: :rvalue, doc: <<-DOC) do |args| This function will convert a key-value hash to a format understandable by the augeas sshd_config provider It will also optionally deal with keys that should be absent, and inject static parameters if supplied. Usage: sshserver_options_to_augeas_sshd_config($options_present, $options_absent, $other_parameters) - $options_hash is mandatory and must be a hash. - $options_absent is optional and can be either a single value or an array. - $other_parameters is optional and must be a hash. Example: $options = { 'Match User www-data' => { 'PasswordAuthentication' => 'yes', 'X11Forwarding' => 'no', }, 'Match Group bamboo' => { 'ForcedCommand' => '/bin/echo hello world', }, 'X11Forwarding' => 'yes', 'DebianBanner' => '/etc/banner.net', 'AllowGroups' => ["sshgroups", "admins"], } $options_absent = ['DebianBanner','NoneField'] $other_parameters = { 'target' => '/etc/ssh/sshd_config' } $options_final_augeas = sshserver_options_to_augeas_sshd_config($options, $options_absent, $other_parameters) In this case, the value of $options_final_augeas would be: 'PasswordAuthentication User www-data' => { 'ensure' => 'present', 'condition' => 'User www-data', 'key' => 'PasswordAuthentication', 'value' => 'yes', 'target' => '/etc/ssh/sshd_config', } 'X11Forwarding User www-data' => { 'ensure' => 'present', 'condition' => 'User www-data', 'key' => 'X11Forwarding', 'value' => 'no', 'target' => '/etc/ssh/sshd_config', } 'ForcedCommand Group bamboo' => { 'ensure' => 'present', 'condition' => 'Group bamboo', 'key' => 'ForcedCommand', 'value' => '/bin/echo hello world', 'target' => '/etc/ssh/sshd_config', } 'X11Forwarding' => { 'ensure' => 'present', 'key' => 'X11Forwarding', 'value' => 'yes', 'target' => '/etc/ssh/sshd_config', } 'DebianBanner' => { 'ensure' => 'absent', 'key' => 'DebianBanner', 'target' => '/etc/ssh/sshd_config', } 'AllowGroups' => { 'ensure' => 'present', 'key' => 'AllowGroups', 'value' => ['sshgroups','admins'], 'target' => '/etc/ssh/sshd_config', } 'NoneField' => { 'ensure' => 'absent', 'key' => 'NoneField', 'target' => '/etc/ssh/sshd_config', } Note how the word "Match" is stripped away. DOC raise Puppet::ParseError, 'sshserver_options_to_augeas_sshd_config: expects at least one argument' if args.empty? = args[0] raise Puppet::ParseError, 'sshserver_options_to_augeas_sshd_config: first argument must be a hash' unless .is_a?(Hash) = args[1] if args[1] other_parameters = args[2] if args[2] raise Puppet::ParseError, 'sshserver_options_to_augeas_sshd_config: second argument, if supplied, must be an array or a string' if && !(.is_a?(Array) || .is_a?(String)) raise Puppet::ParseError, 'sshserver_options_to_augeas_sshd_config: third argument, if supplied, must be a hash' if other_parameters && !other_parameters.is_a?(Hash) = {} .each do |key1, value1| if value1.is_a?(Hash) value1.each do |key2, value2| v = { 'ensure' => 'present' }.merge('condition' => key1.gsub('Match ', '')).merge('key' => key2, 'value' => value2) ["#{key2} #{key1.gsub('Match ', '')}"] = v.merge(other_parameters) end else [key1] = { 'ensure' => 'present' }.merge('key' => key1, 'value' => value1).merge(other_parameters) end end .each do |value| [value] = { 'ensure' => 'absent' }.merge('key' => value).merge(other_parameters) end return end |