Add option to manages ssh packages

ghoneycutt · Apr 13, 2023 · 9bde4f5 · 9bde4f5
1 parent 1e8e1b6
commit 9bde4f5
Show file tree

Hide file tree

Showing 4 changed files with 71 additions and 15 deletions.
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -47,6 +47,9 @@
 # @param manage_sshkey
 #   Boolean to choose if SSH keys should be managed. Also see $purge_keys.
 #
+# @param manage_packages
+#   Boolean to choose if SSH client packages should be managed.
+#
 # @param packages
 #   Installation package(s) for the SSH client.
 #
@@ -484,6 +487,7 @@
   Boolean $manage_root_ssh_config = false,
   Boolean $manage_server = true,
   Boolean $manage_sshkey = true,
+  Boolean $manage_packages = true,
   Array[String[1]] $packages = [],
   Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]] $packages_ensure = 'installed',
   Optional[Stdlib::Absolutepath] $packages_adminfile = undef,
@@ -596,12 +600,16 @@
   # the ssh_config file.
   Optional[Array[String[1]]] $custom = undef
 ) {
-
-  package { $packages:
-    ensure    => $packages_ensure,
-    source    => $packages_source,
-    adminfile => $packages_adminfile,
-    before    => 'File[ssh_config]',
+  if $manage_packages {
+    package { $packages:
+      ensure    => $packages_ensure,
+      source    => $packages_source,
+      adminfile => $packages_adminfile,
+      before    => 'File[ssh_config]',
+    }
+    $packages_require = Package[$packages]
+  } else {
+    $packages_require = undef
   }
 
   file { 'ssh_config' :
@@ -624,7 +632,7 @@
       purge   => $include_dir_purge,
       recurse => $include_dir_purge,
       force   => $include_dir_purge,
-      require => Package[$packages],
+      require => $packages_require,
     }
   } else {
     $include_dir = undef

diff --git a/manifests/server.pp b/manifests/server.pp
@@ -33,6 +33,9 @@
 # @param manage_service
 #   Boolean to choose if the SSH daemon should be managed.
 #
+# @param manage_packages
+#   Boolean to choose if SSH client packages should be managed.
+#
 # @param packages
 #   Installation package(s) for the SSH server. Leave empty if the client package(s) also
 #   include the server binaries (eg: Suse SLES and SLED).
@@ -465,6 +468,7 @@
 #   Uses one array item per line to be added.
 #
 class ssh::server (
+  Boolean $manage_packages = true,
   Array[String[1]] $packages = [],
   Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]] $packages_ensure = 'installed',
   Optional[Stdlib::Absolutepath] $packages_adminfile = undef,
@@ -589,12 +593,16 @@
   # the sshd_config file.
   Optional[Array[String[1]]] $custom = undef,
 ) {
-
-  package { $packages:
-    ensure    => $packages_ensure,
-    source    => $packages_source,
-    adminfile => $packages_adminfile,
-    before    => 'File[sshd_config]',
+  if $manage_packages {
+    package { $packages:
+      ensure    => $packages_ensure,
+      source    => $packages_source,
+      adminfile => $packages_adminfile,
+      before    => 'File[sshd_config]',
+    }
+    $packages_require = Package[$packages]
+  } else {
+    $packages_require = undef
   }
 
   file { 'sshd_config' :
@@ -617,7 +625,7 @@
       purge   => $include_dir_purge,
       recurse => $include_dir_purge,
       force   => $include_dir_purge,
-      require => Package[$packages],
+      require => $packages_require,
       notify  => Service['sshd_service'],
     }
   } else {

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -358,7 +358,27 @@
     context "on #{os} with manage_sshkey set to valid false" do
       let(:params) { { manage_sshkey: false } }
 
-      it { is_expected.not_to contain_resources('sshkey') }
+      it { is_expected.not_to contain_package('sshkey') }
+    end
+
+    context "on #{os} with manage_packages set to valid false" do
+      let(:params) { { manage_packages: false } }
+
+      it { is_expected.not_to contain_package('openssh-clients') }
+    end
+
+    context "on #{os} with manage_packages set to valid false when include dir is set" do
+      let(:params) { { manage_packages: false, include: '/test/ing' } }
+
+      it { is_expected.not_to contain_package('openssh-clients') }
+      it { is_expected.to contain_file('ssh_config_include_dir').with_require(nil) }
+    end
+
+    context "on #{os} with manage_packages set to valid true when include dir is set" do
+      let(:params) { { manage_packages: true, include: '/test/ing' } }
+
+      it { is_expected.to contain_package('openssh-clients') }
+      it { is_expected.to contain_file('ssh_config_include_dir').with_require(['Package[openssh-clients]']) }
     end
 
     context "on #{os} with packages set to valid array [array, of, strings]" do

diff --git a/spec/classes/server_spec.rb b/spec/classes/server_spec.rb
@@ -151,6 +151,26 @@
   on_supported_os(redhat).sort.each do |os, os_facts|
     let(:facts) { os_facts }
 
+    context "on #{os} with manage_packages set to valid false" do
+      let(:params) { { manage_packages: false } }
+
+      it { is_expected.not_to contain_package('openssh-server') }
+    end
+
+    context "on #{os} with manage_packages set to valid false when include dir is set" do
+      let(:params) { { manage_packages: false, include: '/test/ing' } }
+
+      it { is_expected.not_to contain_package('openssh-server') }
+      it { is_expected.to contain_file('sshd_config_include_dir').with_require(nil) }
+    end
+
+    context "on #{os} with manage_packages set to valid true when include dir is set" do
+      let(:params) { { manage_packages: true, include: '/test/ing' } }
+
+      it { is_expected.to contain_package('openssh-server') }
+      it { is_expected.to contain_file('sshd_config_include_dir').with_require(['Package[openssh-server]']) }
+    end
+
     context "on #{os} with packages set to valid array [array, of, strings]" do
       let(:params) { { packages: ['array', 'of', 'strings'] } }