# HG changeset patch # User IBBoard # Date 1641238859 0 # Node ID 1de440d1bffb807999b172c05a10a4b846ff975c # Parent df5ad1612af74c9c0d8d083518bfb5565fa77fb0 Fix various SSH module warnings * Replace "validate_X" with "validate_legacy" * Parse integers rather than weak typing * Remove exports that rely on PuppetDB diff -r df5ad1612af7 -r 1de440d1bffb modules/ssh/manifests/init.pp --- a/modules/ssh/manifests/init.pp Mon Jan 03 18:37:16 2022 +0000 +++ b/modules/ssh/manifests/init.pp Mon Jan 03 19:40:59 2022 +0000 @@ -466,8 +466,8 @@ if "${::ssh_version}" =~ /^OpenSSH/ { # lint:ignore:only_variable_string $ssh_version_array = split($::ssh_version_numeric, '\.') - $ssh_version_maj_int = 0 + $ssh_version_array[0] - $ssh_version_min_int = 0 + $ssh_version_array[1] + $ssh_version_maj_int = Integer($ssh_version_array[0]) + $ssh_version_min_int = Integer($ssh_version_array[1]) if $ssh_version_maj_int > 5 { $default_ssh_config_use_roaming = 'no' } elsif $ssh_version_maj_int == 5 and $ssh_version_min_int >= 4 { @@ -516,7 +516,7 @@ } if $sshd_config_xauth_location_real != undef { - validate_absolute_path($sshd_config_xauth_location_real) + validate_legacy(Stdlib::Compat::Absolute_Path, "validate_absolute_path", $sshd_config_xauth_location_real) } if $ssh_package_source == 'USE_DEFAULTS' { @@ -526,7 +526,7 @@ } if $ssh_package_source_real != undef { - validate_absolute_path($ssh_package_source_real) + validate_legacy(Stdlib::Compat::Absolute_Path, "validate_absolute_path", $ssh_package_source_real) } if $ssh_package_adminfile == 'USE_DEFAULTS' { @@ -536,7 +536,7 @@ } if $ssh_package_adminfile_real != undef { - validate_absolute_path($ssh_package_adminfile_real) + validate_legacy(Stdlib::Compat::Absolute_Path, "validate_absolute_path", $ssh_package_adminfile_real) } if $sshd_config_use_dns == 'USE_DEFAULTS' { @@ -563,7 +563,7 @@ $ssh_config_forward_x11_trusted_real = $ssh_config_forward_x11_trusted } if $ssh_config_forward_x11_trusted_real != undef { - validate_re($ssh_config_forward_x11_trusted_real, '^(yes|no)$', "ssh::ssh_config_forward_x11_trusted may be either 'yes' or 'no' and is set to <${ssh_config_forward_x11_trusted_real}>.") + validate_legacy("String", "validate_re", $ssh_config_forward_x11_trusted_real, '^(yes|no)$', "ssh::ssh_config_forward_x11_trusted may be either 'yes' or 'no' and is set to <${ssh_config_forward_x11_trusted_real}>.") } if $sshd_gssapikeyexchange == 'USE_DEFAULTS' { @@ -595,13 +595,13 @@ } else { case type3x($ssh_config_include) { 'array': { - validate_array($ssh_config_include) + validate_legacy("Array[String]", "validate_array", $ssh_config_include) } 'string': { - validate_string($ssh_config_include) + validate_legacy("String", "validate_string", $ssh_config_include) } default: { - fail('ssh::ssh_config_include type must be a strting or array.') + fail('ssh::ssh_config_include type must be a string or array.') } } $ssh_config_include_real = $ssh_config_include @@ -612,7 +612,7 @@ } else { case type3x($ssh_sendenv) { 'string': { - validate_re($ssh_sendenv, '^(true|false)$', "ssh::ssh_sendenv may be either 'true' or 'false' and is set to <${ssh_sendenv}>.") + validate_legacy("String", "validate_re", $ssh_sendenv, "^(true|false)$", "ssh::ssh_sendenv may be either 'true' or 'false' and is set to <${ssh_sendenv}>.") $ssh_sendenv_real = str2bool($ssh_sendenv) } 'boolean': { @@ -629,7 +629,7 @@ } else { case type3x($sshd_acceptenv) { 'string': { - validate_re($sshd_acceptenv, '^(true|false)$', "ssh::sshd_acceptenv may be either 'true' or 'false' and is set to <${sshd_acceptenv}>.") + validate_legacy("String", "validate_re", $sshd_acceptenv, '^(true|false)$', "ssh::sshd_acceptenv may be either 'true' or 'false' and is set to <${sshd_acceptenv}>.") $sshd_acceptenv_real = str2bool($sshd_acceptenv) } 'boolean': { @@ -644,13 +644,13 @@ if $sshd_config_hostkey == 'USE_DEFAULTS' { $sshd_config_hostkey_real = $default_sshd_config_hostkey } else { - validate_array($sshd_config_hostkey) - validate_absolute_path($sshd_config_hostkey) + validate_legacy("Array[String]", "validate_array", $sshd_config_hostkey) + validate_legacy(Stdlib::Compat::Absolute_Path, "validate_absolute_path", $sshd_config_hostkey) $sshd_config_hostkey_real = $sshd_config_hostkey } if $sshd_listen_address { - validate_array($sshd_listen_address) + validate_legacy("Array[String]", "validate_array", $sshd_listen_address) } if $service_hasstatus == 'USE_DEFAULTS' { @@ -658,7 +658,7 @@ } else { case type3x($service_hasstatus) { 'string': { - validate_re($service_hasstatus, '^(true|false)$', "ssh::service_hasstatus must be 'true' or 'false' and is set to <${service_hasstatus}>.") + validate_legacy('String', 'validate_re', $service_hasstatus, '^(true|false)$', "ssh::service_hasstatus must be 'true' or 'false' and is set to <${service_hasstatus}>.") $service_hasstatus_real = str2bool($service_hasstatus) } 'boolean': { @@ -681,10 +681,10 @@ } else { case type3x($sshd_config_include) { 'array': { - validate_array($sshd_config_include) + validate_legacy("Array[String]", "validate_array", $sshd_config_include) } 'string': { - validate_string($sshd_config_include) + validate_legacy("String", "validate_string", $sshd_config_include) } default: { fail('ssh::sshd_config_include type must be a strting or array.') @@ -732,44 +732,44 @@ # validate params if $ssh_config_ciphers != undef { - validate_array($ssh_config_ciphers) + validate_legacy("Array[String]", "validate_array", $ssh_config_ciphers) } if $sshd_config_ciphers != undef { - validate_array($sshd_config_ciphers) + validate_legacy("Array[String]", "validate_array", $sshd_config_ciphers) } if $ssh_config_kexalgorithms != undef { - validate_array($ssh_config_kexalgorithms) + validate_legacy("Array[String]", "validate_array", $ssh_config_kexalgorithms) } if $sshd_config_kexalgorithms != undef { - validate_array($sshd_config_kexalgorithms) + validate_legacy("Array[String]", "validate_array", $sshd_config_kexalgorithms) } if $ssh_config_macs != undef { - validate_array($ssh_config_macs) + validate_legacy("Array[String]", "validate_array", $ssh_config_macs) } if $sshd_config_macs != undef { - validate_array($sshd_config_macs) + validate_legacy("Array[String]", "validate_array", $sshd_config_macs) } if $ssh_config_hash_known_hosts_real != undef { - validate_re($ssh_config_hash_known_hosts_real, '^(yes|no)$', "ssh::ssh_config_hash_known_hosts may be either 'yes', 'no' or 'unset' and is set to <${ssh_config_hash_known_hosts_real}>.") + validate_legacy('String', 'validate_re', $ssh_config_hash_known_hosts_real, '^(yes|no)$', "ssh::ssh_config_hash_known_hosts may be either 'yes', 'no' or 'unset' and is set to <${ssh_config_hash_known_hosts_real}>.") } if $sshd_config_permitemptypasswords != undef { - validate_re($sshd_config_permitemptypasswords, '^(yes|no)$', "ssh::sshd_config_permitemptypasswords may be either 'yes' or 'no' and is set to <${sshd_config_permitemptypasswords}>.") + validate_legacy('String', 'validate_re', $sshd_config_permitemptypasswords, '^(yes|no)$', "ssh::sshd_config_permitemptypasswords may be either 'yes' or 'no' and is set to <${sshd_config_permitemptypasswords}>.") } if $sshd_config_permituserenvironment != undef { - validate_re($sshd_config_permituserenvironment, '^(yes|no)$', "ssh::sshd_config_permituserenvironment may be either 'yes' or 'no' and is set to <${sshd_config_permituserenvironment}>.") + validate_legacy('String', 'validate_re', $sshd_config_permituserenvironment, '^(yes|no)$', "ssh::sshd_config_permituserenvironment may be either 'yes' or 'no' and is set to <${sshd_config_permituserenvironment}>.") } if $sshd_config_compression != undef { - validate_re($sshd_config_compression, '^(yes|no|delayed)$', "ssh::sshd_config_compression may be either 'yes', 'no' or 'delayed' and is set to <${sshd_config_compression}>.") + validate_legacy('String', 'validate_re', $sshd_config_compression, '^(yes|no|delayed)$', "ssh::sshd_config_compression may be either 'yes', 'no' or 'delayed' and is set to <${sshd_config_compression}>.") } case type3x($sshd_config_port) { 'string': { - validate_re($sshd_config_port, '^\d+$', "ssh::sshd_config_port must be a valid number and is set to <${sshd_config_port}>.") + validate_legacy('String', 'validate_re', $sshd_config_port, '^\d+$', "ssh::sshd_config_port must be a valid number and is set to <${sshd_config_port}>.") $sshd_config_port_array = [ str2num($sshd_config_port) ] } 'array': { @@ -782,70 +782,70 @@ fail('ssh:sshd_config_port must be a string, an integer or an array. ') } } - validate_numeric($sshd_config_port_array, 65535, 1) + validate_legacy(Stdlib::Compat::Numeric, 'validate_numeric', $sshd_config_port_array, 65535, 1) if $sshd_kerberos_authentication != undef { - validate_re($sshd_kerberos_authentication, '^(yes|no)$', "ssh::sshd_kerberos_authentication may be either 'yes' or 'no' and is set to <${sshd_kerberos_authentication}>.") + validate_legacy('String', 'validate_re', $sshd_kerberos_authentication, '^(yes|no)$', "ssh::sshd_kerberos_authentication may be either 'yes' or 'no' and is set to <${sshd_kerberos_authentication}>.") } - validate_re($sshd_password_authentication, '^(yes|no)$', "ssh::sshd_password_authentication may be either 'yes' or 'no' and is set to <${sshd_password_authentication}>.") - validate_re($sshd_allow_tcp_forwarding, '^(yes|no)$', "ssh::sshd_allow_tcp_forwarding may be either 'yes' or 'no' and is set to <${sshd_allow_tcp_forwarding}>.") - validate_re($sshd_x11_forwarding, '^(yes|no)$', "ssh::sshd_x11_forwarding may be either 'yes' or 'no' and is set to <${sshd_x11_forwarding}>.") - validate_re($sshd_x11_use_localhost, '^(yes|no)$', "ssh::sshd_x11_use_localhost may be either 'yes' or 'no' and is set to <${sshd_x11_use_localhost}>.") + validate_legacy('String', 'validate_re', $sshd_password_authentication, '^(yes|no)$', "ssh::sshd_password_authentication may be either 'yes' or 'no' and is set to <${sshd_password_authentication}>.") + validate_legacy('String', 'validate_re', $sshd_allow_tcp_forwarding, '^(yes|no)$', "ssh::sshd_allow_tcp_forwarding may be either 'yes' or 'no' and is set to <${sshd_allow_tcp_forwarding}>.") + validate_legacy('String', 'validate_re', $sshd_x11_forwarding, '^(yes|no)$', "ssh::sshd_x11_forwarding may be either 'yes' or 'no' and is set to <${sshd_x11_forwarding}>.") + validate_legacy('String', 'validate_re', $sshd_x11_use_localhost, '^(yes|no)$', "ssh::sshd_x11_use_localhost may be either 'yes' or 'no' and is set to <${sshd_x11_use_localhost}>.") if $sshd_config_print_last_log != undef { - validate_re($sshd_config_print_last_log, '^(yes|no)$', "ssh::sshd_config_print_last_log may be either 'yes' or 'no' and is set to <${sshd_config_print_last_log}>.") + validate_legacy('String', 'validate_re', $sshd_config_print_last_log, '^(yes|no)$', "ssh::sshd_config_print_last_log may be either 'yes' or 'no' and is set to <${sshd_config_print_last_log}>.") } if $sshd_use_pam_real != undef { - validate_re($sshd_use_pam_real, '^(yes|no)$', "ssh::sshd_use_pam may be either 'yes' or 'no' and is set to <${sshd_use_pam_real}>.") + validate_legacy('String', 'validate_re', $sshd_use_pam_real, '^(yes|no)$', "ssh::sshd_use_pam may be either 'yes' or 'no' and is set to <${sshd_use_pam_real}>.") } if $sshd_config_serverkeybits_real != undef { if is_integer($sshd_config_serverkeybits_real) == false { fail("ssh::sshd_config_serverkeybits must be an integer and is set to <${sshd_config_serverkeybits}>.") } } if $ssh_config_use_roaming_real != undef { - validate_re($ssh_config_use_roaming_real, '^(yes|no|unset)$', "ssh::ssh_config_use_roaming may be either 'yes', 'no' or 'unset' and is set to <${$ssh_config_use_roaming}>.") + validate_legacy('String', 'validate_re', $ssh_config_use_roaming_real, '^(yes|no|unset)$', "ssh::ssh_config_use_roaming may be either 'yes', 'no' or 'unset' and is set to <${$ssh_config_use_roaming}>.") } if is_integer($sshd_client_alive_interval) == false { fail("ssh::sshd_client_alive_interval must be an integer and is set to <${sshd_client_alive_interval}>.") } if is_integer($sshd_client_alive_count_max) == false { fail("ssh::sshd_client_alive_count_max must be an integer and is set to <${sshd_client_alive_count_max}>.") } if $sshd_config_banner != 'none' { - validate_absolute_path($sshd_config_banner) + validate_legacy(Stdlib::Compat::Absolute_Path, "validate_absolute_path", $sshd_config_banner) } if $sshd_banner_content != undef and $sshd_config_banner == 'none' { fail('ssh::sshd_config_banner must be set to be able to use sshd_banner_content.') } - validate_re($ssh_gssapiauthentication, '^(yes|no)$', "ssh::ssh_gssapiauthentication may be either 'yes' or 'no' and is set to <${ssh_gssapiauthentication}>.") + validate_legacy('String', 'validate_re', $ssh_gssapiauthentication, '^(yes|no)$', "ssh::ssh_gssapiauthentication may be either 'yes' or 'no' and is set to <${ssh_gssapiauthentication}>.") if $ssh_gssapidelegatecredentials != undef { - validate_re($ssh_gssapidelegatecredentials, '^(yes|no)$', "ssh::ssh_gssapidelegatecredentials may be either 'yes' or 'no' and is set to <${ssh_gssapidelegatecredentials}>.") + validate_legacy('String', 'validate_re', $ssh_gssapidelegatecredentials, '^(yes|no)$', "ssh::ssh_gssapidelegatecredentials may be either 'yes' or 'no' and is set to <${ssh_gssapidelegatecredentials}>.") } - validate_re($sshd_gssapiauthentication, '^(yes|no)$', "ssh::sshd_gssapiauthentication may be either 'yes' or 'no' and is set to <${sshd_gssapiauthentication}>.") + validate_legacy('String', 'validate_re', $sshd_gssapiauthentication, '^(yes|no)$', "ssh::sshd_gssapiauthentication may be either 'yes' or 'no' and is set to <${sshd_gssapiauthentication}>.") if $sshd_gssapikeyexchange_real != undef { - validate_re($sshd_gssapikeyexchange_real, '^(yes|no)$', "ssh::sshd_gssapikeyexchange may be either 'yes' or 'no' and is set to <${sshd_gssapikeyexchange_real}>.") + validate_legacy('String', 'validate_re', $sshd_gssapikeyexchange_real, '^(yes|no)$', "ssh::sshd_gssapikeyexchange may be either 'yes' or 'no' and is set to <${sshd_gssapikeyexchange_real}>.") } if $sshd_pamauthenticationviakbdint_real != undef { - validate_re($sshd_pamauthenticationviakbdint_real, '^(yes|no)$', "ssh::sshd_pamauthenticationviakbdint may be either 'yes' or 'no' and is set to <${sshd_pamauthenticationviakbdint_real}>.") + validate_legacy('String', 'validate_re', $sshd_pamauthenticationviakbdint_real, '^(yes|no)$', "ssh::sshd_pamauthenticationviakbdint may be either 'yes' or 'no' and is set to <${sshd_pamauthenticationviakbdint_real}>.") } if $sshd_gssapicleanupcredentials_real != undef { - validate_re($sshd_gssapicleanupcredentials_real, '^(yes|no)$', "ssh::sshd_gssapicleanupcredentials may be either 'yes' or 'no' and is set to <${sshd_gssapicleanupcredentials_real}>.") + validate_legacy('String', 'validate_re', $sshd_gssapicleanupcredentials_real, '^(yes|no)$', "ssh::sshd_gssapicleanupcredentials may be either 'yes' or 'no' and is set to <${sshd_gssapicleanupcredentials_real}>.") } if $ssh_strict_host_key_checking != undef { - validate_re($ssh_strict_host_key_checking, '^(yes|no|ask)$', "ssh::ssh_strict_host_key_checking may be 'yes', 'no' or 'ask' and is set to <${ssh_strict_host_key_checking}>.") + validate_legacy('String', 'validate_re', $ssh_strict_host_key_checking, '^(yes|no|ask)$', "ssh::ssh_strict_host_key_checking may be 'yes', 'no' or 'ask' and is set to <${ssh_strict_host_key_checking}>.") } if $ssh_config_proxy_command != undef { - validate_string($ssh_config_proxy_command) + validate_legacy("String", "validate_string", $ssh_config_proxy_command) } if $ssh_enable_ssh_keysign != undef { - validate_re($ssh_enable_ssh_keysign, '^(yes|no)$', "ssh::ssh_enable_ssh_keysign may be either 'yes' or 'no' and is set to <${ssh_enable_ssh_keysign}>.") + validate_legacy('String', 'validate_re', $ssh_enable_ssh_keysign, '^(yes|no)$', "ssh::ssh_enable_ssh_keysign may be either 'yes' or 'no' and is set to <${ssh_enable_ssh_keysign}>.") } if $sshd_config_authkey_location != undef { - validate_string($sshd_config_authkey_location) + validate_legacy("String", "validate_string", $sshd_config_authkey_location) } if $sshd_config_maxauthtries != undef { @@ -855,24 +855,24 @@ } if $sshd_config_maxstartups != undef { - validate_re($sshd_config_maxstartups,'^((\d+)|(\d+?:\d+?:\d+)?)$', + validate_legacy('String', 'validate_re', $sshd_config_maxstartups,'^((\d+)|(\d+?:\d+?:\d+)?)$', "ssh::sshd_config_maxstartups may be either an integer or three integers separated with colons, such as 10:30:100. Detected value is <${sshd_config_maxstartups}>.") } if $sshd_config_chrootdirectory != undef { - validate_absolute_path($sshd_config_chrootdirectory) + validate_legacy(Stdlib::Compat::Absolute_Path, "validate_absolute_path", $sshd_config_chrootdirectory) } if $sshd_config_forcecommand != undef { - validate_string($sshd_config_forcecommand) + validate_legacy("String", "validate_string", $sshd_config_forcecommand) } if $sshd_authorized_keys_command != undef { - validate_absolute_path($sshd_authorized_keys_command) + validate_legacy(Stdlib::Compat::Absolute_Path, "validate_absolute_path", $sshd_authorized_keys_command) } if $sshd_authorized_keys_command_user != undef { - validate_string($sshd_authorized_keys_command_user) + validate_legacy("String", "validate_string", $sshd_authorized_keys_command_user) } if $sshd_config_match != undef { @@ -880,31 +880,31 @@ } if $sshd_config_strictmodes != undef { - validate_re($sshd_config_strictmodes, '^(yes|no)$', "ssh::sshd_config_strictmodes may be either 'yes' or 'no' and is set to <${sshd_config_strictmodes}>.") + validate_legacy('String', 'validate_re', $sshd_config_strictmodes, '^(yes|no)$', "ssh::sshd_config_strictmodes may be either 'yes' or 'no' and is set to <${sshd_config_strictmodes}>.") } if $ssh_hostbasedauthentication != undef { - validate_re($ssh_hostbasedauthentication, '^(yes|no)$', "ssh::ssh_hostbasedauthentication may be either 'yes' or 'no' and is set to <${ssh_hostbasedauthentication}>.") + validate_legacy('String', 'validate_re', $ssh_hostbasedauthentication, '^(yes|no)$', "ssh::ssh_hostbasedauthentication may be either 'yes' or 'no' and is set to <${ssh_hostbasedauthentication}>.") } - validate_re($sshd_hostbasedauthentication, '^(yes|no)$', "ssh::sshd_hostbasedauthentication may be either 'yes' or 'no' and is set to <${sshd_hostbasedauthentication}>.") + validate_legacy('String', 'validate_re', $sshd_hostbasedauthentication, '^(yes|no)$', "ssh::sshd_hostbasedauthentication may be either 'yes' or 'no' and is set to <${sshd_hostbasedauthentication}>.") if $sshd_pubkeyacceptedkeytypes != undef { - validate_array($sshd_pubkeyacceptedkeytypes) + validate_legacy("Array[String]", "validate_array", $sshd_pubkeyacceptedkeytypes) } if $sshd_config_authenticationmethods != undef { - validate_array($sshd_config_authenticationmethods) + validate_legacy("Array[String]", "validate_array", $sshd_config_authenticationmethods) } - validate_re($sshd_pubkeyauthentication, '^(yes|no)$', "ssh::sshd_pubkeyauthentication may be either 'yes' or 'no' and is set to <${sshd_pubkeyauthentication}>.") + validate_legacy('String', 'validate_re', $sshd_pubkeyauthentication, '^(yes|no)$', "ssh::sshd_pubkeyauthentication may be either 'yes' or 'no' and is set to <${sshd_pubkeyauthentication}>.") - validate_re($sshd_ignoreuserknownhosts, '^(yes|no)$', "ssh::sshd_ignoreuserknownhosts may be either 'yes' or 'no' and is set to <${sshd_ignoreuserknownhosts}>.") + validate_legacy('String', 'validate_re', $sshd_ignoreuserknownhosts, '^(yes|no)$', "ssh::sshd_ignoreuserknownhosts may be either 'yes' or 'no' and is set to <${sshd_ignoreuserknownhosts}>.") - validate_re($sshd_ignorerhosts, '^(yes|no)$', "ssh::sshd_ignorerhosts may be either 'yes' or 'no' and is set to <${sshd_ignorerhosts}>.") + validate_legacy('String', 'validate_re', $sshd_ignorerhosts, '^(yes|no)$', "ssh::sshd_ignorerhosts may be either 'yes' or 'no' and is set to <${sshd_ignorerhosts}>.") case type3x($hiera_merge) { 'string': { - validate_re($hiera_merge, '^(true|false)$', "ssh::hiera_merge may be either 'true' or 'false' and is set to <${hiera_merge}>.") + validate_legacy('String', 'validate_re', $hiera_merge, '^(true|false)$', "ssh::hiera_merge may be either 'true' or 'false' and is set to <${hiera_merge}>.") $hiera_merge_real = str2bool($hiera_merge) } 'boolean': { @@ -917,7 +917,7 @@ case type3x($ssh_key_import) { 'string': { - validate_re($ssh_key_import, '^(true|false)$', "ssh::ssh_key_import may be either 'true' or 'false' and is set to <${ssh_key_import}>.") + validate_legacy('String', 'validate_re', $ssh_key_import, '^(true|false)$', "ssh::ssh_key_import may be either 'true' or 'false' and is set to <${ssh_key_import}>.") $ssh_key_import_real = str2bool($ssh_key_import) } 'boolean': { @@ -927,7 +927,7 @@ fail('ssh::ssh_key_import type must be true or false.') } } - validate_bool($ssh_key_import_real) + validate_legacy(Stdlib::Compat::Bool, 'validate_bool', $ssh_key_import_real) case type3x($ssh_config_sendenv_xmodifiers) { 'string': { @@ -965,24 +965,24 @@ } } - validate_absolute_path($ssh_config_global_known_hosts_file) + validate_legacy(Stdlib::Compat::Absolute_Path, "validate_absolute_path", $ssh_config_global_known_hosts_file) $ssh_config_global_known_hosts_file_real = any2array($ssh_config_global_known_hosts_file) if $ssh_config_global_known_hosts_list != undef { - validate_array($ssh_config_global_known_hosts_list) - validate_absolute_path($ssh_config_global_known_hosts_list) + validate_legacy("Array[String]", "validate_array", $ssh_config_global_known_hosts_list) + validate_legacy(Stdlib::Compat::Absolute_Path, "validate_absolute_path", $ssh_config_global_known_hosts_list) $ssh_config_global_known_hosts_list_real = concat($ssh_config_global_known_hosts_file_real, $ssh_config_global_known_hosts_list) } else { $ssh_config_global_known_hosts_list_real = $ssh_config_global_known_hosts_file_real } if $ssh_config_user_known_hosts_file != undef { - validate_array($ssh_config_user_known_hosts_file) + validate_legacy("Array[String]", "validate_array", $ssh_config_user_known_hosts_file) } - validate_string($ssh_config_global_known_hosts_owner) - validate_string($ssh_config_global_known_hosts_group) - validate_re($ssh_config_global_known_hosts_mode, '^[0-7]{4}$', + validate_legacy("String", "validate_string", $ssh_config_global_known_hosts_owner) + validate_legacy("String", "validate_string", $ssh_config_global_known_hosts_group) + validate_legacy('String', 'validate_re', $ssh_config_global_known_hosts_mode, '^[0-7]{4}$', "ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is <${ssh_config_global_known_hosts_mode}>.") if type3x($purge_keys) == 'string' { @@ -990,45 +990,45 @@ } else { $purge_keys_real = $purge_keys } - validate_bool($purge_keys_real) + validate_legacy(Stdlib::Compat::Bool, 'validate_bool', $purge_keys_real) if type3x($manage_service) == 'string' { $manage_service_real = str2bool($manage_service) } else { $manage_service_real = $manage_service } - validate_bool($manage_service_real) + validate_legacy(Stdlib::Compat::Bool, 'validate_bool', $manage_service_real) if type3x($service_enable) == 'string' { $service_enable_real = str2bool($service_enable) } else { $service_enable_real = $service_enable } - validate_bool($service_enable_real) + validate_legacy(Stdlib::Compat::Bool, 'validate_bool', $service_enable_real) if type3x($service_hasrestart) == 'string' { $service_hasrestart_real = str2bool($service_hasrestart) } else { $service_hasrestart_real = $service_hasrestart } - validate_bool($service_hasrestart_real) + validate_legacy(Stdlib::Compat::Bool, 'validate_bool', $service_hasrestart_real) if type3x($manage_root_ssh_config) == 'string' { $manage_root_ssh_config_real = str2bool($manage_root_ssh_config) } else { $manage_root_ssh_config_real = $manage_root_ssh_config } - validate_bool($manage_root_ssh_config_real) + validate_legacy(Stdlib::Compat::Bool, 'validate_bool', $manage_root_ssh_config_real) #ssh_config template - validate_string($ssh_config_template) + validate_legacy("String", "validate_string", $ssh_config_template) #sshd_config template - validate_string($sshd_config_template) + validate_legacy("String", "validate_string", $sshd_config_template) #loglevel $supported_loglevel_vals=['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE'] - validate_re($sshd_config_loglevel, $supported_loglevel_vals) + validate_legacy('String', 'validate_re', $sshd_config_loglevel, $supported_loglevel_vals) #enable hiera merging for groups, users, and config_entries if $hiera_merge_real == true { @@ -1044,63 +1044,63 @@ $sshd_config_denyusers_real = $sshd_config_denyusers $config_entries_real = $config_entries } - validate_hash($config_entries_real) + validate_legacy(Stdlib::Compat::Hash, 'validate_hash', $config_entries_real) if $sshd_config_denyusers_real != [] { - validate_array($sshd_config_denyusers_real) + validate_legacy("Array[String]", "validate_array", $sshd_config_denyusers_real) } if $sshd_config_denygroups_real != [] { - validate_array($sshd_config_denygroups_real) + validate_legacy("Array[String]", "validate_array", $sshd_config_denygroups_real) } if $sshd_config_allowusers_real != [] { - validate_array($sshd_config_allowusers_real) + validate_legacy("Array[String]", "validate_array", $sshd_config_allowusers_real) } if $sshd_config_allowgroups_real != [] { - validate_array($sshd_config_allowgroups_real) + validate_legacy("Array[String]", "validate_array", $sshd_config_allowgroups_real) } if $sshd_config_tcp_keepalive_real != undef { - validate_re($sshd_config_tcp_keepalive_real, '^(yes|no)$', "ssh::sshd_config_tcp_keepalive may be either 'yes', 'no' or 'unset' and is set to <${sshd_config_tcp_keepalive_real}>.") + validate_legacy('String', 'validate_re', $sshd_config_tcp_keepalive_real, '^(yes|no)$', "ssh::sshd_config_tcp_keepalive may be either 'yes', 'no' or 'unset' and is set to <${sshd_config_tcp_keepalive_real}>.") } if $sshd_config_use_privilege_separation != undef { - validate_re($sshd_config_use_privilege_separation, '^(yes|no|sandbox)$', "ssh::sshd_config_use_privilege_separation may be either 'yes', 'no' or 'sandbox' and is set to <${sshd_config_use_privilege_separation}>.") + validate_legacy('String', 'validate_re', $sshd_config_use_privilege_separation, '^(yes|no|sandbox)$', "ssh::sshd_config_use_privilege_separation may be either 'yes', 'no' or 'sandbox' and is set to <${sshd_config_use_privilege_separation}>.") } if $sshd_config_permittunnel_real != undef { - validate_re($sshd_config_permittunnel_real, '^(yes|no|point-to-point|ethernet|unset)$', "ssh::sshd_config_permittunnel may be either 'yes', 'point-to-point', 'ethernet', 'no' or 'unset' and is set to <${sshd_config_permittunnel_real}>.") + validate_legacy('String', 'validate_re', $sshd_config_permittunnel_real, '^(yes|no|point-to-point|ethernet|unset)$', "ssh::sshd_config_permittunnel may be either 'yes', 'point-to-point', 'ethernet', 'no' or 'unset' and is set to <${sshd_config_permittunnel_real}>.") } if $sshd_config_hostcertificate_real != undef { if is_array($sshd_config_hostcertificate_real) { - validate_array($sshd_config_hostcertificate_real) + validate_legacy("Array[String]", "validate_array", $sshd_config_hostcertificate_real) } - validate_absolute_path($sshd_config_hostcertificate_real) + validate_legacy(Stdlib::Compat::Absolute_Path, "validate_absolute_path", $sshd_config_hostcertificate_real) } if $sshd_config_trustedusercakeys_real != undef { # TrustedUserCAKeys may be a path to the keys or 'none' if $sshd_config_trustedusercakeys_real != 'none' { - validate_absolute_path($sshd_config_trustedusercakeys_real) + validate_legacy(Stdlib::Compat::Absolute_Path, "validate_absolute_path", $sshd_config_trustedusercakeys_real) } } if $sshd_config_key_revocation_list_real != undef { # RevokedKeys may be a path to the key revocation list or 'none' if $sshd_config_key_revocation_list_real != 'none' { - validate_absolute_path($sshd_config_key_revocation_list) + validate_legacy(Stdlib::Compat::Absolute_Path, "validate_absolute_path", $sshd_config_key_revocation_list) } } if $sshd_config_authorized_principals_file_real != undef { - validate_string($sshd_config_authorized_principals_file_real) + validate_legacy("String", "validate_string", $sshd_config_authorized_principals_file_real) } if $sshd_config_allowagentforwarding != undef { - validate_re($sshd_config_allowagentforwarding, '^(yes|no)$', "ssh::sshd_config_allowagentforwarding may be either 'yes' or 'no' and is set to <${sshd_config_allowagentforwarding}>.") + validate_legacy('String', 'validate_re', $sshd_config_allowagentforwarding, '^(yes|no)$', "ssh::sshd_config_allowagentforwarding may be either 'yes' or 'no' and is set to <${sshd_config_allowagentforwarding}>.") } package { $packages_real: @@ -1194,7 +1194,7 @@ else { $host_aliases = [$::hostname, $::ipaddress] } # export each node's ssh key - @@sshkey { $::fqdn : + sshkey { $::fqdn : ensure => $ssh_key_ensure, host_aliases => $host_aliases, type => $ssh_key_type, @@ -1212,7 +1212,7 @@ # import all nodes' ssh keys if $ssh_key_import_real == true { - Sshkey <<||>> { + Sshkey <||> { target => $ssh_config_global_known_hosts_file, } } @@ -1241,7 +1241,7 @@ if $::osfamily == 'Solaris' { fail("ssh::sshd_addressfamily is not supported on Solaris and is set to <${sshd_addressfamily}>.") } else { - validate_re($sshd_addressfamily_real, '^(any|inet|inet6)$', + validate_legacy('String', 'validate_re', $sshd_addressfamily_real, '^(any|inet|inet6)$', "ssh::sshd_addressfamily can be undef, 'any', 'inet' or 'inet6' and is set to ${sshd_addressfamily_real}.") } }