diff --git a/manifests/hostkeys.pp b/manifests/hostkeys.pp index 09c923f0..19d05cec 100644 --- a/manifests/hostkeys.pp +++ b/manifests/hostkeys.pp @@ -78,14 +78,23 @@ @@sshkey { "${fqdn_real}_${key_type}": ensure => present, host_aliases => $host_aliases, - type => $key_type, + type => $facts['ssh'][$key_type]['type'], key => $facts['ssh'][$key_type]['key'], tag => $_tags, } } else { - @@sshkey { "${fqdn_real}_${key_type}": - ensure => absent, - type => $key_type, + if $key_type == 'ecdsa' { + ['ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521'].each |String[1] $kt| { + @@sshkey { "${fqdn_real}_${kt}": + ensure => absent, + type => $kt, + } + } + } else { + @@sshkey { "${fqdn_real}_${key_type}": + ensure => absent, + type => $key_type, + } } } } diff --git a/spec/classes/hostkeys_spec.rb b/spec/classes/hostkeys_spec.rb index cd42d61c..e341077d 100644 --- a/spec/classes/hostkeys_spec.rb +++ b/spec/classes/hostkeys_spec.rb @@ -19,7 +19,7 @@ expect(exported_resources).to contain_sshkey("foo.example.com_#{key_type}"). with( ensure: 'present', - type: %r{^#{key_type}}, + type: %r{^ssh-#{key_type}}, tag: %w[group1 group2] ) } @@ -38,7 +38,7 @@ expect(exported_resources).to contain_sshkey("foo.example.com_#{key_type}"). with( ensure: 'present', - type: %r{^#{key_type}}, + type: %r{^ssh-#{key_type}}, tag: %w[hostkey_all hostkey_server_group] ) } @@ -58,7 +58,7 @@ expect(exported_resources).to contain_sshkey("foo.example.com_#{key_type}"). with( ensure: 'present', - type: %r{^#{key_type}}, + type: %r{^ssh-#{key_type}}, tag: %w[hostkey_all hostkey_server_group group1 group2] ) }