Merge branch 'jenkins-build-23' into 'master'

Auto-merge for build 23 See merge request puppet/confdroid_ssh!23
Recommit for updates in build 23
2026-04-13 15:53:13 +02:00 · 2026-04-13 15:01:32 +02:00 · 2026-04-13 15:00:41 +02:00 · 2026-04-13 15:00:24 +02:00 · 2026-04-13 12:55:20 +00:00
4 changed files with 43 additions and 147 deletions
--- a/129
+++ b/129
@@ -1,129 +0,0 @@
 pipeline {
    agent {
      label 'puppet'
    }
    post {
        always {
            deleteDir() /* clean up our workspace */
        }
        success {
            updateGitlabCommitStatus state: 'success'
        }
        failure {
            updateGitlabCommitStatus state: 'failed'
            step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'support@confdroid.com', sendToIndividuals: true])
        }
    }
    options {
          gitLabConnection('gitlab.confdroid.com')
    }
    stages {
      stage('pull master') {
        steps {
          sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
            sh '''
                git config user.name "Jenkins Server"
                git config user.email jenkins@confdroid.com
                # Ensure we're on the development branch (triggered by push)
                git checkout development
                # Create jenkins branch from development
                git checkout -b jenkins-build-$BUILD_NUMBER
                # Optionally merge master into jenkins to ensure compatibility
                git merge origin/master --no-ff || { echo "Merge conflict detected"; exit 1; }
            '''
        }
      }
    }
      stage('puppet parser') {
        steps {
          sh '''for file in $(find . -iname \'*.pp\'); do
            /opt/puppetlabs/bin/puppet parser validate --color false --render-as s --modulepath=modules $file || exit 1;
            done;'''
          }
        }
      stage('check templates') {
        steps{
          sh '''for file in $(find . -iname \'*.erb\');
            do erb -P -x -T "-" $file | ruby -c || exit 1;
            done;'''
        }
      }
      stage('puppet-lint') {
        steps {
          sh '''/usr/local/bin/puppet-lint . \\
                --no-variable_scope-check \\
                || { echo "Puppet lint failed"; exit 1; }
            '''
          }
        }
      stage('SonarScan') {
         steps {
            withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) {
              sh '''
              /opt/sonar-scanner/bin/sonar-scanner \
                -Dsonar.projectKey=confdroid_ssh \
                -Dsonar.sources=. \
                -Dsonar.host.url=https://sonarqube.confdroid.com \
                -Dsonar.token=$SONAR_TOKEN
                '''
              }
            }
          }
      stage('create Puppet documentation') {
        steps {
          sh '/opt/puppetlabs/bin/puppet strings'
        }
      }
      stage('update repo') {
        steps {
          sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
            sh '''
                git config user.name "Jenkins Server"
                git config user.email jenkins@confdroid.com
                git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit"
                git push -o merge_request.create \
                         -o merge_request.target=master \
                         -o merge_request.title="Auto-merge for build $BUILD_NUMBER" \
                         -o merge_request.description="Automated changes from Jenkins build $BUILD_NUMBER" \
                         -o merge_request.merge_when_pipeline_succeeds=true \
                         origin jenkins-build-$BUILD_NUMBER
            '''
        }
      }
    }
      stage('Mirror to Gitea') {
        steps {
          withCredentials([usernamePassword(
            credentialsId: 'Jenkins-gitea',
            usernameVariable: 'GITEA_USER',
            passwordVariable: 'GITEA_TOKEN')]) {
            script {
              // Checkout from GitLab (already done implicitly)
                sh '''
                  git checkout master
                  git pull origin master
                  git branch -D development
                  git branch -D jenkins-build-$BUILD_NUMBER
                  git rm -f Jenkinsfile
                  git rm -r --cached .vscode || echo "No .vscode to remove from git"
                  git commit --amend --no-edit --allow-empty
                  git remote add master https://sourcecode.confdroid.com/confdroid/confdroid_ssh.git
                  git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \
                  push master --mirror
                  '''
          }
        }
      }
    }
  }
 }
--- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
@@ -772,6 +772,24 @@
        &mdash;
        <div class='inline'>
 <p>setting for sshd_config. Default is ‘no’. This setting is only relevant if GSSAPI authentication is enabled, and should be set to ‘yes’ if you want to enable GSSAPI for k5users.</p>
 </div>
    </li>
    <li>
        <span class='name'>ssh_use_pam</span>
        <span class='type'>(<tt>String</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>setting for sshd_config. Default is ‘no’. PAM is not commonly used for SSH authentication and can introduce security risks if not configured properly, so it is disabled by default. Thi setting is related to PasswordAuthentication and KbdInteractiveAuthentication, and should be set to ‘yes’ only if you want to use PAM for authentication together with those settings.</p>
 </div>
    </li>
@@ -787,12 +805,6 @@
        <pre class="lines">
 93
 94
 95
 96
 97
 98
 99
 100
 101
@@ -852,10 +864,16 @@
 155
 156
 157
-158</pre>
+158
 159
 160
 161
 162
 163
 164</pre>
      </td>
      <td>
-        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 93</span>
+        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 99</span>
 class confdroid_ssh::params (
@@ -896,11 +914,11 @@ class confdroid_ssh::params (
  String  $ssh_kerberos_get_afstoken        = &#39;no&#39;,
  String  $ssh_kerberos_use_kuserok         = &#39;yes&#39;,
  Boolean $ssh_use_gssapi                   = false,
-  String  $ssh_gssapi_authentication         = &#39;yes&#39;,
+  String  $ssh_gssapi_authentication        = &#39;yes&#39;,
-  String  $ssh_gssapi_cleanup_credentials    = &#39;yes&#39;,
+  String  $ssh_gssapi_cleanup_credentials   = &#39;yes&#39;,
-  String  $ssh_gssapi_key_exchange           = &#39;no&#39;,
+  String  $ssh_gssapi_key_exchange          = &#39;no&#39;,
-  String  $ssh_gssapi_enablek5users          = &#39;no&#39;,
+  String  $ssh_gssapi_enablek5users         = &#39;no&#39;,
-
+  String  $ssh_use_pam                      = &#39;no&#39;,
 ) {
 # default facts
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -89,6 +89,12 @@
 # @param [String] ssh_gssapi_enablek5users setting for sshd_config.
 #   Default is 'no'. This setting is only relevant if GSSAPI authentication is 
 #   enabled, and should be set to 'yes' if you want to enable GSSAPI for k5users.
 # @param [String] ssh_use_pam setting for sshd_config. Default is 'no'. PAM is not
 #   commonly used for SSH authentication and can introduce security risks if 
 #   not configured properly, so it is disabled by default. Thi setting is 
 #   related to PasswordAuthentication and KbdInteractiveAuthentication, and 
 #   should be set to 'yes' only if you want to use PAM for authentication 
 #   together with those settings.
 ##############################################################################
 class confdroid_ssh::params (
@@ -129,11 +135,11 @@ class confdroid_ssh::params (
  String  $ssh_kerberos_get_afstoken        = 'no',
  String  $ssh_kerberos_use_kuserok         = 'yes',
  Boolean $ssh_use_gssapi                   = false,
-  String  $ssh_gssapi_authentication         = 'yes',
+  String  $ssh_gssapi_authentication        = 'yes',
-  String  $ssh_gssapi_cleanup_credentials    = 'yes',
+  String  $ssh_gssapi_cleanup_credentials   = 'yes',
-  String  $ssh_gssapi_key_exchange           = 'no',
+  String  $ssh_gssapi_key_exchange          = 'no',
-  String  $ssh_gssapi_enablek5users          = 'no',
+  String  $ssh_gssapi_enablek5users         = 'no',
-
+  String  $ssh_use_pam                      = 'no',
 ) {
 # default facts
--- a/templates/sshd_custom_conf.erb
+++ b/templates/sshd_custom_conf.erb
@@ -31,6 +31,7 @@ AuthorizedKeysCommandUser <%= @ssh_authorized_keys_command_user %>
 PasswordAuthentication <%= @ssh_password_authentication %>
 PermitEmptyPasswords <%= @ssh_permit_empty_passwords %>
 KbdInteractiveAuthentication <%= @ssh_kbd_interactive_auth %>
 UsePAM <%= @ssh_use_pam %>
 <% if @ssh_use_kerberos -%>
 KerberosAuthentication <%= @ssh_kerberos_authentication %>
Author	SHA1	Message	Date
Jenkins	761f071573	Merge branch 'jenkins-build-23' into 'master' Auto-merge for build 23 See merge request puppet/confdroid_ssh!23	2026-04-13 15:53:13 +02:00
Jenkins Server	a648676a51	Recommit for updates in build 23	2026-04-13 15:01:32 +02:00
Jenkins Server	77b664a6f0	Merge remote-tracking branch 'origin/master' into jenkins-build-23	2026-04-13 15:00:41 +02:00
12ww1160	c8139772a2	OP#575 add kerberos and gssapi sections am PAM	2026-04-13 15:00:24 +02:00
Jenkins	6a9563ae04	Merge branch 'jenkins-build-22' into 'master' Auto-merge for build 22 See merge request puppet/confdroid_ssh!22	2026-04-13 12:55:20 +00:00