Proposal: SSHDConfig Set Support for Repeatable Keywords #1340
Description
Summary of the new feature / enhancement
The Microsoft.OpenSSH/SSHDConfig resource currently supports setting sshd_config keywords only when _purge: true, which replaces the entire configuration file. When _purge: false, there is ambiguity in handling keywords that can have multiple arguments. Keywords that can have multiple arguments are further divided into three categories: repeatable, comma-separated, and space-separated. Repeatable keywords (like Subsystem and Port) are spread over multiple lines. Comma-separated (like Ciphers) and space-separated (like AuthorizedKeysFile) keywords can have multiple arguments on a single line. Note, the keywords that are both space-separated and repeatable (i.e. AllowUsers) are classified under "repeatable" for the scope of this discussion.
Proposed technical implementation details (optional)
This proposal builds on the ideas previously discussed in #790 and #1070 to suggest handling these keywords through the following:
- For all keywords: the
Microsoft.OpenSSH/SSHDConfigresource simply passes the declared value through directly (overwriting any existing value(s) that may exist for that keyword) - For repeatable keywords: the
Microsoft.OpenSSH/SSHDConfig.Repeatableresource with_existfacilitates addition/removal of specific entries
Examples:
Set - behaves as overwrite for all keyword types
- type: Microsoft.OpenSSH/SSHDConfig
properties:
PasswordAuthentication: false
Ciphers:
- [email protected]
Port:
- 2222Set - behaves as "add" for repeatable keywords
- type: Microsoft.OpenSSH/SSHDConfig.Repeatable
properties:
_exist: true
subsystem:
- "powershell /usr/bin/pwsh -sshs -NoLogo"
port:
- 3333Set - behaves as "remove" for repeatable keywords
- type: Microsoft.OpenSSH/SSHDConfig.Repeatable
properties:
_exist: false
subsystem:
- "powershell /usr/bin/pwsh -sshs -NoLogo"
port:
- 3333