Support Match prioritization
OpenSSH's Match declarations are applied first-match-wins. However, we can't safely define two Matches that might overlap unless we first sort the keys, as Python (and Jinja) dicts don't guarantee the order of dict keys, We also won't scramble the match sequence every time the user adds, removes or renames a match, and so we give the user clearer, more concise diffs as when they apply changes. Finally, we leave a comment on the Match line identifying where the Match rule came from, to assist in troubleshooting.
This commit is contained in:
parent
0913827c82
commit
345e07c85e
@ -215,8 +215,8 @@
|
|||||||
|
|
||||||
{# Handle matches last as they need to go at the bottom #}
|
{# Handle matches last as they need to go at the bottom #}
|
||||||
{%- if 'matches' in sshd_config %}
|
{%- if 'matches' in sshd_config %}
|
||||||
{%- for match in sshd_config['matches'].values() %}
|
{%- for name, match in sshd_config['matches']|dictsort(true) %}
|
||||||
Match {{ match['type'].keys()[0] }} {{ match['type'].values()[0] }}
|
Match {{ match['type'].keys()[0] }} {{ match['type'].values()[0] }} # {{ name }}
|
||||||
{%- for keyword in match['options'].keys() %}
|
{%- for keyword in match['options'].keys() %}
|
||||||
{{ render_option(keyword, '', config_dict=match['options']) }}
|
{{ render_option(keyword, '', config_dict=match['options']) }}
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
Loading…
Reference in New Issue
Block a user