{%- set ssh_config = pillar.get('ssh_config', {}) -%}
{#- present in ssh_config and known in actual file options -#}
{%- set processed_options = [] -%}

{#- generic renderer used for ssh matches, known options, -#}
{#- and unknown options -#}
{%- macro render_option(keyword, default, config_dict=ssh_config) -%}
  {%- set value = config_dict.get(keyword, default) -%}
  {%- if value is sameas true -%}
{{ keyword }} yes
  {%- elif value is sameas false -%}
{{ keyword }} no
  {%- elif value is string or value is number -%}
{{ keyword }} {{ value }}
  {%- else -%}
{%- for single_value in value -%}
{{ keyword }} {{ single_value }}
{% endfor -%}
  {%- endif -%}
{%- endmacro -%}

{#- macros for render option according to present -#}
{%- macro option_impl(keyword, default, present) -%}
  {%- if present -%}
    {%- do processed_options.append(keyword) -%}
    {%- set prefix='' -%}
  {%- else -%}
    {%- set prefix='#' -%}
  {%- endif -%}
  {#- add prefix to keyword -#}
  {%- set keyword = prefix ~ keyword -%}
{{ render_option(keyword, default) }}
{%- endmacro -%}

{#- macros for render option commented by default -#}
{%- macro option(keyword, default, present) -%}
{{ option_impl(keyword, default, keyword in ssh_config) }}
{%- endmacro -%}

{#- macros for render option uncommented by default -#}
{%- macro option_default_uncommented(keyword, default, present) -%}
{{ option_impl(keyword, default, True) }}
{%- endmacro -%}

# Do not edit this file manually!
# It will be overwritten by salt!

{{ option_default_uncommented('Host', '*') }}
{{ option('   ForwardAgent', 'no') }}
{{ option('   ForwardX11', 'no') }}
{{ option('   RhostsRSAAuthentication', 'no') }}
{{ option('   RSAAuthentication', 'yes') }}
{{ option('   PasswordAuthentication', 'yes') }}
{{ option('   HostbasedAuthentication', 'no') }}
{{ option('   GSSAPIAuthentication', 'no') }}
{{ option('   GSSAPIDelegateCredentials', 'no') }}
{{ option('   BatchMode', 'no') }}
{{ option('   CheckHostIP', 'yes') }}
{{ option('   AddressFamily', 'any') }}
{{ option('   ConnectTimeout', 0) }}
{{ option('   StrictHostKeyChecking', 'ask') }}
{{ option('   IdentityFile', '~/.ssh/id_rsa') }}
{{ option('   Port', 22) }}
{{ option('   Protocol', 2) }}
{{ option('   Cipher', '3des') }}
{{ option('   Tunnel', 'no') }}
{{ option('   TunnelDevice', 'any:any') }}
{{ option('   PermitLocalCommand', 'no') }}
{{ option('   VisualHostKey', 'no') }}

{# Handling unknown in salt template options #}
{%- for keyword in ssh_config.keys() %}
  {#- Matches have to be at the bottom and should be handled differently -#}
  {%- if not keyword in processed_options and keyword != 'matches' -%}
{#- send a blank default as it doesn't matter #}
{{ render_option(keyword, '') }}
  {%- endif -%}
{%- endfor %}

{# Handle matches last as they need to go at the bottom #}
{%- if 'matches' in ssh_config %}
  {%- for match in ssh_config['matches'].values() %}
Match {{ match['type'].keys()[0] }} {{ match['type'].values()[0] }}
    {%- for keyword in match['options'].keys() %}
    {{ render_option(keyword, '', config_dict=match['options']) }}
    {%- endfor %}
  {%- endfor %}
{%- endif %}