From 74d5f6cc3c7878e046d5db7f22ea01f00174e57f Mon Sep 17 00:00:00 2001
From: Heinz Wiesinger <heinz@m2mobi.com>
Date: Thu, 27 Aug 2015 16:31:14 +0200
Subject: [PATCH] Add possibility to manage ssh's known_hosts file.

---
 pillar.example |  5 +++++
 users/init.sls | 30 ++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/pillar.example b/pillar.example
index 2413aaa..ec48037 100644
--- a/pillar.example
+++ b/pillar.example
@@ -59,6 +59,11 @@ users:
     ssh_auth_sources:
       - salt://keys/buser.id_rsa.pub
     # Manage the ~/.ssh/config file
+    ssh_known_hosts:
+      importanthost:
+        fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
+    ssh_known_hosts.absent:
+      - notimportanthost
     ssh_config:
       all:
         hostname: "*"
diff --git a/users/init.sls b/users/init.sls
index a50f13a..b3145e0 100644
--- a/users/init.sls
+++ b/users/init.sls
@@ -274,6 +274,36 @@ users_ssh_config_{{ name }}:
         {% endfor -%}
 {% endif %}
 
+{% if 'ssh_known_hosts' in user %}
+{% for hostname, host in user['ssh_known_hosts'].items() %}
+users_ssh_known_hosts_{{ name }}_{{ loop.index0 }}:
+  ssh_known_hosts.present:
+    - user: {{ name }}
+    - name: {{ hostname }}
+    {% if 'port' in host %}
+    - port: {{ host['port'] }}
+    {% endif -%}
+    {% if 'fingerprint' in host %}
+    - fingerprint: {{ host['fingerprint'] }}
+    {% endif -%}
+    {% if 'key' in host %}
+    - key: {{ host['key'] }}
+    {% endif -%}
+    {% if 'enc' in host %}
+    - enc: {{ host['enc'] }}
+    {% endif -%}
+{% endfor %}
+{% endif %}
+
+{% if 'ssh_known_hosts.absent' in user %}
+{% for host in user['ssh_known_hosts.absent'] %}
+users_ssh_known_hosts_delete_{{ name }}_{{ loop.index0 }}:
+  ssh_known_hosts.absent:
+    - user: {{ name }}
+    - name: {{ host }}
+{% endfor %}
+{% endif %}
+
 {% if 'sudouser' in user and user['sudouser'] %}
 
 users_sudoer-{{ name }}: