Add template for SSH CA known hosts file

adamlazik1 · adamlazik1 · commit 4d5a801ae1a6 · 2026-01-06T10:59:03.000+01:00
diff --git a/manifests/plugin/remote_execution/script.pp b/manifests/plugin/remote_execution/script.pp
@@ -95,16 +95,14 @@
   }
 
   if $ssh_host_ca_public_keys_file {
-    $ca_keys_content = file($ssh_host_ca_public_keys_file)
-    $ca_keys_lines = split($ca_keys_content, "\n").filter |$line| { $line =~ /\S/ }
-    $ca_known_hosts_content = $ca_keys_lines.map |$line| { "@cert-authority * ${line}" }.join("\n")
+    $ca_keys = split(file($ssh_host_ca_public_keys_file), "\n")
 
     file { $ssh_ca_known_hosts_file:
       ensure  => file,
       owner   => $foreman_proxy::user,
       group   => $foreman_proxy::group,
       mode    => '0600',
-      content => "${ca_known_hosts_content}\n",
+      content => epp('foreman_proxy/plugin/ssh_ca_known_hosts.epp', { 'ca_keys' => $ca_keys }),
     }
   } else {
     file { $ssh_ca_known_hosts_file:
diff --git a/templates/plugin/ssh_ca_known_hosts.epp b/templates/plugin/ssh_ca_known_hosts.epp
@@ -0,0 +1,4 @@
+<%- | Array[String] $ca_keys | -%>
+<%- $ca_keys.filter |$line| { $line =~ /\S/ }.each |$line| { -%>
+@cert-authority * <%= $line %>
+<%- } -%>
