puppet-sec-lint 0.1.1 → 0.5.3

data/docs/_config.yml

@@ -0,0 +1,41 @@
+# Welcome to Jekyll!
+#
+# This config file is meant for settings that affect your whole blog, values
+# which you are expected to set up once and rarely edit after that. If you find
+# yourself editing this file very often, consider using Jekyll's data files
+# feature for the data you need to update frequently.
+#
+# For technical reasons, this file is *NOT* reloaded automatically when you use
+# 'bundle exec jekyll serve'. If you change this file, please restart the server process.
+
+# Site settings
+# These are used to personalize your new site. If you look in the HTML files,
+# you will see them accessed via {{ site.title }}, {{ site.email }}, and so on.
+# You can create any custom variable you would like, and they will be accessible
+# in the templates via {{ site.myvariable }}.
+title: Puppet Securtiy Linter
+email: tiago7b27@gmail.com
+description: >- # this means to ignore newlines until "baseurl:"
+  Scurity focused linter to detect and help solve vulnearbilities found on Puppet Infrastructure-as-code scripts
+baseurl: "" # the subpath of your site, e.g. /blog
+url: "" # the base hostname & protocol for your site, e.g. http://example.com
+twitter_username: jekyllrb
+github_username:  jekyll
+
+# Build settings
+markdown: kramdown
+theme: jekyll-theme-hacker
+plugins:
+  - jekyll-feed
+
+# Exclude from processing.
+# The following items will not be processed, by default. Create a custom list
+# to override the default setting.
+# exclude:
+#   - Gemfile
+#   - Gemfile.lock
+#   - node_modules
+#   - vendor/bundle/
+#   - vendor/cache/
+#   - vendor/gems/
+#   - vendor/ruby/

data/docs/_posts/2021-05-03-welcome-to-jekyll.markdown

@@ -0,0 +1,25 @@
+---
+layout: post
+title:  "Welcome to Jekyll!"
+date:   2021-05-03 21:09:12 +0100
+categories: jekyll update
+---
+You’ll find this post in your `_posts` directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different ways, but the most common way is to run `jekyll serve`, which launches a web server and auto-regenerates your site when a file is updated.
+
+To add new posts, simply add a file in the `_posts` directory that follows the convention `YYYY-MM-DD-name-of-post.ext` and includes the necessary front matter. Take a look at the source for this post to get an idea about how it works.
+
+Jekyll also offers powerful support for code snippets:
+
+{% highlight ruby %}
+def print_hi(name)
+  puts "Hi, #{name}"
+end
+print_hi('Tom')
+#=> prints 'Hi, Tom' to STDOUT.
+{% endhighlight %}
+
+Check out the [Jekyll docs][jekyll-docs] for more info on how to get the most out of Jekyll. File all bugs/feature requests at [Jekyll’s GitHub repo][jekyll-gh]. If you have questions, you can ask them on [Jekyll Talk][jekyll-talk].
+
+[jekyll-docs]: https://jekyllrb.com/docs/home
+[jekyll-gh]:   https://github.com/jekyll/jekyll
+[jekyll-talk]: https://talk.jekyllrb.com/

data/docs/_site/404.html

@@ -0,0 +1,71 @@
+<!DOCTYPE html>
+<html lang="en-US">
+  <head>
+    <meta charset='utf-8'>
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link rel="stylesheet" href="/assets/css/style.css?v=451ab93a01ea7ba9ec933d2a6c0ad3f1555b70e0">
+
+<!-- Begin Jekyll SEO tag v2.7.1 -->
+<title>Puppet Securtiy Linter | Scurity focused linter to detect and help solve vulnearbilities found on Puppet Infrastructure-as-code scripts</title>
+<meta name="generator" content="Jekyll v3.9.0" />
+<meta property="og:title" content="Puppet Securtiy Linter" />
+<meta property="og:locale" content="en_US" />
+<meta name="description" content="Scurity focused linter to detect and help solve vulnearbilities found on Puppet Infrastructure-as-code scripts" />
+<meta property="og:description" content="Scurity focused linter to detect and help solve vulnearbilities found on Puppet Infrastructure-as-code scripts" />
+<link rel="canonical" href="http://localhost:4000/404.html" />
+<meta property="og:url" content="http://localhost:4000/404.html" />
+<meta property="og:site_name" content="Puppet Securtiy Linter" />
+<meta name="twitter:card" content="summary" />
+<meta property="twitter:title" content="Puppet Securtiy Linter" />
+<script type="application/ld+json">
+{"@type":"WebPage","headline":"Puppet Securtiy Linter","description":"Scurity focused linter to detect and help solve vulnearbilities found on Puppet Infrastructure-as-code scripts","url":"http://localhost:4000/404.html","@context":"https://schema.org"}</script>
+<!-- End Jekyll SEO tag -->
+
+  </head>
+
+  <body>
+
+    <header>
+      <div class="container">
+        <a id="a-title" href="/">
+          <h1>Puppet Securtiy Linter</h1>
+        </a>
+        <h2>Scurity focused linter to detect and help solve vulnearbilities found on Puppet Infrastructure-as-code scripts</h2>
+
+        <section id="downloads">
+          
+          <a href="https://github.com/TiagoR98/puppet-sec-lint" class="btn btn-github"><span class="icon"></span>View on GitHub</a>
+        </section>
+      </div>
+    </header>
+
+    <div class="container">
+      <section id="main_content">
+        <style type="text/css" media="screen">
+  .container {
+    margin: 10px auto;
+    max-width: 600px;
+    text-align: center;
+  }
+  h1 {
+    margin: 30px 0;
+    font-size: 4em;
+    line-height: 1;
+    letter-spacing: -1px;
+  }
+</style>
+
+<div class="container">
+  <h1>404</h1>
+
+  <p><strong>Page not found :(</strong></p>
+  <p>The requested page could not be found.</p>
+</div>
+
+      </section>
+    </div>
+
+    
+  </body>
+</html>

data/docs/_site/feed.xml

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" ><generator uri="https://jekyllrb.com/" version="3.9.0">Jekyll</generator><link href="http://localhost:4000/feed.xml" rel="self" type="application/atom+xml" /><link href="http://localhost:4000/" rel="alternate" type="text/html" /><updated>2021-05-03T22:26:18+01:00</updated><id>http://localhost:4000/feed.xml</id><title type="html">Puppet Securtiy Linter</title><subtitle>Scurity focused linter to detect and help solve vulnearbilities found on Puppet Infrastructure-as-code scripts</subtitle><entry><title type="html">Welcome to Jekyll!</title><link href="http://localhost:4000/jekyll/update/2021/05/03/welcome-to-jekyll.html" rel="alternate" type="text/html" title="Welcome to Jekyll!" /><published>2021-05-03T21:09:12+01:00</published><updated>2021-05-03T21:09:12+01:00</updated><id>http://localhost:4000/jekyll/update/2021/05/03/welcome-to-jekyll</id><content type="html" xml:base="http://localhost:4000/jekyll/update/2021/05/03/welcome-to-jekyll.html">&lt;p&gt;You’ll find this post in your &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;_posts&lt;/code&gt; directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different ways, but the most common way is to run &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;jekyll serve&lt;/code&gt;, which launches a web server and auto-regenerates your site when a file is updated.&lt;/p&gt;
+
+&lt;p&gt;To add new posts, simply add a file in the &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;_posts&lt;/code&gt; directory that follows the convention &lt;code class=&quot;language-plaintext highlighter-rouge&quot;&gt;YYYY-MM-DD-name-of-post.ext&lt;/code&gt; and includes the necessary front matter. Take a look at the source for this post to get an idea about how it works.&lt;/p&gt;
+
+&lt;p&gt;Jekyll also offers powerful support for code snippets:&lt;/p&gt;
+
+&lt;figure class=&quot;highlight&quot;&gt;&lt;pre&gt;&lt;code class=&quot;language-ruby&quot; data-lang=&quot;ruby&quot;&gt;&lt;span class=&quot;k&quot;&gt;def&lt;/span&gt; &lt;span class=&quot;nf&quot;&gt;print_hi&lt;/span&gt;&lt;span class=&quot;p&quot;&gt;(&lt;/span&gt;&lt;span class=&quot;nb&quot;&gt;name&lt;/span&gt;&lt;span class=&quot;p&quot;&gt;)&lt;/span&gt;
+  &lt;span class=&quot;nb&quot;&gt;puts&lt;/span&gt; &lt;span class=&quot;s2&quot;&gt;&quot;Hi, &lt;/span&gt;&lt;span class=&quot;si&quot;&gt;#{&lt;/span&gt;&lt;span class=&quot;nb&quot;&gt;name&lt;/span&gt;&lt;span class=&quot;si&quot;&gt;}&lt;/span&gt;&lt;span class=&quot;s2&quot;&gt;&quot;&lt;/span&gt;
+&lt;span class=&quot;k&quot;&gt;end&lt;/span&gt;
+&lt;span class=&quot;n&quot;&gt;print_hi&lt;/span&gt;&lt;span class=&quot;p&quot;&gt;(&lt;/span&gt;&lt;span class=&quot;s1&quot;&gt;'Tom'&lt;/span&gt;&lt;span class=&quot;p&quot;&gt;)&lt;/span&gt;
+&lt;span class=&quot;c1&quot;&gt;#=&amp;gt; prints 'Hi, Tom' to STDOUT.&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/figure&gt;
+
+&lt;p&gt;Check out the &lt;a href=&quot;https://jekyllrb.com/docs/home&quot;&gt;Jekyll docs&lt;/a&gt; for more info on how to get the most out of Jekyll. File all bugs/feature requests at &lt;a href=&quot;https://github.com/jekyll/jekyll&quot;&gt;Jekyll’s GitHub repo&lt;/a&gt;. If you have questions, you can ask them on &lt;a href=&quot;https://talk.jekyllrb.com/&quot;&gt;Jekyll Talk&lt;/a&gt;.&lt;/p&gt;</content><author><name></name></author><category term="jekyll" /><category term="update" /><summary type="html">You’ll find this post in your _posts directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different ways, but the most common way is to run jekyll serve, which launches a web server and auto-regenerates your site when a file is updated.</summary></entry></feed>

data/docs/_site/index.html

@@ -0,0 +1 @@
+

data/docs/_site/jekyll/update/2021/05/03/welcome-to-jekyll.html

@@ -0,0 +1,77 @@
+<!DOCTYPE html>
+<html lang="en-US">
+  <head>
+    <meta charset='utf-8'>
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link rel="stylesheet" href="/assets/css/style.css?v=451ab93a01ea7ba9ec933d2a6c0ad3f1555b70e0">
+
+<!-- Begin Jekyll SEO tag v2.7.1 -->
+<title>Welcome to Jekyll! | Puppet Securtiy Linter</title>
+<meta name="generator" content="Jekyll v3.9.0" />
+<meta property="og:title" content="Welcome to Jekyll!" />
+<meta property="og:locale" content="en_US" />
+<meta name="description" content="You’ll find this post in your _posts directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different ways, but the most common way is to run jekyll serve, which launches a web server and auto-regenerates your site when a file is updated." />
+<meta property="og:description" content="You’ll find this post in your _posts directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different ways, but the most common way is to run jekyll serve, which launches a web server and auto-regenerates your site when a file is updated." />
+<link rel="canonical" href="http://localhost:4000/jekyll/update/2021/05/03/welcome-to-jekyll.html" />
+<meta property="og:url" content="http://localhost:4000/jekyll/update/2021/05/03/welcome-to-jekyll.html" />
+<meta property="og:site_name" content="Puppet Securtiy Linter" />
+<meta property="og:type" content="article" />
+<meta property="article:published_time" content="2021-05-03T21:09:12+01:00" />
+<meta name="twitter:card" content="summary" />
+<meta property="twitter:title" content="Welcome to Jekyll!" />
+<script type="application/ld+json">
+{"@type":"BlogPosting","mainEntityOfPage":{"@type":"WebPage","@id":"http://localhost:4000/jekyll/update/2021/05/03/welcome-to-jekyll.html"},"headline":"Welcome to Jekyll!","dateModified":"2021-05-03T21:09:12+01:00","datePublished":"2021-05-03T21:09:12+01:00","description":"You’ll find this post in your _posts directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different ways, but the most common way is to run jekyll serve, which launches a web server and auto-regenerates your site when a file is updated.","url":"http://localhost:4000/jekyll/update/2021/05/03/welcome-to-jekyll.html","@context":"https://schema.org"}</script>
+<!-- End Jekyll SEO tag -->
+
+  </head>
+
+  <body>
+
+    <header>
+      <div class="container">
+        <a id="a-title" href="/">
+          <h1>Puppet Securtiy Linter</h1>
+        </a>
+        <h2>Scurity focused linter to detect and help solve vulnearbilities found on Puppet Infrastructure-as-code scripts</h2>
+
+        <section id="downloads">
+          
+          <a href="https://github.com/TiagoR98/puppet-sec-lint" class="btn btn-github"><span class="icon"></span>View on GitHub</a>
+        </section>
+      </div>
+    </header>
+
+    <div class="container">
+      <section id="main_content">
+        <small>3 May 2021</small>
+<h1>Welcome to Jekyll!</h1>
+
+<p class="view">by </p>
+
+<p>You’ll find this post in your <code class="language-plaintext highlighter-rouge">_posts</code> directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different ways, but the most common way is to run <code class="language-plaintext highlighter-rouge">jekyll serve</code>, which launches a web server and auto-regenerates your site when a file is updated.</p>
+
+<p>To add new posts, simply add a file in the <code class="language-plaintext highlighter-rouge">_posts</code> directory that follows the convention <code class="language-plaintext highlighter-rouge">YYYY-MM-DD-name-of-post.ext</code> and includes the necessary front matter. Take a look at the source for this post to get an idea about how it works.</p>
+
+<p>Jekyll also offers powerful support for code snippets:</p>
+
+<figure class="highlight"><pre><code class="language-ruby" data-lang="ruby"><span class="k">def</span> <span class="nf">print_hi</span><span class="p">(</span><span class="nb">name</span><span class="p">)</span>
+  <span class="nb">puts</span> <span class="s2">"Hi, </span><span class="si">#{</span><span class="nb">name</span><span class="si">}</span><span class="s2">"</span>
+<span class="k">end</span>
+<span class="n">print_hi</span><span class="p">(</span><span class="s1">'Tom'</span><span class="p">)</span>
+<span class="c1">#=&gt; prints 'Hi, Tom' to STDOUT.</span></code></pre></figure>
+
+<p>Check out the <a href="https://jekyllrb.com/docs/home">Jekyll docs</a> for more info on how to get the most out of Jekyll. File all bugs/feature requests at <a href="https://github.com/jekyll/jekyll">Jekyll’s GitHub repo</a>. If you have questions, you can ask them on <a href="https://talk.jekyllrb.com/">Jekyll Talk</a>.</p>
+
+
+
+
+  <small>tags: <em></em></small>
+
+
+      </section>
+    </div>
+
+    
+  </body>
+</html>

data/docs/hard-coded-credentials.md

@@ -0,0 +1,17 @@
+---
+title: Hard Coded Credentials
+permalink: /hard-coded-credentials/
+---
+
+# Hard Coded Credentials
+
+Writing sensitive credentials on puppet scripts  can expose them to malicious actors who can obtain access to these files.
+
+## Example
+
+```puppet
+class example::service (
+    $username = "user1",
+    $passsword = "amind1234"
+  ) 
+```

data/docs/index.md

@@ -0,0 +1,6 @@
+---
+# Feel free to add content and custom Front Matter to this file.
+# To modify the layout, see https://jekyllrb.com/docs/themes/#overriding-theme-defaults
+
+layout: home
+---

data/exe/puppet-sec-lint

@@ -2,34 +2,100 @@
 
 require_relative '../lib/rule_engine'
 require 'json'
+require 'launchy'
 require 'optparse'
 require 'optparse/uri'
+require_relative '../lib/puppet-sec-lint/version'
 require_relative '../lib/visitors/configuration_visitor'
 require_relative '../lib/facades/configuration_file_facade'
-require_relative '../lib/language_server'
+
+#get free port
+loop do
+  $port = rand(3000..9999)
+  break if (Socket.tcp('localhost', port, connect_timeout: 5) { false } rescue true)
+end
+
+conf_page_url = "http://localhost:#{$port}/configuration"
 
 options = {}
+@success = true
+
+def analyze_file(file_path)
+  File.open(file_path, 'rb:UTF-8') do |f|
+    puts "Analyzing the file #{File.basename(file_path)}...\n\n"
+
+    code = f.read
+    result = RuleEngine.analyzeDocument(code)
+
+    result.each do |sin|
+      puts sin.ToString
+      @success = false
+    end
+
+    puts "\nFound #{result.length} vulnerabilities in the puppet code.\n"
+  end
+end
+
 OptionParser.new do |opts|
-  opts.banner = "Usage: puppet-sec-lint [options]"
+  opts.banner = "Usage: puppet-sec-lint [file or directory] [options]"
+
+  opts.on("-c", "--configurations", "Open the linter rules configurations page on a browser") do |v|
+    options[:configurations] = v
+  end
 
-  opts.on("-f", "--file FILE",URI, "Path of puppet file to be analyzed") do |file|
-    options[:file] = file
+  opts.on("-p", "--port=PORT", "TCP Port open for socket communication with the language server (Default:5007)") do |port|
+    options[:port] = port
   end
 end.parse!
 
-if options[:file].nil?
-  LanguageServer
-end
+puts '___  _  _ ___  ___  ____ ___    ____ ____ ____ _  _ ____ _ ___ _   _    _    _ _  _ ___ ____ ____ '
+puts '|__] |  | |__] |__] |___  |     [__  |___ |    |  | |__/ |  |   \_/     |    | |\ |  |  |___ |__/ '
+puts '|    |__| |    |    |___  |     ___] |___ |___ |__| |  \ |  |    |      |___ | | \|  |  |___ |  \ '
+
+puts "\n"
+
+puts "Release v#{PuppetSecLint::VERSION}       #{PuppetSecLint::AUTHOR}      #{PuppetSecLint::YEAR}"
 
-ConfigurationVisitor.GenerateIDs
-ConfigurationFileFacade.LoadConfigurations
+puts "\n"
 
-File.open(options[:file].to_s, 'rb:UTF-8') do |f|
-  code = f.read
+if not ARGV[0].nil?
+  if File.file?(ARGV[0].to_s) && File.extname(ARGV[0].to_s) == '.pp'
+    analyze_file(ARGV[0].to_s)
+  elsif File.directory?(ARGV[0].to_s)
+    Dir.chdir(ARGV[0].to_s)
+    files = Dir.glob("**/*.pp").map {|f| File.join(Dir.pwd,f) }
+
+    files.each do |file_path|
+      analyze_file(file_path)
+      puts "\n"
+    end
+  else
+    raise "#{ARGV[0].to_s} is neither a valid directory or puppet file"
+  end
+end
 
-  result = RuleEngine.analyzeDocument(code)
+if ARGV[0].nil? || options[:configurations]
+  linter_server = Thread.new {
+    require_relative '../lib/servers/linter_server'
+    LinterServer.start($port)
+  }
+  language_server = Thread.new {
+    require_relative '../lib/servers/language_server'
+    LanguageServer.start(options[:port])
+    }
 
-  result.each do |sin|
-    puts sin.ToString
+  if options[:configurations]
+    puts "\nLaunching configurations page at #{conf_page_url}...\n\n"
+    Launchy.open(conf_page_url)
+  else
+    puts "\nLinter configurations page available at #{conf_page_url}\n\n"
+    puts "-----------------------------------------------------------------------"
   end
-end
+
+  linter_server.join
+  language_server.exit
+end
+
+exit(@success)
+
+

data/file.pp

@@ -0,0 +1,77 @@
+# the following code addresses the bug: https://bugs.launchpad.net/keystone/+bug/1472285 .
+
+class consul_template::service (
+    $pass                   = lols(3),
+    $aijoijooiumihhn_password = 'pe-puppet'
+    $admin       = 'ceisssesrelometer',
+    $aijoijooiumihhn_password = '(adiyu(guygmin',
+  ) {
+  exec { 'network-restart':
+    command        => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM release-runner key',
+    path           => '/usr/bin:/usr/sbin:/bin:/sbin',
+    refreshonly    => true,
+    vmware_md5     => 'LOL',
+    autho          => 'MDi09i09i5',
+    cmd            => 'virsh secret-define --file ${secret_xml} && virsh secret-set-value --secret ${rbd_secret_uuid} --base64 $(ceph auth get-key client.${user})',
+    $auth_uri      => 'http://127.0.0.1:5000',
+    address => '0.0.0.0',
+    user = 'admin',
+    password       => '',
+  }
+  case $::osfamily {
+    'RedHat': {
+    exec { 'upload-img':
+      command => "/usr/bin/glance -N ${os_auth_url} -T ${os_tenant_name} -I ${os_username} -K ${os_password} add name=${img_name} is_public=${public} container_format=${container_format} disk_format=${disk_format} distro=${os_name} < /opt/vm/cirros-x86_64-disk.img",
+      unless => "/usr/bin/glance -N ${os_auth_url} -T ${os_tenant_name} -I ${os_username} -K ${os_password} index && (/usr/bin/glance -N ${os_auth_url} -T ${os_tenant_name} -I ${os_username} -K ${os_password} index | grep ${img_name})",
+
+      }
+    }
+    'Debian': {
+    exec { 'upload-img':
+      command => "/usr/bin/glance -N ${os_auth_url} -T ${os_tenant_name} -I ${os_username} -K ${os_password} add name=${img_name} is_public=${public} container_format=${container_format} disk_format=${disk_format} distro=${os_name} < /usr/share/cirros-testvm/cirros-x86_64-disk.img",
+      unless => "/usr/bin/glance -N ${os_auth_url} -T ${os_tenant_name} -I ${os_username} -K ${os_password} index && (/usr/bin/glance -N ${os_auth_url} -T ${os_tenant_name} -I ${os_username} -K ${os_password} index | grep ${img_name})",
+      key => "E8CC67053ED3B199",
+      key_content => '-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+mQENBE/oXVkBCACcjAcV7lRGskECEHovgZ6a2robpBroQBW+tJds7B+qn/DslOAN
+1hm0UuGQsi8pNzHDE29FMO3yOhmkenDd1V/T6tHNXqhHvf55nL6anlzwMmq3syIS
+uqVjeMMXbZ4d+Rh0K/rI4TyRbUiI2DDLP+6wYeh1pTPwrleHm5FXBMDbU/OZ5vKZ
+67j99GaARYxHp8W/be8KRSoV9wU1WXr4+GA6K7ENe2A8PT+jH79Sr4kF4uKC3VxD
+BF5Z0yaLqr+1V2pHU3AfmybOCmoPYviOqpwj3FQ2PhtObLs+hq7zCviDTX2IxHBb
+Q3mGsD8wS9uyZcHN77maAzZlL5G794DEr1NLABEBAAG0NU9wZW5TdGFja0BDaXNj
+byBBUFQgcmVwbyA8b3BlbnN0YWNrLWJ1aWxkZEBjaXNjby5jb20+iQE4BBMBAgAi
+BQJP6F1ZAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDozGcFPtOxmXcK
+B/9WvQrBwxmIMV2M+VMBhQqtipvJeDX2Uv34Ytpsg2jldl0TS8XheGlUNZ5djxDy
+u3X0hKwRLeOppV09GVO3wGizNCV1EJjqQbCMkq6VSJjD1B/6Tg+3M/XmNaKHK3Op
+zSi+35OQ6xXc38DUOrigaCZUU40nGQeYUMRYzI+d3pPlNd0+nLndrE4rNNFB91dM
+BTeoyQMWd6tpTwz5MAi+I11tCIQAPCSG1qR52R3bog/0PlJzilxjkdShl1Cj0RmX
+7bHIMD66uC1FKCpbRaiPR8XmTPLv29ZTk1ABBzoynZyFDfliRwQi6TS20TuEj+ZH
+xq/T6MM6+rpdBVz62ek6/KBcuQENBE/oXVkBCACgzyyGvvHLx7g/Rpys1WdevYMH
+THBS24RMaDHqg7H7xe0fFzmiblWjV8V4Yy+heLLV5nTYBQLS43MFvFbnFvB3ygDI
+IdVjLVDXcPfcp+Np2PE8cJuDEE4seGU26UoJ2pPK/IHbnmGWYwXJBbik9YepD61c
+NJ5XMzMYI5z9/YNupeJoy8/8uxdxI/B66PL9QN8wKBk5js2OX8TtEjmEZSrZrIuM
+rVVXRU/1m732lhIyVVws4StRkpG+D15Dp98yDGjbCRREzZPeKHpvO/Uhn23hVyHe
+PIc+bu1mXMQ+N/3UjXtfUg27hmmgBDAjxUeSb1moFpeqLys2AAY+yXiHDv57ABEB
+AAGJAR8EGAECAAkFAk/oXVkCGwwACgkQ6MxnBT7TsZng+AgAnFogD90f3ByTVlNp
+Sb+HHd/cPqZ83RB9XUxRRnkIQmOozUjw8nq8I8eTT4t0Sa8G9q1fl14tXIJ9szzz
+BUIYyda/RYZszL9rHhucSfFIkpnp7ddfE9NDlnZUvavnnyRsWpIZa6hJq8hQEp92
+IQBF6R7wOws0A0oUmME25Rzam9qVbywOh9ZQvzYPpFaEmmjpCRDxJLB1DYu8lnC4
+h1jP1GXFUIQDbcznrR2MQDy5fNt678HcIqMwVp2CJz/2jrZlbSKfMckdpbiWNns/
+xKyLYs5m34d4a0it6wsMem3YCefSYBjyLGSd/kCI/CgOdGN1ZY1HSdLmmjiDkQPQ
+UcXHbA==
+=v6jg
+-----END PGP PUBLIC KEY BLOCK-----',
+
+      }
+    }
+  }
+  file { '/var/lib/gerrit/.ssh/id_rsa' :
+    owner   => 'gerrit',
+    group   => 'gerrit',
+    mode    => '0600',
+    content => $ssh_replication_rsa_key_contents,
+    replace => true,
+    require => File['/var/lib/gerrit/.ssh']
+  }
+}