heat_template_version: pike
description: 'SSH Known Hosts Config'

parameters:
  known_hosts:
    type: string

resources:

  SSHKnownHostsConfig:
    type: OS::Heat::SoftwareConfig
    properties:
      group: script
      config:
        str_replace:
          params:
            KNOWN_HOSTS: {get_param: known_hosts}
          template: |
            #!/bin/bash
            set -eux
            set -o pipefail

            echo "Creating ssh known hosts file"

            if [ -d /etc/ssh/ssh_known_hosts ]; then
                rm -rf /etc/ssh/ssh_known_hosts
            fi
            cat <<EOF | grep -v '^$' >/etc/ssh/ssh_known_hosts
            KNOWN_HOSTS
            EOF
            if [ ! -s /etc/ssh/ssh_known_hosts ]; then
              echo "No known hosts"
              rm -f /etc/ssh/ssh_known_hosts
            else
              echo "$(cat /etc/ssh/ssh_known_hosts | wc -l) known hosts"
              chmod 0644 /etc/ssh/ssh_known_hosts
            fi

outputs:
  OS::stack_id:
    description: The SSHKnownHostsConfig resource.
    value: {get_resource: SSHKnownHostsConfig}