Issue #1644 has been updated by ctrlaltdel. Status changed from Needs design decision to Duplicate
rgsteele wrote: > For one, the resource title is used as the comment (and, I see no obvious way > to change that). So, if I wanted to use something unique such as the key > itself as the resource title, I'd end up with two separate copies of the key > on the same line - once for the key, and again for the comment. > Additionally, there is no way to add the same key to multiple files, unless I > start coming up with creative naming schemes like "jsmith_rootkey_somehost", > "jsmith_jsmithkey_somehost", "jsmith_jsmithkey_someotherhost", etc. It seems > that a workaround like that is just a band-aid for a very limited mechanism. I agree but this point is definitely a duplicate of bug #1531. > In my opinion, the proper design would be to have ONE ssh_authorized_key > resource per user, and that you should be able to provide an array for both > the "target" and "key" attributes. This way, all the user's specified keys > would be added to all the specified authorized_keys file for the host in > question. In it's current state, ssh_authorized_keys offers me only a > fraction of the functionality needed to satisfy what I believe are normal use > cases. I cannot agree on this one, it is IMHO necessary to be able to manage each key independently. If you want to manage the authorized_key file as a single resource, why not use the file type ? ---------------------------------------- Refactor #1644: ssh_authorized_keys needs to be completely refactored http://projects.reductivelabs.com/issues/show/1644 Author: rgsteele Status: Duplicate Priority: Normal Assigned to: ctrlaltdel Category: ssh Target version: unplanned The current implementation of ssh_authorized_keys seems to me to have several glaring design flaws. Take, for example, this following sample use case, as demonstrated by bartc from the IRC channel on Freenode: $ cat test.pp #!/usr/bin/env puppet ssh_authorized_key { "test": user => "bart", key => "foo", type => "ssh-rsa"; "bla": user => "bart", key => "bla", type => "ssh-rsa"; } $ ./test.pp notice: //Ssh_authorized_key[test]/ensure: created notice: //Ssh_authorized_key[bla]/ensure: created $ tail -2 /home/bart/.ssh/authorized_keys ssh-rsa foo test ssh-rsa bla bla For one, the resource title is used as the comment (and, I see no obvious way to change that). So, if I wanted to use something unique such as the key itself as the resource title, I'd end up with two separate copies of the key on the same line - once for the key, and again for the comment. Additionally, there is no way to add the same key to multiple files, unless I start coming up with creative naming schemes like "jsmith_rootkey_somehost", "jsmith_jsmithkey_somehost", "jsmith_jsmithkey_someotherhost", etc. It seems that a workaround like that is just a band-aid for a very limited mechanism. In my opinion, the proper design would be to have ONE ssh_authorized_key resource per user, and that you should be able to provide an array for both the "target" and "key" attributes. This way, all the user's specified keys would be added to all the specified authorized_keys file for the host in question. In it's current state, ssh_authorized_keys offers me only a fraction of the functionality needed to satisfy what I believe are normal use cases. ---------------------------------------- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
