Issue #1531 has been updated by rgsteele.
After several conversations, Francois and I have agreed that having 'user' and 'target' accept arrays is the right move. However, the ParsedFile provider does not support modifying multiple files. I spoke with Luke about this, who advised that ParsedFile#prefetch needs to be modified so that it doesn't assume only one resource per record. Essentially, we need to have that method gather a list of target symbols, and pass that list to self.class.prefetch (instead of the single :name symbol for a lone resource as it does now), which already has support for multiple targets. We'll probably (maybe?) also have to mess with ParsedFile#flush to accommodate this change. It's a bit over my head right now as I'm still learning Ruby, but that should get us most of the way there. ---------------------------------------- Bug #1531: ssh_authorized_keys should not use the key 'comment' as a unique identifier (name) http://projects.reductivelabs.com/issues/show/1531 Author: PaulBoven Status: Accepted Priority: Normal Assigned to: ctrlaltdel Category: Target version: Complexity: Unknown Affected version: 0.24.4 Keywords: Currently the ssh authorized keys provider uses the 'comment' section from an SSH public key as the 'name'. However, this implies that these comment strings must be unique, while SSH itself imposes no such restriction: in fact, it often happens that users generate both an RSA and a DSA key, which by default will have the same comment. A better 'name' for a key would perhaps be its fingerprint. There is a very small chance of collisions, but using the comment as 'name' is certain to generate collisions (for me it already has). Otherwise, the key-string itself should perhaps be the 'name' as this is certainly unique. If a user just changes the 'name' of the key in the Puppet manifest, then the other problem is that Puppet (only looking at the 'name', not the contents of the key) fails to realize that a key is already in place so you end up with duplicates. The current implementation doesn't really manage authorized_keys, it only manages the comment section and has no knowledge of the actual key. Using the key fingerprint would require Puppet to be able to actually extract the fingerprint from the key and would be a non-trivial change. ---------------------------------------- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
