Issue #1644 has been updated by ctrlaltdel.
timcharper wrote:
> I was getting an error here. Even though the title was unique
> ("timcharper-timcharper_key" and "deploy-timcharper_key"), it was failing
> because the name was not unique "[EMAIL PROTECTED]". A bit surprising!
The name attribute of all resources of a given type must always be unique in
puppet. This is not specific to this type. However, we can debate about whether
the comment should be used as name (see Bug #1531).
----------------------------------------
Refactor #1644: ssh_authorized_keys needs to be completely refactored
http://projects.reductivelabs.com/issues/show/1644
Author: rgsteele
Status: Duplicate
Priority: Normal
Assigned to: ctrlaltdel
Category: ssh
Target version: unplanned
Affected version: 0.24.6
The current implementation of ssh_authorized_keys seems to me to have several
glaring design flaws. Take, for example, this following sample use case, as
demonstrated by bartc from the IRC channel on Freenode:
$ cat test.pp
#!/usr/bin/env puppet
ssh_authorized_key {
"test":
user => "bart",
key => "foo",
type => "ssh-rsa";
"bla":
user => "bart",
key => "bla",
type => "ssh-rsa";
}
$ ./test.pp
notice: //Ssh_authorized_key[test]/ensure: created
notice: //Ssh_authorized_key[bla]/ensure: created
$ tail -2 /home/bart/.ssh/authorized_keys
ssh-rsa foo test
ssh-rsa bla bla
For one, the resource title is used as the comment (and, I see no obvious way
to change that). So, if I wanted to use something unique such as the key
itself as the resource title, I'd end up with two separate copies of the key on
the same line - once for the key, and again for the comment. Additionally,
there is no way to add the same key to multiple files, unless I start coming up
with creative naming schemes like "jsmith_rootkey_somehost",
"jsmith_jsmithkey_somehost", "jsmith_jsmithkey_someotherhost", etc. It seems
that a workaround like that is just a band-aid for a very limited mechanism.
In my opinion, the proper design would be to have ONE ssh_authorized_key
resource per user, and that you should be able to provide an array for both the
"target" and "key" attributes. This way, all the user's specified keys would
be added to all the specified authorized_keys file for the host in question.
In it's current state, ssh_authorized_keys offers me only a fraction of the
functionality needed to satisfy what I believe are normal use cases.
----------------------------------------
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://reductivelabs.com/redmine/my/account
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
