Issue #8986 has been updated by Kelsey Hightower.
After reviewing the code further, it appears `ssh_authorized_key` requires that a user be available on the system before trying to manage a ssh_authorized_key resource. The very act of setting the target to a location not writable by the user specified within the ssh_authorized_key block it what is causing the issue. Based on the way this resource type is defined, there are some unclear assumptions being made, one of them is that the target **must** be a location that is writable by the specified user, preferably the default: `$HOME/.ssh/authorized_keys` location. While exposed, the target parameter is more of a convenience, only there to allow adjusting small variations to this assumption. Possible solutions include: * update the documentation to add clarity around the above assumptions and limitations * Refactor: remove the requirement that a user exist and treat the target like any other file resource: set the owner, group, and mode as required. ---------------------------------------- Bug #8986: ssh_authorized_key not setting user permissions in the proper manner. https://projects.puppetlabs.com/issues/8986 Author: Trevor Vaughan Status: Unreviewed Priority: Normal Assignee: Category: Target version: Affected Puppet version: 2.7.3rc1 Keywords: Branch: In the olden days, ssh_authorized_key, when provided with the 'user' option, would simply set the ownership of the key to that user. This worked as I expected. Now, the ssh_authorized_key type appears to try to write the file *as* the user. This is incorrect since you may, or may not, be writing the key to somewhere that the user is allowed write access. To work around this problem, you need to declare a file statement for every ssh_authorized_key statement which is cumbersome. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
