Issue #1581 has been updated by eric sorenson.
I had a long plane trip and spent some time poking at this -- would love to hear from any of the watchers if this sounds right to you: It's easy to say if the current key is the only one that should be installed for a user, purge the rest. But a user should be able to have multiple keys, meaning we need to search for other ssh_authorized_keys resources with the same `:user` attribute as the current one, and delete any that aren't managed. And I think that means every key for a user will end up doing that for the other keys, which is kind of crappy. Another approach might be to use the `resources` resource to purge _all_ unmanaged ssh keys at once. To implement this, `ssh_authorized_key` needs to implement the `instances` method, which enumerates all the ssh keys for all users on the system. Then the resources purge matches those up against the ones in the catalog and deletes any that don't line up. This could be problematic too, in two ways: 1. some of the requests suggest that only unmanaged keys for users who have _at least one_ managed key ought to be purged (i.e. users with no keys under puppet's control should be left alone); to implement `instances` it seems I'd need to enumerate every local user on the system which seems at odds with that requirement. 2. ssh_authorized_key uses the comment field in each ssh key as the `namevar`, which must be globally unique but I am not confident about making clean round-trips with the regexp parsing code. ---------------------------------------- Feature #1581: Ability to purge .ssh/authorized_keys https://projects.puppetlabs.com/issues/1581#change-75164 Author: Lars Volker Status: Accepted Priority: Normal Assignee: eric sorenson Category: ssh Target version: Affected Puppet version: 0.24.4 Keywords: Branch: As I'm new to puppet i'll try to describe this as good as i can. I wanted to use the ssh_authorized_key type to add keys to ssh. After a discussion on irc i was suggested to use virtual resources and realize each key for each class needed. This worked well for me. However i am not able to purge all other keys from the authorized_keys file without either specifying the comment or by copying an empty file there before adding the keys, which causes the system to lock up until the update is done. I tried using resources{} type, but as ssh_authorized_key doesn't support "self.instances" this was also of no success. The feature i'd like to have is an implementation of "instances" so resources{} works for authorized_keys. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
