[Puppet - Feature #1581] Ability to purge .ssh/authorized_keys

[tickets]

Issue #1581 has been updated by Joshua Hoblitt.


I agree with Garrett that ssh_authorized_keys and user should not be tightly 
coupled.  As an example from my site, I typically don't declare a resource for 
the root user but I do install ssh keys into that account.

I very much want to only purge unmanaged ssh keys for select user accounts 
(user in the sense of system account, not puppet resource). Justin's suggested 
syntax looks good to me.  The gotcha is if you have conflicting purge values 
for ssh_authorized_key types that apply to the same user account.  Eg.

    ssh_authorized_key { 'bob100':
      key => '...', 
      type => 'ssh-rsa',
      user => 'bob',
      purge => true,
    }
    ssh_authorized_key { 'bob200':
      key => '...',
      type => 'ssh-dss',
      user => bob'
      purge => false,
    }

And how would this work if some of the ssh_authorized_key resources were 
virtual with conflicting purge values?

----------------------------------------
Feature #1581: Ability to purge .ssh/authorized_keys
https://projects.puppetlabs.com/issues/1581#change-75178

Author: Lars Volker
Status: Accepted
Priority: Normal
Assignee: eric sorenson
Category: ssh
Target version: 
Affected Puppet version: 0.24.4
Keywords: 
Branch: 


As I'm new to puppet i'll try to describe this as good as i can.

I wanted to use the ssh_authorized_key type to add keys to ssh. After a 
discussion on irc i was suggested to use virtual resources and realize each key 
for each class needed. This worked well for me.

However i am not able to purge all other keys from the authorized_keys file 
without either specifying the comment or by copying an empty file there before 
adding the keys, which causes the system to lock up until the update is done.

I tried using resources{} type, but as ssh_authorized_key doesn't support 
"self.instances" this was also of no success.

The feature i'd like to have is an implementation of "instances" so resources{} 
works for authorized_keys.


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to puppet-bugs@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-bugs+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.