Hi Ryan,
You're correct, let's move that discussion into the mailing-list instead
of chatting in the tickets.
In #1644 you wrote:
> In my opinion, the proper design would be to have ONE ssh_authorized_key
> resource per user, and that you should be able to provide an array for both
> the "target" and "key" attributes. This way, all the user's specified keys
> would be added to all the specified authorized_keys file for the host in
> question. In it's current state, ssh_authorized_keys offers me only a
> fraction of the functionality needed to satisfy what I believe are normal use
> cases.
I cannot really agree on that point in your design because we'll lose
granularity. It won't be possible any more to install keys for a given
user in different parts of a recipe.
IMHO native types in Puppet really have to provide the maximum
granularity possible to be able to solve as many use cases as possible.
I'm still convinced that the right way to fix this issue without losing
granularity is to allows constructs like follows.
ssh_authorized_key{"foo":
ensure => present,
key => "AAA..",
type => "rsa",
user => "root"
}
ssh_authorized_key{"foo":
ensure => present,
key => "BBB..",
type => "dsa",
user => "root"
}
In ticket #1531:
The documentation is maybe not clear enough but usually you only have to
set the user attribute and leave the target out. The target is only used
to "force" a specific key file, when sshd looks for keys in a
non-standard location for example.
About the idea of using the key itself, a hash or the fingerprint as
namevar instead of the comment, I don't see it solving this issue if we
want to keep separate resources for each line in each authorized_keys file.
It's nice to see people using this code and lead to some constructive
discussion.
François
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
