On Jun 15, 2012, at 8:19 AM, Nan Liu wrote: > To support purging, the puppet type need to to be able to query all > instances of the resource. In this case because ssh_authorized_keys > can write to different file locations, it does not have the ability to > detect all ssh keys that exists on the system and therefor it will not > have the ability to purge. In some cases, this is a limitation of the > provider which does not implement self.instances (for example this was > the case for a long time for mysql database type), but in this case I > don't believe it will ever support it.
Nan, this should be easy to do. Yes, there is a forest of authorized key files on the host, for any given authorized_keys file you have a known list of what keys should be there. I know for a fact it knows about the other keys in the file, since it sometimes logs very weird error messages about them if the key's comment matches another user's name. http://projects.puppetlabs.com/issues/14809#change-64568 Since it reads in the authorized_keys file, and knows about the other keys, it should be trivial to allow a purge=>true which removes any key not defined in the manifest. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
