On 16.06.2012 02:42, Jo Rhett wrote:
On Jun 15, 2012, at 8:19 AM, Nan Liu wrote:
To support purging, the puppet type need to to be able to query all
instances of the resource. In this case because ssh_authorized_keys
can write to different file locations, it does not have the ability to
detect all ssh keys that exists on the system and therefor it will not
have the ability to purge. In some cases, this is a limitation of the
provider which does not implement self.instances (for example this was
the case for a long time for mysql database type), but in this case I
don't believe it will ever support it.
Nan, this should be easy to do. Yes, there is a forest of authorized key
files on the host, for any given authorized_keys file you have a known
list of what keys should be there. I know for a fact it knows about the
other keys in the file, since it sometimes logs very weird error
messages about them if the key's comment matches another user's name.
http://projects.puppetlabs.com/issues/14809#change-64568
Since it reads in the authorized_keys file, and knows about the other
keys, it should be trivial to allow a purge=>true which removes any key
not defined in the manifest.
There's an issue for that:
http://projects.puppetlabs.com/issues/1581
Best Regards, David
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
