[MediaWiki-commits] [Gerrit] admin: clean up removed/revoked SSH keys - change (operations/puppet)

Thu, 28 May 2015 07:27:53 -0700 

Faidon Liambotis has submitted this change and it was merged.

Change subject: admin: clean up removed/revoked SSH keys
......................................................................


admin: clean up removed/revoked SSH keys

This removes the ssh::userkey definition with an empty content for users
with no SSH keys defined. The output of join() may or may not be undef
and if it is, the included File will just ignore the file's content
instead of setting it to ''.

This ensures that those stale SSH authorized keys will be removed, as
/etc/ssh/userkeys is recursively managed and purged.

Change-Id: I1ae4712e26c88395ac3315e5fd932ae3843a317e
---
M modules/admin/manifests/user.pp
1 file changed, 6 insertions(+), 5 deletions(-)

Approvals:
  Faidon Liambotis: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/admin/manifests/user.pp b/modules/admin/manifests/user.pp
index 19362fb..310d8f1 100644
--- a/modules/admin/manifests/user.pp
+++ b/modules/admin/manifests/user.pp
@@ -82,7 +82,6 @@
             owner        => $name,
             group        => $gid,
             force        => true,
-            tag          => 'user-home',
             require      => User[$name],
         }
     }
@@ -91,10 +90,12 @@
         fail("${name} is not a valid ssh_keys array: ${ssh_keys}")
     }
 
-    ssh::userkey { $name:
-        ensure  => $ensure,
-        content => join($ssh_keys, "\n"),
-        tag     => 'user-ssh',
+    # recursively-managed, automatically purged
+    if !empty($ssh_keys) {
+        ssh::userkey { $name:
+            ensure  => $ensure,
+            content => join($ssh_keys, "\n"),
+        }
     }
 
     if !empty($privileges) {

-- 
To view, visit https://gerrit.wikimedia.org/r/214343
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I1ae4712e26c88395ac3315e5fd932ae3843a317e
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to