Issue #14855 has been reported by Ken Johnson. ---------------------------------------- Feature #14855: ssh_authorized_keys type should maybe have a less destructive failure mode https://projects.puppetlabs.com/issues/14855
Author: Ken Johnson Status: Unreviewed Priority: Normal Assignee: Category: Target version: Affected Puppet version: 2.7.12 Keywords: Branch: Currently if the authorized keys file cannot be parsed during a Puppet run, the file is destroyed and a new one is created containing only managed keys. This poses a problem if the file also contains unmanaged keys, and for at least one of our users has been an issue. They suggested that rather than stomping on the file and regenerating it, it might be better to throw an error and take no action. Steps to replicate the undesirable behavior: *Create a manifest with an authorized key resource, apply it. File will generate with the managed key. *Edit the authorized keys file to add an unmanaged key. Successful Puppet runs will leave the key in place. *Edit the authorized keys file in a way that will cause a misparse (in current versions a blank line between keys will do so). A Puppet run will result in the file being regenerated and only managed keys will be present. Given the importance of the authorized keys file a more desirable behavior would probably be to have a misparse result in an error being thrown without the file being regenerated with a possibly incomplete set of keys. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
