Merge pull request #8 from xrobau/patch-1

Document 'options' param of ssh_authorized_key

2 files changed, 22 insertions, 2 deletions

diff --git a/REFERENCE.md b/REFERENCE.md
index b72e9ee..6f80106 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -92,7 +92,17 @@ Default value: absent
 ##### `options`
 
 Key options; see sshd(8) for possible values. Multiple values
-should be specified as an array.
+should be specified as an array. For example, you could use the
+following to install a SSH CA that allows someone with the
+'superuser' principal to log in as root
+
+    ssh_authorized_key { 'Company SSH CA':
+      ensure  => present,
+      user    => 'root',
+      type    => 'ssh-ed25519',
+      key     => 'AAAAC3NzaC[...]CeA5kG',
+      options => [ 'cert-authority', 'principals="superuser"' ],
+    }
 
 #### Parameters
 
diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb
index e11134f..a36c069 100644
--- a/lib/puppet/type/ssh_authorized_key.rb
+++ b/lib/puppet/type/ssh_authorized_key.rb
@@ -107,7 +107,17 @@ module Puppet
 
     newproperty(:options, array_matching: :all) do
       desc "Key options; see sshd(8) for possible values. Multiple values
-        should be specified as an array."
+        should be specified as an array. For example, you could use the
+        following to install a SSH CA that allows someone with the
+        'superuser' principal to log in as root
+
+             ssh_authorized_key { 'Company SSH CA':
+               ensure  => present,
+               user    => 'root',
+               type    => 'ssh-ed25519',
+               key     => 'AAAAC3NzaC[...]CeA5kG',
+               options => [ 'cert-authority', 'principals=\"superuser\"' ],
+             }"
 
       defaultto { :absent }