| Age | Commit message (Collapse) | Author |
|---|
|
Using module https://github.com/ghoneycutt/puppet-module-ssh to export
and collect sshkey resources from nodes, an 'already declared' error
appears.
This happened because when the catalog is first converted to resouces,
the sshkey resource is added via
https://github.com/puppetlabs/puppet/blob/main/lib/puppet/resource/catalog.rb#L137,
where 'resource.ref'(https://github.com/puppetlabs/puppet/blob/main/lib/puppet/type.rb#L2548)
uses 'self.title'.
Since self.title goes to the title method defined in type.rb, it will
return a different title than the title method from
https://github.com/puppetlabs/puppetlabs-sshkeys_core/blob/main/lib/puppet/provider/sshkey/parsed.rb#L31.
This mismatch try to add both resource, resulting in the 'already
declared' error.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(PUP-10510) Fix sshkeys not being correctly purged
|
|
After adding support for composite namevars in version 2.0.0, the module
lost the ability to purge sshkeys. This happens due to Puppet being
unable to correctly match the names and types of the sshkeys to be
purged.
Part of the fix was done in
https://github.com/puppetlabs/puppet/pull/8174, which changes how a
resource is initialized if the provider implements a `title` method.
Additionally, we add the key name and type to be included in the output
shown by `puppet resource`.
|
|
Two new SSH key types were added on OpenSSH 8.2:
sk-ecdsa-sha2-nistp256@openssh.com(alias ecdsa-sk) and
sk-ssh-ed25519@openssh.com(alias ed25519-sk)
|
|
After this modification it will be possible to add two or more keys
of different types for the same host
|
|
Previously, when the `target` property was set, the ssh_authorized_key
resource could not create directories/files within root-owned paths.
This behavior is due to the module switching context to the user, then
attempting to create the directory/file as the specified user,
ultimately failing because of insufficient permissions.
This commit adds a new parameter, `drop_privileges` which when set to
false allows the module to write a ssh_authorized_key file in a
privileged path. Due to the possible security implications of this,
the parameter must be manually specified in order to activate this
functionality.
A path is considered to be privileged/trusted if all of its ancestors:
- do not contain any symlinks
- have the same owner as the user who runs Puppet
- are not world/group writable
|
|
Document 'options' param of ssh_authorized_key
|
|
Prior to this, the example of a valid "options" value for the
ssh_authorized_key type was syntactically incorrect; it did not include
the closing single quote.
Example of incorrect error message:
```
Error: Parameter options failed on Ssh_authorized_key[testkey]: Option from=foo.com is not valid. A single option must either be of the form 'option' or 'option="value". Multiple options must be provided as an array (file: /tmp/test.pp, line: 5)
```
After this, the error shows the correct syntax for specifying an option:
```
Error: Parameter options failed on Ssh_authorized_key[testkey]: Option from=foo.com is not valid. A single option must either be of the form 'option' or 'option="value"'. Multiple options must be provided as an array (file: /tmp/test.pp, line: 5)
```
|
|
|
|
|
|
By restructuring this code to use a guard clause style, we can also get
rid of the assignment in conditional.
|
|
|
|
|
|
Imported from dbf5a8964af9b87446542d24f46534cf90f11f59 in the Puppet repo.
|
