Age | Commit message (Collapse) | Author |
|
After adding support for composite namevars in version 2.0.0, the module
lost the ability to purge sshkeys. This happens due to Puppet being
unable to correctly match the names and types of the sshkeys to be
purged.
Part of the fix was done in
https://github.com/puppetlabs/puppet/pull/8174, which changes how a
resource is initialized if the provider implements a `title` method.
Additionally, we add the key name and type to be included in the output
shown by `puppet resource`.
|
|
After this modification it will be possible to add two or more keys
of different types for the same host
|
|
Previously, when the `target` property was set, the ssh_authorized_key
resource could not create directories/files within root-owned paths.
This behavior is due to the module switching context to the user, then
attempting to create the directory/file as the specified user,
ultimately failing because of insufficient permissions.
This commit adds a new parameter, `drop_privileges` which when set to
false allows the module to write a ssh_authorized_key file in a
privileged path. Due to the possible security implications of this,
the parameter must be manually specified in order to activate this
functionality.
A path is considered to be privileged/trusted if all of its ancestors:
- do not contain any symlinks
- have the same owner as the user who runs Puppet
- are not world/group writable
|
|
|
|
|
|
Since PUP-1605 was closed as "Won't Do", there doesn't seem to be much
reason in keeping around an acceptance test (even if it is a pending one)
that tests the scenario that PUP-1605 would have allowed.
|
|
|
|
|
|
|
|
|
|
Imported from dbf5a8964af9b87446542d24f46534cf90f11f59 in the Puppet repo.
|