Age | Commit message (Collapse) | Author |
|
Using module https://github.com/ghoneycutt/puppet-module-ssh to export
and collect sshkey resources from nodes, an 'already declared' error
appears.
This happened because when the catalog is first converted to resouces,
the sshkey resource is added via
https://github.com/puppetlabs/puppet/blob/main/lib/puppet/resource/catalog.rb#L137,
where 'resource.ref'(https://github.com/puppetlabs/puppet/blob/main/lib/puppet/type.rb#L2548)
uses 'self.title'.
Since self.title goes to the title method defined in type.rb, it will
return a different title than the title method from
https://github.com/puppetlabs/puppetlabs-sshkeys_core/blob/main/lib/puppet/provider/sshkey/parsed.rb#L31.
This mismatch try to add both resource, resulting in the 'already
declared' error.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
`purge_ssh_keys` behavior will change with the next Puppet release
(6.16.0). This commit updates the tests to reflect the updated behavior.
See https://github.com/puppetlabs/puppet/pull/8157.
|
|
(PUP-10510) Fix sshkeys not being correctly purged
|
|
After adding support for composite namevars in version 2.0.0, the module
lost the ability to purge sshkeys. This happens due to Puppet being
unable to correctly match the names and types of the sshkeys to be
purged.
Part of the fix was done in
https://github.com/puppetlabs/puppet/pull/8174, which changes how a
resource is initialized if the provider implements a `title` method.
Additionally, we add the key name and type to be included in the output
shown by `puppet resource`.
|
|
Two new SSH key types were added on OpenSSH 8.2:
sk-ecdsa-sha2-nistp256@openssh.com(alias ecdsa-sk) and
sk-ssh-ed25519@openssh.com(alias ed25519-sk)
|
|
After this modification it will be possible to add two or more keys
of different types for the same host
|
|
|
|
Previously, when the `target` property was set, the ssh_authorized_key
resource could not create directories/files within root-owned paths.
This behavior is due to the module switching context to the user, then
attempting to create the directory/file as the specified user,
ultimately failing because of insufficient permissions.
This commit adds a new parameter, `drop_privileges` which when set to
false allows the module to write a ssh_authorized_key file in a
privileged path. Due to the possible security implications of this,
the parameter must be manually specified in order to activate this
functionality.
A path is considered to be privileged/trusted if all of its ancestors:
- do not contain any symlinks
- have the same owner as the user who runs Puppet
- are not world/group writable
|
|
|
|
|
|
|
|
In Puppet4, the Report class requires a kind argument. Also the is_to_s
and should_to_s methods returned an array of strings and a flattened
array as a string. That behavior was changed in PUP-7616 (commit
c14b28f9c427) so that both methods return a string as the name
implies.
|
|
|
|
Since these tests require both the User & Ssh_authorized_keys types are
available, they are unlikely to be run as part of the Puppet test suite as
this module is unlikely to be installed & available to Puppet's test
suite. By moving the tests into this module, we can ensure that they're at
least run as part of development of the module.
|
|
* Install module on all hosts, not just those with the default role
* Remove dead comment
|
|
Since PUP-1605 was closed as "Won't Do", there doesn't seem to be much
reason in keeping around an acceptance test (even if it is a pending one)
that tests the scenario that PUP-1605 would have allowed.
|
|
|
|
|
|
|
|
Turns out that using `caller(n..n).first` is _significantly_ faster than
`caller[n]`.
|
|
|
|
|
|
SSH keys are long, and splitting them into multiple lines can be
error-prone, so we'll just disable the Metrics/LineLength check for lines
that are SSH keys.
|
|
There isn't really a clean way to disable FileBucket backups without
stubbing any_instance in these cases.
|
|
|
|
|
|
The "array host_alias" test was never actually testing against a list of
host aliases, as it was using the exact same code as the "single
host_alias" test. We now test against an actual array of host aliases in
the manifest, and check that it is properly written out to the file.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Imported from dbf5a8964af9b87446542d24f46534cf90f11f59 in the Puppet repo.
|