From 47dca14a37f9970f9c34b1210651eabaf46fba04 Mon Sep 17 00:00:00 2001
From: Rob Thomas <xrobau@gmail.com>
Date: Mon, 8 Oct 2018 12:03:59 +1000
Subject: Document 'options' param of ssh_authorized_key

I ended up having to trawl through the source code to figure out how to do this, so
I'm sure that someone ELSE would like to save their time by having it documented!
---
 REFERENCE.md | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/REFERENCE.md b/REFERENCE.md
index b72e9ee..6f80106 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -92,7 +92,17 @@ Default value: absent
 ##### `options`
 
 Key options; see sshd(8) for possible values. Multiple values
-should be specified as an array.
+should be specified as an array. For example, you could use the
+following to install a SSH CA that allows someone with the
+'superuser' principal to log in as root
+
+    ssh_authorized_key { 'Company SSH CA':
+      ensure  => present,
+      user    => 'root',
+      type    => 'ssh-ed25519',
+      key     => 'AAAAC3NzaC[...]CeA5kG',
+      options => [ 'cert-authority', 'principals="superuser"' ],
+    }
 
 #### Parameters
 
-- 
cgit v1.2.3


From 3afa57bc96807a72ceb55d0c493d7cc80a11226b Mon Sep 17 00:00:00 2001
From: Rob Thomas <xrobau@gmail.com>
Date: Sun, 14 Oct 2018 20:27:25 -0300
Subject: Update desc field

---
 lib/puppet/type/ssh_authorized_key.rb | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/puppet/type/ssh_authorized_key.rb b/lib/puppet/type/ssh_authorized_key.rb
index 5c4df53..4eff840 100644
--- a/lib/puppet/type/ssh_authorized_key.rb
+++ b/lib/puppet/type/ssh_authorized_key.rb
@@ -107,7 +107,17 @@ module Puppet
 
     newproperty(:options, array_matching: :all) do
       desc "Key options; see sshd(8) for possible values. Multiple values
-        should be specified as an array."
+        should be specified as an array. For example, you could use the
+        following to install a SSH CA that allows someone with the
+        'superuser' principal to log in as root
+
+             ssh_authorized_key { 'Company SSH CA':
+               ensure  => present,
+               user    => 'root',
+               type    => 'ssh-ed25519',
+               key     => 'AAAAC3NzaC[...]CeA5kG',
+               options => [ 'cert-authority', 'principals=\"superuser\"' ],
+             }"
 
       defaultto { :absent }
 
-- 
cgit v1.2.3