Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-11131

Puppet type 'user' does not honor 'purge_ssh_keys: false'

    XMLWordPrintable

    Details

    • Template:
      PUP Bug Template
    • Method Found:
      Needs Assessment
    • Community Contributors:
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Puppet no longer emits a warning if the "purge_ssh_keys" parameter for the "user" type is set to false (the default) and the "sshkeys_core" module is not installed.
    • QA Risk Assessment:
      Needs Assessment

      Description

      It seems that the type user does not honor setting purge_ssh_keys => false correctly.

      puppet language:

      user { "myuser":
        ensure => present,
        [...]
        purge_ssh_keys => false,
      }
      

      leads to the following warning:

      /Stage[main]/Mymodule/Mymodule::Mydefinedtype[myuser]/User[myuser] (warning): Ssh_authorized_key type is not available. Cannot purge SSH keys.
      

      Diving into the code, this seems logical: https://github.com/puppetlabs/puppet/blob/main/lib/puppet/type/user.rb#L698

      self[:purge_ssh_keys] may take values :true, :false and ["string1", "string2"], but

      irb(main):001:0> foo = :false
      irb(main):002:0> foo.empty?
      => false
      irb(main):003:1* if !foo.empty?
      irb(main):004:1*   puts "something wrong here"
      irb(main):005:0> end
      something wrong here
      => nil
      

      I'd recommend the following patch to fix this:

      --- /opt/puppetlabs/puppet/lib64/ruby/vendor_ruby/puppet/type/user.rb	2021-06-29 14:56:58.756944173 +0200
      +++ /tmp/user.rb	2021-06-29 14:56:35.920004027 +0200
      @@ -695,7 +695,7 @@
           end
       
           def generate
      -      if !self[:purge_ssh_keys].empty?
      +      if !self[:purge_ssh_keys].empty? && !(self[:purge_ssh_keys] == :false)
               return [] if self[:ensure] == :present && !provider.exists? 
               if Puppet::Type.type(:ssh_authorized_key).nil?
                 warning _("Ssh_authorized_key type is not available. Cannot purge SSH keys.")
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            chb Christoph Bihler
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support