puppetlabs-accounts icon indicating copy to clipboard operation
puppetlabs-accounts copied to clipboard

Newly added SSH key is not deployed if managehome attribute is set to false

Open nanowinner opened this issue 3 years ago • 1 comments

Describe the Bug

Adding another ssh key under a user who already has one, after already having deployed the first one successfully, does not detect the new keys if managehome: false.

Expected Behavior

Each of the keys defined for a user

accounts::user_list:
  admin:
    managehome: false
    sshkeys:
      - &joe_sshkey 'ssh-rsa AAA[...]dn1 comment'
      - &shmoe_sshkey 'ssh-rsa AAA[...]cn2 another comment'

to be deployed to the user's ~/.ssh/authorized_keys regardless of other attributes. Multiple keys deployed successfully.

Steps to Reproduce

Steps to reproduce the behavior:

  1. Paste mod 'puppetlabs-accounts', '7.3.0' and mod 'puppetlabs-stdlib', '8.2.0' into <root_of_project>/Puppetfile
  2. Go to <root_of_project>/data/nodes/server01.yaml
  3. Paste in the following configuration:
---
accounts::user_list:
  admin:
    comment: "42"
    managehome: false
    ignore_password_if_empty: true
    password: ''
    sshkeys:
      - &joe_sshkey 'ssh-rsa AAA[...]dn1 comment'
  1. Go to <root_of_project>/manifests/server01.pp
  2. Ensure it contains include ::accounts
node 'server01' {
  class { 'foo': }                 # use foo module
  include ::accounts
}
  1. Deploy with r10k
  2. Run puppet agent -tv on server01
  3. Observe how joe_sshkey is added to ~/.ssh/authorized_keys
  4. Go back to <root_of_project>/data/nodes/server01.yaml and add a new key under the same user's sshkeys:
- &shmoe_sshkey 'ssh-rsa AAA[...]cn2 another comment'

Final contets of <root_of_project>/data/nodes/server01.yaml:

---
accounts::user_list:
  admin:
    comment: "42"
    managehome: false
    ignore_password_if_empty: true
    password: ''
    sshkeys:
      - &joe_sshkey 'ssh-rsa AAA[...]dn1 comment'
      - &shmoe_sshkey 'ssh-rsa AAA[...]cn2 another comment'
  1. Deploy with r10k
  2. Run puppet agent -tv on server01
  3. Observe that no mention of shmoe_sshkey is made, which leaves it absent.

Environment

  • Puppet version 6.28.0
  • puppetlabs-accounts version 7.3.0
  • puppetlabs-stdlib version 8.2.0

Additional Context

Contents of <root_of_project>/hiera.yaml:

---
version: 5
defaults:
  datadir: data
  data_hash: yaml_data
hierarchy:
  - name: "Per-node data (yaml version)"
    path: "nodes/%{::trusted.certname}.yaml"
  - name: "Per-OS defaults"
    path: "os/%{facts.os.family}.yaml"
  - name: "Other YAML hierarchy levels"
    path: "common.yaml"

Contents of ~/.ssh/authorized_keys on serverf01:

# HEADER: This file was autogenerated at 2022-10-26 16:26:59 +0200
# HEADER: by puppet.  While it can still be managed manually, it
# HEADER: is definitely not recommended.
ssh-rsa AAA[...]dn1 admin_ssh-rsa_comment

The same appears to be the case when we avoid Hiera altogether and define the sshkeys ONLY in <root_of_project>/manifests/server01.pp:

node 'server01' {
  include ::accounts
  class { 'foo': }                 # use foo module
  accounts::user { 'admin':
    comment => 'Testing from pp file',
    managehome => false,
    ignore_password_if_empty => true,
    password => '',
    sshkeys => [
      'ssh-rsa ssh-rsa AAA[...]dn1 comment',
      'ssh-rsa AAA[...]cn2 another comment',
    ],
  }
}

nanowinner avatar Oct 27 '22 15:10 nanowinner

Hi @nanowinner, thanks for reporting this issue and sorry for the long delay in reply. We are aware of this error and have added it to our backlog. However, we don't have any estimates on when will we be able to address it.

Our codebase, however, is open-source, so we always encourage our community members to participate and send us PRs that they think might improve our modules.

LukasAud avatar Mar 29 '23 11:03 LukasAud