summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2014-05-27 14:06:39 -0400
committerMicah Anderson <micah@leap.se>2014-05-27 14:06:39 -0400
commit3290e4b6c0655616c1a4374595af3a2eb95c85d8 (patch)
tree3f5b63562e0e17f1ff30f1e7ccdf07daad5fb512
parent1585d3694c6c021a11f8363290a57261f5ee4c2b (diff)
clarify comments in site_sshd::authorized_keys
Change-Id: I679dfe8dff90b7c86ab0ffff43e13958f1ec2c99
-rw-r--r--puppet/modules/site_sshd/manifests/authorized_keys.pp16
1 files changed, 13 insertions, 3 deletions
diff --git a/puppet/modules/site_sshd/manifests/authorized_keys.pp b/puppet/modules/site_sshd/manifests/authorized_keys.pp
index f36fe20f..90a33d8d 100644
--- a/puppet/modules/site_sshd/manifests/authorized_keys.pp
+++ b/puppet/modules/site_sshd/manifests/authorized_keys.pp
@@ -1,7 +1,17 @@
define site_sshd::authorized_keys ($keys, $ensure = 'present', $home = '') {
- # We use a custom define here to deploy the authorized_keys file
- # cause puppet doesn't allow purgin before populating this file
- # (see https://tickets.puppetlabs.com/browse/PUP-1174)
+ # We want to purge unmanaged keys from the authorized_keys file so that only
+ # keys added in the provider are valid. Any manually added keys will be
+ # overridden.
+ #
+ # In order to do this, we have to use a custom define to deploy the
+ # authorized_keys file because puppet's internal resource doesn't allow
+ # purging before populating this file.
+ #
+ # See the following for more information:
+ # https://tickets.puppetlabs.com/browse/PUP-1174
+ # https://leap.se/code/issues/2990
+ # https://leap.se/code/issues/3010
+ #
# This line allows default homedir based on $title variable.
# If $home is empty, the default is used.
$homedir = $home ? {'' => "/home/${title}", default => $home}