clarify comments in site_sshd::authorized_keys

Change-Id: I679dfe8dff90b7c86ab0ffff43e13958f1ec2c99

1 files changed, 13 insertions, 3 deletions

diff --git a/puppet/modules/site_sshd/manifests/authorized_keys.pp b/puppet/modules/site_sshd/manifests/authorized_keys.pp
index f36fe20f..90a33d8d 100644
--- a/puppet/modules/site_sshd/manifests/authorized_keys.pp
+++ b/puppet/modules/site_sshd/manifests/authorized_keys.pp
@@ -1,7 +1,17 @@
 define site_sshd::authorized_keys ($keys, $ensure = 'present', $home = '') {
-  # We use a custom define here to deploy the authorized_keys file
-  # cause puppet doesn't allow purgin before populating this file
-  # (see https://tickets.puppetlabs.com/browse/PUP-1174)
+  # We want to purge unmanaged keys from the authorized_keys file so that only
+  # keys added in the provider are valid. Any manually added keys will be
+  # overridden.
+  #
+  # In order to do this, we have to use a custom define to deploy the
+  # authorized_keys file because puppet's internal resource doesn't allow
+  # purging before populating this file.
+  #
+  # See the following for more information:
+  # https://tickets.puppetlabs.com/browse/PUP-1174
+  # https://leap.se/code/issues/2990
+  # https://leap.se/code/issues/3010
+  #
   # This line allows default homedir based on $title variable.
   # If $home is empty, the default is used.
   $homedir = $home ? {'' => "/home/${title}", default => $home}