Jira (PUP-9989) Bug with attributes "purge_ssh_keys" in resource type "user"

4 views
Skip to first unread message

Maheswaran Shanmugam (JIRA)

unread,
Aug 27, 2019, 11:01:04 PM8/27/19
to puppe...@googlegroups.com
Maheswaran Shanmugam created an issue
 
Puppet / Improvement PUP-9989
Bug with attributes "purge_ssh_keys" in resource type "user"
Issue Type: Improvement Improvement
Assignee: Unassigned
Created: 2019/08/27 8:00 PM
Environment:

Test is conducted on PE 2018.1.8 & PE 2018.1.0
Priority: Normal Normal
Reporter: Maheswaran Shanmugam

Issue:

By default, attribute ```purge_ssh_keys => true``` in resource type ```user``` should look for keys in the .ssh/authorized_keys file in the user’s home directory and Purge any keys that aren’t managed as ssh_authorized_key resources.

However, then one copy of that key (manually added many keys) is removed. Run puppet again, another copy is removed.

Recreation Steps:

1) puppet code

ssh_authorized_key

{ 'henry': ensure => present, user => 'henry', type => 'ssh-rsa', key => 'a1akCIARg5rKE2zxEfztF9Cgh2u2WnWzUvDRCsHQ+E2SmsEEBuxJ8RpPafjG/GxO2247JWGvKzO4zpAtFO7G4WowFU0qmyGCfNyJzPLJd7OSBJC58ooY6G6Lp94P1w9z+7/gM8MkJ6d4W6M9uJL9JCL2aKRmuHAbl0URLwsXq846I7zfix5qXowduRzZTWNBQm3K+iGsASpexG2i/eWuaZGmPxeGxq+t6OtiasRjg9oWInak0+63Uzjj0pDZ1uBlS9EbxaBk+suZQ10qYxoh3dPnuqqEEr83S7GMEKBDZjzkTstIplMXZkhYBJB93rAngbM+JvNb', }

user

{ 'henry': ensure => present, home => '/home/henry', managehome => true, purge_ssh_keys => true, }

2) Add multiple lines in ```/home/henry/.ssh/authorized_keys```

```

  1. HEADER: This file was autogenerated at 2019-08-27 19:50:56 -0700
  2. HEADER: by puppet. While it can still be managed manually, it
  3. HEADER: is definitely not recommended.
    ssh-rsa a1akCIARg5rKE2zxEfztF9Cgh2u2WnWzUvDRCsHQ+E2SmsEEBuxJ8RpPafjG/GxO2247JWGvKzO4zpAtFO7G4WowFU0qmyGCfNyJzPLJd7OSBJC58ooY6G6Lp94P1w9z+7/gM8MkJ6d4W6M9uJL9JCL2aKRmuHAbl0URLwsXq846I7zfix5qXowduRzZTWNBQm3K+iGsASpexG2i/eWuaZGmPxeGxq+t6OtiasRjg9oWInak0+63Uzjj0pDZ1uBlS9EbxaBk+suZQ10qYxoh3dPnuqqEEr83S7GMEKBDZjzkTstIplMXZkhYBJB93rAngbM+JvNb henry
    ssh-rsa NEWXYZJWGvKzO4zpAtFO7G4WowFU0qmyGCfNyJzPLJd7OSBJC58ooY6G6Lp94P1w9z+7/gM8MkJ6d4W6M9uJL9JCL2aKRmuHAbl0URLwsXq846I7zfix5qXowduRzZTWNBQm3K+iGsASpexG2i/eWuaZGmPxeGxq+t6OtiasRjg9oWInak0+63Uzjj0pDZ1uBlS9EbxaBk+suZQ10qYxoh3dPnuqqEEr83S7GMEKBDZjzkTstIplMXZkhYBJB93rAngbM+JvNb henry
    ssh-rsa NEWXYZJWGvKzO4zpAtFO7G4WowFU0qmyGCfNyJzPLJd7OSBJC58ooY6G6Lp94P1w9z+7/gM8MkJ6d4W6M9uJL9JCL2aKRmuHAbl0URLwsXq846I7zfix5qXowduRzZTWNBQm3K+iGsASpexG2i/eWuaZGmPxeGxq+t6OtiasRjg9oWInak0+63Uzjj0pDZ1uBlS9EbxaBk+suZQ10qYxoh3dPnuqqEEr83S7GMEKBDZjzkTstIplMXZkhYBJB93rAngbM+JvNb henry
    ssh-rsa a1akCIARg5rKE2zxEfztF9Cgh2u2WnWzUvDRCsHQ+E2SmsEEBuxJ8RpPafjG/GxO2247JWGvKzO4zpAtFO7G4WowFU0qmyGCfNyJzPLJd7OSBJC58ooY6G6Lp94P1w9z+7/gM8MkJ6d4W6M9uJL9JCL2aKRmuHAbl0URLwsXq846I7zfix5qXowduRzZTWNBQm3K+iGsASpexG2i/eWuaZGmPxeGxq+t6OtiasRjg9oWInak0+63Uzjj0pDZ1uBlS9EbxaBk+suZQ10qYxoh3dPnuqqEEr83S7GMEKBDZjzkTstIplMXZkhYBJB93rAngbM+JvNb henry
    ssh-rsa NEWXYZJWGvKzO4zpAtFO7G4WowFU0qmyGCfNyJzPLJd7OSBJC58ooY6G6Lp94P1w9z+7/gM8MkJ6d4W6M9uJL9JCL2aKRmuHAbl0URLwsXq846I7zfix5qXowduRzZTWNBQm3K+iGsASpexG2i/eWuaZGmPxeGxq+t6OtiasRjg9oWInak0+63Uzjj0pDZ1uBlS9EbxaBk+suZQ10qYxoh3dPnuqqEEr83S7GMEKBDZjzkTstIplMXZkhYBJB93rAngbM+JvNb localhost
    ssh-rsa NEWXYZJWGvKzO4zpAtFO7G4WowFU0qmyGCfNyJzPLJd7OSBJC58ooY6G6Lp94P1w9z+7/gM8MkJ6d4W6M9uJL9JCL2aKRmuHAbl0URLwsXq846I7zfix5qXowduRzZTWNBQm3K+iGsASpexG2i/eWuaZGmPxeGxq+t6OtiasRjg9oWInak0+63Uzjj0pDZ1uBlS9EbxaBk+suZQ10qYxoh3dPnuqqEEr83S7GMEKBDZjzkTstIplMXZkhYBJB93rAngbM+JvNb localhost
    ```

3) Run puppet agent -t

```
[root@pe-201818-agent-01 code]# puppet apply test.pp
Notice: Compiled catalog for pe-201818-agent-01.puppetdebug.vlan in environment production in 0.03 seconds
Notice: /Stage[main]/Main/Ssh_authorized_key[localhost]/ensure: removed
Notice: Applied catalog in 0.03 seconds
```
4) Output shows only last entry is removed.

[root@pe-201818-agent-01 code]# cat /home/henry/.ssh/authorized_keys

  1. HEADER: This file was autogenerated at 2019-08-27 19:54:04 -0700
  2. HEADER: by puppet. While it can still be managed manually, it
  3. HEADER: is definitely not recommended.
    ssh-rsa a1akCIARg5rKE2zxEfztF9Cgh2u2WnWzUvDRCsHQ+E2SmsEEBuxJ8RpPafjG/GxO2247JWGvKzO4zpAtFO7G4WowFU0qmyGCfNyJzPLJd7OSBJC58ooY6G6Lp94P1w9z+7/gM8MkJ6d4W6M9uJL9JCL2aKRmuHAbl0URLwsXq846I7zfix5qXowduRzZTWNBQm3K+iGsASpexG2i/eWuaZGmPxeGxq+t6OtiasRjg9oWInak0+63Uzjj0pDZ1uBlS9EbxaBk+suZQ10qYxoh3dPnuqqEEr83S7GMEKBDZjzkTstIplMXZkhYBJB93rAngbM+JvNb henry
    ssh-rsa NEWXYZJWGvKzO4zpAtFO7G4WowFU0qmyGCfNyJzPLJd7OSBJC58ooY6G6Lp94P1w9z+7/gM8MkJ6d4W6M9uJL9JCL2aKRmuHAbl0URLwsXq846I7zfix5qXowduRzZTWNBQm3K+iGsASpexG2i/eWuaZGmPxeGxq+t6OtiasRjg9oWInak0+63Uzjj0pDZ1uBlS9EbxaBk+suZQ10qYxoh3dPnuqqEEr83S7GMEKBDZjzkTstIplMXZkhYBJB93rAngbM+JvNb henry
    ssh-rsa NEWXYZJWGvKzO4zpAtFO7G4WowFU0qmyGCfNyJzPLJd7OSBJC58ooY6G6Lp94P1w9z+7/gM8MkJ6d4W6M9uJL9JCL2aKRmuHAbl0URLwsXq846I7zfix5qXowduRzZTWNBQm3K+iGsASpexG2i/eWuaZGmPxeGxq+t6OtiasRjg9oWInak0+63Uzjj0pDZ1uBlS9EbxaBk+suZQ10qYxoh3dPnuqqEEr83S7GMEKBDZjzkTstIplMXZkhYBJB93rAngbM+JvNb henry
    ssh-rsa a1akCIARg5rKE2zxEfztF9Cgh2u2WnWzUvDRCsHQ+E2SmsEEBuxJ8RpPafjG/GxO2247JWGvKzO4zpAtFO7G4WowFU0qmyGCfNyJzPLJd7OSBJC58ooY6G6Lp94P1w9z+7/gM8MkJ6d4W6M9uJL9JCL2aKRmuHAbl0URLwsXq846I7zfix5qXowduRzZTWNBQm3K+iGsASpexG2i/eWuaZGmPxeGxq+t6OtiasRjg9oWInak0+63Uzjj0pDZ1uBlS9EbxaBk+suZQ10qYxoh3dPnuqqEEr83S7GMEKBDZjzkTstIplMXZkhYBJB93rAngbM+JvNb henry
    ssh-rsa NEWXYZJWGvKzO4zpAtFO7G4WowFU0qmyGCfNyJzPLJd7OSBJC58ooY6G6Lp94P1w9z+7/gM8MkJ6d4W6M9uJL9JCL2aKRmuHAbl0URLwsXq846I7zfix5qXowduRzZTWNBQm3K+iGsASpexG2i/eWuaZGmPxeGxq+t6OtiasRjg9oWInak0+63Uzjj0pDZ1uBlS9EbxaBk+suZQ10qYxoh3dPnuqqEEr83S7GMEKBDZjzkTstIplMXZkhYBJB93rAngbM+JvNb localhost

5) If the last entry contains username "henry", then key gets replaced with the key in the code

```
[root@pe-201818-agent-01 code]# puppet apply test.pp
Notice: Compiled catalog for pe-201818-agent-01.puppetdebug.vlan in environment production in 0.03 seconds
Notice: /Stage[main]/Main/Ssh_authorized_key[henry]/type: type changed 'ssh-dss' to 'ssh-rsa'
Notice: /Stage[main]/Main/Ssh_authorized_key[henry]/key: key changed '2ndkeyZJWGvKzO4zpAtFO7G4WowFU0qmyGCfNyJzPLJd7OSBJC58ooY6G6Lp94P1w9z+7/gM8MkJ6d4W6M9uJL9JCL2aKRmuHAbl0URLwsXq846I7zfix5qXowduRzZTWNBQm3K+iGsASpexG2i/eWuaZGmPxeGxq+t6OtiasRjg9oWInak0+63Uzjj0pDZ1uBlS9EbxaBk+suZQ10qYxoh3dPnuqqEEr83S7GMEKBDZjzkTstIplMXZkhYBJB93rAngbM+JvNb' to 'a1akCIARg5rKE2zxEfztF9Cgh2u2WnWzUvDRCsHQ+E2SmsEEBuxJ8RpPafjG/GxO2247JWGvKzO4zpAtFO7G4WowFU0qmyGCfNyJzPLJd7OSBJC58ooY6G6Lp94P1w9z+7/gM8MkJ6d4W6M9uJL9JCL2aKRmuHAbl0URLwsXq846I7zfix5qXowduRzZTWNBQm3K+iGsASpexG2i/eWuaZGmPxeGxq+t6OtiasRjg9oWInak0+63Uzjj0pDZ1uBlS9EbxaBk+suZQ10qYxoh3dPnuqqEEr83S7GMEKBDZjzkTstIplMXZkhYBJB93rAngbM+JvNb'
Notice: Applied catalog in 0.03 seconds
```
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
Atlassian logo

Jorie Tappa (JIRA)

unread,
Sep 3, 2019, 2:41:04 PM9/3/19
to puppe...@googlegroups.com
Jorie Tappa updated an issue
Change By: Jorie Tappa
Team: Coremunity
Reply all
Reply to author
Forward
0 new messages