| When using the purge_ssh_keys parameter on a user resource with an alias metaparameter, the catalog application will fail when purging unmanaged ssh keys. The following error is shown.
Error: /Stage[main]/Main/Node[default]/User[username]: Failed to generate additional resources using 'generate': Parameter alias failed on Ssh_authorized_key[us...@example.com]: Munging failed for value ["useralias"] in class alias: Cannot add aliases without a catalog
|
The metaparameters are passed into the resource used to purge ssh_authorized_keys when using the user resource. Since this happens in the type, and not during catalog compilation, the agent cannot alias the resources to be purged and fails catalog application. This is likely due to this https://github.com/puppetlabs/puppet/blob/6.28.0/lib/puppet/type/user.rb#L815
res[name] = param.value if param.metaparam?
|
Should that be restricted to only send metaparameters that can be used at application? Reproduction:
1. Use any current puppetserver stack
2. Create the following resource
user {'username': |
ensure => present, |
managehome => true, |
alias => 'useralias', |
purge_ssh_keys => true |
}
|
3. Run the agent to create the user
4. Add an ssh key to the ~username/.ssh/authorizedkeys
5. Run the agent to observe the error. |
