sshkeys removed in all puppet runs

[amateo]

I'm using now the old version 1.0.2 of the module. I am trying to update to latest 2.5.0, but when I used in Ubuntu 18.04 and Ubuntu 20.04 clients, I get messages like:

Notice: /Stage[main]/Ssh/Sshkey[piscis22.um.es_ed25519@]/ensure: removed (corrective)                                                                   
Notice: /Stage[main]/Ssh/Sshkey[sorex20.um.es_rsa@]/ensure: removed (corrective)                                                                        
Notice: /Stage[main]/Ssh/Sshkey[mustela33.um.es_rsa@]/ensure: removed (corrective)                                                                      
Notice: /Stage[main]/Ssh/Sshkey[fiber10.um.es_rsa@]/ensure: removed (corrective)                                                                        
...

for all the entries in /etc/ssh/ssh_known_host in all puppet runs (although entries are not currently removed and it shouldn't)

In newer versions of Ubuntu I don't have this problem

[joshcooper]

@amateo are the entries added back on each run too? Could you run the following, where certname is the fqdn for one of the hosts puppet is managing and whose known_host is flapping?

puppet query 'resources { type = "Sshkey" and certname = "<certname>" }' | jq '.[]'

We're tracking this internally as https://perforce.atlassian.net/browse/PA-5157

I believe the root cause is https://puppet.atlassian.net/browse/PUP-5302 The known hosts file is managed using a ParsedFile provider which relies on prefetch to load all of the entries at the start of the agent run. Due to the puppet bug, prefetch is not compatible with composite namevars. This module starting using composite namevars in 2.0 (see https://github.com/puppetlabs/puppetlabs-sshkeys_core/pull/27)