Closed asciifaceman closed 3 years ago
Also, If I am misunderstanding something please let me know
Correct it will, so we should work with people to get this move done correctly. That is why the due date is set to the 16th.
unless u['ssh_keys']
template "#{home_dir}/.ssh/authorized_keys" do
source "authorized_keys.erb"
cookbook new_resource.cookbook
owner u['username']
group u['gid'] || u['username']
mode "0600"
variables :ssh_keys => u['ssh_keys']
end
else
# zero that sucker out
template "#{home_dir}/.ssh/authorized_keys" do
source "authorized_keys.erb"
cookbook new_resource.cookbook
owner u['username']
group u['gid'] || u['username']
mode "0600"
variables :ssh_keys => ""
end
end
I wrote a very simple behavior change for this, it is available in pull req: https://github.com/opscode-cookbooks/users/pull/76
If u['ssh_keys'] is not defined, it wipes out authorized_keys.
I realize this would wipe out any custom ssh keys the user may have, but that should not be happening anyways since the file is chef-managed.
Also, apologies if I missed the naming convention for the pull/commit. I read the guidelines after pushing them to my fork and pull requesting (I am a terrible example for society).
have created a new PR to supersede https://github.com/opscode-cookbooks/users/pull/76
see https://github.com/opscode-cookbooks/users/pull/90 for details.
handles things a bit nicer, using file resources.
The Pull Requests related to this issue have all been closed in the past. And this issue is from 6 years ago. I am closing it for now but if the needs is still there to add this feature please reopen it.
If a user has no ssh keys defined, but they have an authorized_keys file it does not zero out the file.
This can be a complication if you remove keys from a user but not the user entirely, that last key is not removed (or when migrating from pre-chef to chef and their existing keys aren't wiped out)
relevant code: