Open cdown opened 7 years ago
ssh_authorize_key
is a definition, not a resource. Calling it with a lazy property is not currently supported.
The reason is that these values are checked to be correct before creating the underlying file resource to avoid the generated authorized_keys
file to be corrupted. AFAIK there is no way to check these lazy values without unlazying them.
So why not just skip the checks when they are lazy, and print a warning? Without lazy evaluation, this is unusable in an ecosystem where separate teams maintain separate attributes for their tiers
But if we skip the checks, what's the purpose of this cookbook? I mean, creating a template file for a _ssh_authorizekey is too simple and I prefer to be this the purpose of the cookbook: To try to avoid generating an invalid file that could leave your server inaccessible.
Anyway, I'm going to leave this open in case someone wants to implement it.
For what it's worth, I have a different use-case for this that would have been helpful. We use LDAP auth and so the users might not actually exist as POSIX accounts at the time this gets evaluated (like on bootstrap).
That means they'll get created on the 2nd Chef run, but it also means I can't do kitchen tests with it. In order to make it work, I have to run nss_updatdb at compile time, which means I have to then run the entire support stack for that at compile time as well - create ldap.conf, install the packages, etc.
If we had a flag that said "ignore_user_not_exist" or something it would work equally well for me.
When trying to evaluate a user which is a delayed resource, checks fail -- this check should be skipped if the user is being lazily evaluated:
For example:
results in