Puppet users - Sep 2011 - ssh_authorized_key in 2.7.1 and up

Hi,

I am currently testing my catalog, that runs fine with 2.6.3, with Puppet
2.7.4. Now I am running into a problem, and I wonder why this was
''fixed''
in Puppet the way it was.

Please consider http://projects.puppetlabs.com/issues/7888

In Puppet 2.7.4, there is code [1] that prevents ssh_authorized_key
resources to contain whitespace in their names. This is a problem, because
I actually have authorized keys with whitespaces in the comments, and
these have been added through Puppet without problems.

Now, I could just decide to change the name of the keys, but the real
problem is, that I cannot use Puppet 2.7.4 to /remove/ the old key names,
due to the ''fix'' above. That is rather inconvenient.

Besides, is there any REAL reason why a key comment (and the resource name
with it) can''t contain any whitespace? I know that one should be
careful
how to specify the resource to prevent it being added repeatedly on every
catalog run, but apart from that? I have never had any problems with it.

If whitespace is permitted from OpenSSH''s point of view,
shouldn''t Puppet
allow it too, and fix problems like this the right way? Or am I missing
something?

Best regards,
Martijn Grendelman

[1]
http://projects.puppetlabs.com/projects/puppet/repository/revisions/1c7f0c3530846d9935bbc13cda33430cf5632975

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Sep 29, 2011, at 7:35 AM, Martijn Grendelman wrote:
> 
> Hi,
> 
> I am currently testing my catalog, that runs fine with 2.6.3, with Puppet
> 2.7.4. Now I am running into a problem, and I wonder why this was
''fixed''
> in Puppet the way it was.
> 
> Please consider http://projects.puppetlabs.com/issues/7888
> 
> In Puppet 2.7.4, there is code [1] that prevents ssh_authorized_key
> resources to contain whitespace in their names. This is a problem, because
> I actually have authorized keys with whitespaces in the comments, and
> these have been added through Puppet without problems.
> 
I also have numerous keys with whitespace in the comments and given that this is
valid for SSH, I would agree it should work with Puppet.
> Besides, is there any REAL reason why a key comment (and the resource name
> with it) can''t contain any whitespace? I know that one should be
careful
> how to specify the resource to prevent it being added repeatedly on every
> catalog run, but apart from that? I have never had any problems with it.
> 
The fix for Issue 7888 doesn''t require that the
''name'' field not have whitespace, only that the
''key'' field not have whitespace, so fixing that bug and
allowing whitespace in comments seem compatible.

I would suggest opening a bug report that the fix to 7888 was overzealous and
they should revert the first part of that patch to allow whitespace in the name
field.
> If whitespace is permitted from OpenSSH''s point of view,
shouldn''t Puppet
> allow it too, and fix problems like this the right way? Or am I missing
> something?
> 
+1. 

Cheers,

Jonathan

-------------------------------------------------------------------------------
Jonathan Stanton		jonathan@spreadconcepts.com
Spread Group Messaging	www.spread.org
Spread Concepts LLC 	www.spreadconcepts.com
-------------------------------------------------------------------------------

On 29-09-11 14:03, Jonathan Stanton wrote:
> On Sep 29, 2011, at 7:35 AM, Martijn Grendelman wrote:
>>
>> Hi,
>>
>> I am currently testing my catalog, that runs fine with 2.6.3, with
Puppet
>> 2.7.4. Now I am running into a problem, and I wonder why this was
''fixed''
>> in Puppet the way it was.
>>
>> Please consider http://projects.puppetlabs.com/issues/7888
>>
>> In Puppet 2.7.4, there is code [1] that prevents ssh_authorized_key
>> resources to contain whitespace in their names. This is a problem,
because
>> I actually have authorized keys with whitespaces in the comments, and
>> these have been added through Puppet without problems.
> 
> I also have numerous keys with whitespace in the comments and given
> that this is valid for SSH, I would agree it should work with Puppet.
> 
>> Besides, is there any REAL reason why a key comment (and the resource
name
>> with it) can''t contain any whitespace? I know that one should
be careful
>> how to specify the resource to prevent it being added repeatedly on
every
>> catalog run, but apart from that? I have never had any problems with
it.
>>
> 
> The fix for Issue 7888 doesn''t require that the
''name'' field not have
> whitespace, only that the ''key'' field not have
whitespace, so fixing
> that bug and allowing whitespace in comments seem compatible.
> 
> I would suggest opening a bug report that the fix to 7888 was
> overzealous and they should revert the first part of that patch to
> allow whitespace in the name field.
http://projects.puppetlabs.com/issues/9796
> 
>> If whitespace is permitted from OpenSSH''s point of view,
shouldn''t Puppet
>> allow it too, and fix problems like this the right way? Or am I missing
>> something?
>>
> 
> +1. 
Best regards,
Martijn Grendelman

--
iphion B.V.
TU/e Innovation Lab 1.15
Horsten 1 - 5612 AX Eindhoven - The Netherlands
Tel. +31 40 747 0117
CoC-number: 17194147

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Thu, Sep 29, 2011 at 01:35:15PM +0200, Martijn Grendelman
wrote:
> Hi,
> 
> I am currently testing my catalog, that runs fine with 2.6.3, with Puppet
> 2.7.4. Now I am running into a problem, and I wonder why this was
''fixed''
> in Puppet the way it was.
> 
> Please consider http://projects.puppetlabs.com/issues/7888
> 
> In Puppet 2.7.4, there is code [1] that prevents ssh_authorized_key
> resources to contain whitespace in their names. This is a problem, because
> I actually have authorized keys with whitespaces in the comments, and
> these have been added through Puppet without problems.
> 
Actually I wasn''t aware that OpenSSH does support the delimiter
character in the comment field. But as it turns out also the code that
parses the authorized_key file inside puppet can handle these names.

So you''re right, the type should not reject these.

Commented on http://projects.puppetlabs.com/issues/9796

-Stefan