Martijn Grendelman
2011-Sep-29 11:35 UTC
[Puppet Users] ssh_authorized_key in 2.7.1 and up
Hi, I am currently testing my catalog, that runs fine with 2.6.3, with Puppet 2.7.4. Now I am running into a problem, and I wonder why this was ''fixed'' in Puppet the way it was. Please consider http://projects.puppetlabs.com/issues/7888 In Puppet 2.7.4, there is code [1] that prevents ssh_authorized_key resources to contain whitespace in their names. This is a problem, because I actually have authorized keys with whitespaces in the comments, and these have been added through Puppet without problems. Now, I could just decide to change the name of the keys, but the real problem is, that I cannot use Puppet 2.7.4 to /remove/ the old key names, due to the ''fix'' above. That is rather inconvenient. Besides, is there any REAL reason why a key comment (and the resource name with it) can''t contain any whitespace? I know that one should be careful how to specify the resource to prevent it being added repeatedly on every catalog run, but apart from that? I have never had any problems with it. If whitespace is permitted from OpenSSH''s point of view, shouldn''t Puppet allow it too, and fix problems like this the right way? Or am I missing something? Best regards, Martijn Grendelman [1] http://projects.puppetlabs.com/projects/puppet/repository/revisions/1c7f0c3530846d9935bbc13cda33430cf5632975 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Jonathan Stanton
2011-Sep-29 12:03 UTC
Re: [Puppet Users] ssh_authorized_key in 2.7.1 and up
On Sep 29, 2011, at 7:35 AM, Martijn Grendelman wrote:> > Hi, > > I am currently testing my catalog, that runs fine with 2.6.3, with Puppet > 2.7.4. Now I am running into a problem, and I wonder why this was ''fixed'' > in Puppet the way it was. > > Please consider http://projects.puppetlabs.com/issues/7888 > > In Puppet 2.7.4, there is code [1] that prevents ssh_authorized_key > resources to contain whitespace in their names. This is a problem, because > I actually have authorized keys with whitespaces in the comments, and > these have been added through Puppet without problems. >I also have numerous keys with whitespace in the comments and given that this is valid for SSH, I would agree it should work with Puppet.> Besides, is there any REAL reason why a key comment (and the resource name > with it) can''t contain any whitespace? I know that one should be careful > how to specify the resource to prevent it being added repeatedly on every > catalog run, but apart from that? I have never had any problems with it. >The fix for Issue 7888 doesn''t require that the ''name'' field not have whitespace, only that the ''key'' field not have whitespace, so fixing that bug and allowing whitespace in comments seem compatible. I would suggest opening a bug report that the fix to 7888 was overzealous and they should revert the first part of that patch to allow whitespace in the name field.> If whitespace is permitted from OpenSSH''s point of view, shouldn''t Puppet > allow it too, and fix problems like this the right way? Or am I missing > something? >+1. Cheers, Jonathan ------------------------------------------------------------------------------- Jonathan Stanton jonathan@spreadconcepts.com Spread Group Messaging www.spread.org Spread Concepts LLC www.spreadconcepts.com -------------------------------------------------------------------------------
Martijn Grendelman
2011-Sep-29 14:23 UTC
Re: [Puppet Users] ssh_authorized_key in 2.7.1 and up
On 29-09-11 14:03, Jonathan Stanton wrote:> On Sep 29, 2011, at 7:35 AM, Martijn Grendelman wrote: >> >> Hi, >> >> I am currently testing my catalog, that runs fine with 2.6.3, with Puppet >> 2.7.4. Now I am running into a problem, and I wonder why this was ''fixed'' >> in Puppet the way it was. >> >> Please consider http://projects.puppetlabs.com/issues/7888 >> >> In Puppet 2.7.4, there is code [1] that prevents ssh_authorized_key >> resources to contain whitespace in their names. This is a problem, because >> I actually have authorized keys with whitespaces in the comments, and >> these have been added through Puppet without problems. > > I also have numerous keys with whitespace in the comments and given > that this is valid for SSH, I would agree it should work with Puppet. > >> Besides, is there any REAL reason why a key comment (and the resource name >> with it) can''t contain any whitespace? I know that one should be careful >> how to specify the resource to prevent it being added repeatedly on every >> catalog run, but apart from that? I have never had any problems with it. >> > > The fix for Issue 7888 doesn''t require that the ''name'' field not have > whitespace, only that the ''key'' field not have whitespace, so fixing > that bug and allowing whitespace in comments seem compatible. > > I would suggest opening a bug report that the fix to 7888 was > overzealous and they should revert the first part of that patch to > allow whitespace in the name field.http://projects.puppetlabs.com/issues/9796> >> If whitespace is permitted from OpenSSH''s point of view, shouldn''t Puppet >> allow it too, and fix problems like this the right way? Or am I missing >> something? >> > > +1.Best regards, Martijn Grendelman -- iphion B.V. TU/e Innovation Lab 1.15 Horsten 1 - 5612 AX Eindhoven - The Netherlands Tel. +31 40 747 0117 CoC-number: 17194147 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Stefan Schulte
2011-Sep-29 15:17 UTC
Re: [Puppet Users] ssh_authorized_key in 2.7.1 and up
On Thu, Sep 29, 2011 at 01:35:15PM +0200, Martijn Grendelman wrote:> Hi, > > I am currently testing my catalog, that runs fine with 2.6.3, with Puppet > 2.7.4. Now I am running into a problem, and I wonder why this was ''fixed'' > in Puppet the way it was. > > Please consider http://projects.puppetlabs.com/issues/7888 > > In Puppet 2.7.4, there is code [1] that prevents ssh_authorized_key > resources to contain whitespace in their names. This is a problem, because > I actually have authorized keys with whitespaces in the comments, and > these have been added through Puppet without problems. >Actually I wasn''t aware that OpenSSH does support the delimiter character in the comment field. But as it turns out also the code that parses the authorized_key file inside puppet can handle these names. So you''re right, the type should not reject these. Commented on http://projects.puppetlabs.com/issues/9796 -Stefan