authorized_keys are added, not replacing
ebarault opened this issue · comments
Hi,
I noticed today that when changing a key in authorized_keys, the role adds the new key to the existing user but does not remove the older one.
step 1
users:
- username: my_user
home_create: yes
groups:
- docker
append: yes
authorized_keys:
- public_key_A
shell: /bin/bash
step 2
users:
- username: my_user
home_create: yes
groups:
- docker
append: yes
authorized_keys:
- public_key_B
shell: /bin/bash
# /users/my_user/.ssh/authorized_keys
public_key_A
public_key_B
I took for granted until now that replaced authorized keys were removed and it's potentially dangerous to think so.
Did you implement it like this on purpose?
Hi, it's sort on purpose... you can switch on users_authorized_keys_exclusive
or item.authorized_keys_exclusive
as documented here.
To remove keys, the default way would be to specify your public_key_A
key state
as absent
and run the role again, but this feature isn't implemented yet as this would need to be added.
PRs always welcome
Managing accounts has the same "problem" I think. State cannot be supplied. I can make a PR. Nevermind, I need more ☕️ . Saw users_remove
.
Btw, love your role. 🎉 Thanks for publishing it!
@till Pleasure! Thanks for the feedback 👍