Merge branch 'master' into puppet4ify

README.markdown

@@ -235,7 +235,14 @@ Manages the user shell. Default: '/bin/bash'.
 
 #### `sshkeys`
 
-An array of SSH public keys associated with the user. These should be complete public key strings that include the type and name of the key, exactly as the key would appear in its id\_rsa.pub or id\_dsa.pub file. Must be an array. Default: an empty array.
+An array of SSH public keys associated with the user. These should be complete public key strings that include the type, content and name of the key, exactly as it would appear in its `id_*.pub` file, or with an optional options string preceding the other components, as it would appear as an entry in an `authorized_keys` file.  Must be an array. Default: an empty array.
+
+Examples:
+
+* `ssh-rsa AAAAB3NzaC1y... bob@example.com`
+* `from="myhost.example.com,192.168.1.1" ssh-rsa AAAAQ4ngoeiC... bob2@example.com`
+
+Note that for multiple keys, the name component (the last) must be unique.
 
 #### `uid`
 
@@ -253,6 +260,8 @@ Parses an ssh authorized_keys option string into an array using its expected pat
 
 ## Limitations
 
+For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-accounts/blob/master/metadata.json)
+
 This module works with Puppet Enterprise 2015.3 and later.
 
 ### Changes from pe\_accounts

manifests/key_management.pp

@@ -39,10 +39,13 @@
   if $sshkeys != [] {
     $sshkeys.each |$sshkey| {
       accounts::manage_keys { "${sshkey} for ${user}":
+        keyspec  => $sshkey,
         user     => $user,
         key_file => $key_file,
-        require  => File["${user_home}/.ssh"],
-        before   => File[$key_file],
+        require  => [
+          File["${user_home}/.ssh"],
+          File[$key_file],
+        ],
       }
     }
   }

manifests/manage_keys.pp

@@ -1,31 +1,33 @@
 #
 define accounts::manage_keys(
+  String $keyspec,
   String $user,
   String $key_file,
 ) {
 
-  $key_array   = split($name, ' ')
-  # If the key array doesn't start with ssh or ecdsa, then key_array[0] is
-  # assumed to contain ssh options separated by commas.
-  if $key_array[0] =~ /^ssh|^ecdsa-sha2/ {
-    $key_options = undef
-    $key_type    = $key_array[0]
-    $key_content = $key_array[1]
-    $key_name    = $key_array[2]
-  } else {
-    $key_options = accounts_ssh_options_parser($key_array[0])
-    $key_type    = $key_array[1]
-    $key_content = $key_array[2]
-    $key_name    = $key_array[3]
+  $key_def = $keyspec.match(/^((.*)\s+)?((ssh|ecdsa-sha2).*)\s+(.*)\s+(.*)$/)
+  if (! $key_def) {
+    err("Could not interpret SSH key definition: '${keyspec}'")
   }
-  $key_title = "${user}_${key_type}_${key_name}"
+  else {
+    if ($key_def[2]) {
+      $key_options = accounts_ssh_options_parser($key_def[2])
+    } else {
+      $key_options = undef
+    }
+    $key_type    = $key_def[3]
+    $key_content = $key_def[5]
+    $key_name    = $key_def[6]
 
-  ssh_authorized_key { $key_title:
-    ensure  => present,
-    user    => $user,
-    key     => $key_content,
-    type    => $key_type,
-    options => $key_options,
-    target  => $key_file,
+    $key_title = "${user}_${key_type}_${key_name}"
+
+    ssh_authorized_key { $key_title:
+      ensure  => present,
+      user    => $user,
+      key     => $key_content,
+      type    => $key_type,
+      options => $key_options,
+      target  => $key_file,
+    }
   }
 }

manifests/user.pp

@@ -38,7 +38,7 @@
   Optional[Pattern[/^absent$|^\d{4}-\d{2}-\d{2}$/]] $expiry = undef,
   Optional[String] $sshkey_custom_path          = undef,
 ) {
-  
+
   if $home {
     $home_real = $home
   } elsif $name == 'root' {

spec/acceptance/user_spec.rb

@@ -19,7 +19,7 @@
             bash_profile_content => file('accounts/shell/bash_profile'),
             sshkeys              => [
               'ssh-rsa #{test_key} vagrant',
-              'from="myhost.example.com,192.168.1.1" ssh-rsa #{test_key} vagrant2'
+              'command="/bin/echo Hello",from="myhost.example.com,192.168.1.1" ssh-rsa #{test_key} vagrant2'
             ],
           }
 PUPPETCODE