Overriding a resource defined in a class

Question

I want to manage a pool of SSH public keys with puppet. I'm not sure I'm doing this right but here is how it works for now :

I have a class mysshd with a manifest containing every configuration of SSH server I want. Besides, there's another manifest containing all the public keys as "ssh_athorized_keys" resources.

For the moment, I wanted all of them to be registered, so they have "ensure => present" in the manifest. So each node loaded the convenient mysshd class and that's it.

But now, I would like to define ALL the public keys of my users in this manifest, with "ensure => absent". Then, in my node.pp, for each node, I would like to put the value "ensure" to "present" for each resource ssh_authorized_keys if I want to.

I tried to override the "ensure" parameter for some resources inside a class, but surely I missed a point, and I couldn't figure out the way to do this.

Can you help me ?

Some more details :

In : modules/iuem-sshd/manifests/publickeys.pp', there is my list of pub keys :

ssh_authorized_key{'gab':
        key => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAugG5p+SHmDm8OKdKifipUuK/TIbVXgQXm5ee//Cne+2QU9gctxOechyptT0oNh57rXUDShHpkNToC6r1ZvPLpxae2p2kBWJl5O2u1ov9/L8eWSvCFlVFc/gicH1wWG9vrlh7gXGGrAb6rVJ97XVDNkDmmF43W+Z8p8AjRtzE4b9Z3ZGGgPbBaPHPybBogs3wP3d5cyaLqlQgjJQXdkWkaVq8ApWLnan34O1sZVimcD6TVVSBZ1PmnSZfchxYq56xMnI+GpYvvi0dw+JU9aS+br4g1K5LtxFlxp4YlKGlQByrFdhn21z3VRnDrPWomgQHvdyzTUqwIs7AKvmPbQX+kQ==',
        name => 'Nicolas',
        ensure => absent,
        type => "ssh-rsa",
        user => root,
}

it is imported by init.pp which does other configs on ssh server.

In the node configuration, I load the class iuem-ssh :

class {'iuem-sshd': }

but I would like to override the setting : ensure => present and user => lagaffe for instance.

Thanks,

Jonathan

Answer 1

It sounds like this is a use case for virtual resources

You can define all of your ssh_authorized_keys in one place, and then only realize them where you need them.