How I manage users with ssh keys in puppet (simplified)

1description.md

• We have a define called company_user which (amongst other things) calls ssh_authorized_key to create their ssh key
• In the common case (one ssh key) I just have one company_user resource for the user.
• If people have additional ssh keys we call ssh_authorized_key for each additional ssh key

company_user.pp

# = Define company_user =
#
# Set up a developer's ~/.ssh directory and add a key to their 
# authorized_keys file.
#
define users::developer ($ensure = 'present', $homedir = 'undef', $ssh_key, $ssh_key_type, $ssh_key_comment, $default_dotfiles=true) {

  $username = $title

  $directory = $homedir ? {
    'undef' => "/home/${username}",
    default => "${homedir}"
  }

  # snip lots of irrelevant stuff

  file { "${directory}/.ssh":
    ensure  => directory,
    replace => false,
    owner   => $username,
    group   => 'Domain Users',
    mode    => 0700,
  }

  ssh_authorized_key { "${username}-${ssh_key_comment}":
    ensure  => $ensure,
    user    => $username,
    key     => $ssh_key,
    type    => $ssh_key_type,
    require => File["${directory}/.ssh"],
  }

}

users.pp

class users::developers {
  
  # Set up the user and their first key
  company_user { 'jimmy':
    ssh_key         => 'KEYTEXTONEDFHSDFD',
    ssh_key_type    => "ssh-rsa",
    ssh_key_comment => "laptop",
  }

  ssh_authorized_key { "jimmy-home":
    user => 'jimmy',
    key  => 'KEYTEXTTWOSDFASDFASDF',
    type => "ssh-rsa",
  }
}