The Puppet Labs Issue Tracker has Moved:

This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using See the following page for information on filing tickets with JIRA:

Bug #9046

Problem validating options property of the ssh_authorized_key type.

Added by David Ballenger about 4 years ago. Updated about 4 years ago.

Status:DuplicateStart date:08/17/2011
Priority:NormalDue date:
Assignee:-% Done:


Target version:-
Affected Puppet version:2.7.3 Branch:

We've Moved!

Ticket tracking is now hosted in JIRA:


Puppet 2.7.3 has a bug when trying to validate the options property of the ssh_authorized_key type. The validation is attempting to make sure that multiple options are not embedded in a string, they should be specified as an array. The test does this by simply checking for a comma in the string value of the option. However, this trips up on options like the from option, which is specified as:


where pattern-list is a comma-seperated list of patterns. There are several other options that accept a string argument (e.g. command, environment) that could potentially have commas in the string.

The following ssh_autorized_key illustrates the problem:

ssh_authorized_key { 'testkey':
  ensure  => present,
  key     => 'somereallylongstringhere',
  type    => ssh-rsa,
  user    => 'root',
  options => [ 'command="/usr/bin/true"',
               'from=","' ],

Put this in a test.pp then run puppet apply:

$ puppet apply --trace ~/test.pp
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/type/ssh_authorized_key.rb:95:in `unsafe_validate'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/parameter.rb:255:in `validate'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/property.rb:300:in `should='
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/property.rb:300:in `each'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/property.rb:300:in `should='
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/property.rb:337:in `value='
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/type.rb:436:in `[]='
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/type.rb:1788:in `set_parameters'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/type.rb:1782:in `each'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/type.rb:1782:in `set_parameters'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/type.rb:1764:in `initialize'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/resource.rb:285:in `new'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/resource.rb:285:in `to_ral'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/resource/catalog.rb:621:in `send'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/resource/catalog.rb:621:in `to_catalog'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/resource/catalog.rb:599:in `each'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/resource/catalog.rb:599:in `to_catalog'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/resource/catalog.rb:536:in `to_ral'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/application/apply.rb:207:in `main'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/application/apply.rb:135:in `run_command'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/application.rb:307:in `run'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/application.rb:411:in `hook'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/application.rb:307:in `run'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/application.rb:402:in `exit_on_fail'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/application.rb:307:in `run'
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/util/command_line.rb:69:in `execute'
/usr/bin/puppet:19:in `load'
Parameter options failed: Options must be provided as an array, not a comma separated list

The check for multiple options in the value is at line 95 in:

/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/type/ssh_authorized_key.rb:95:in `unsafe_validate'

The value.include?(',') should be changed to a regular expression test for multiple options that still allows commas within quotes for options like from that accept a quoted string as a specification for the option.

Related issues

Related to Puppet - Bug #7114: ssh_authorized_key not moving key from one target to another Closed 04/14/2011


#1 Updated by Stefan Schulte about 4 years ago

This is basically #1737 and the regression is caused by #7114. There is already a fix for that (see 7114) which unfortunately hasn’t been merged in yet.

#2 Updated by James Turnbull about 4 years ago

  • Status changed from Unreviewed to Duplicate

Duplicate of #7114.

Also available in: Atom PDF