It seems like if you want to authoratively say “just these keys are authorized”, you could just push the authorized key file with the copy (or template) module.
This is probably what I would do. The way modules work, passing a local dir would feel a bit weird to me.
Hi,
An alternative for exactly such behavior would be to use the assemble module.
Unfortunately the solution with a source directory will probably force you to have many such folders with probably duplicate keys. Therefore another solution could be to list all valid keys for all users (eg. $FILE()) in an inventory variable, use the template module and loop through this variable inside the template.
In this specific case there are various solutions, but what approach should be used in a general case when someone wants a “flush everything not specified here” behavior?
Maybe with a way to for modules to enqueue their actions and triggering handlers if at least one of the tasks with a module returns that something would be changed (like in check mode?
Greetings,
gw
GW, that’s not necessary. Template is a great fit here.
You can write a template that loops through the list of keys and use the “file” lookup module to add them to the template.
Thanks for the feedback. I implemented the solution using a vars directive with a list of the devs that should be allowed on a server. Then I used a template like suggested. This seems to be a bit more secure than my original attempt at a solution as well 