From 53228fbe94be6ff2afb91ba4570210b6f52172d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micka=C3=ABl=20Can=C3=A9vet?=
 <mickael.canevet@camptocamp.com>
Date: Mon, 19 Oct 2015 13:39:40 +0200
Subject: [PATCH] Don't create absent ssh_authorized_key resources if
 purge_ssh_keys is enabled

---
 manifests/account.pp | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/manifests/account.pp b/manifests/account.pp
index 39ce4ad..08b515c 100644
--- a/manifests/account.pp
+++ b/manifests/account.pp
@@ -133,12 +133,14 @@
       }
     }
 
-    $keys_to_remove = suffix(keys(absents($::accounts::ssh_keys)), "-on-${name}")
-    accounts::authorized_key { $keys_to_remove:
-      ensure                   => absent,
-      account                  => $name,
-      target                   => $authorized_keys_target,
-      ssh_authorized_key_title => $ssh_authorized_key_title,
+    if ! $purge_ssh_keys {
+      $keys_to_remove = suffix(keys(absents($::accounts::ssh_keys)), "-on-${name}")
+      accounts::authorized_key { $keys_to_remove:
+        ensure                   => absent,
+        account                  => $name,
+        target                   => $authorized_keys_target,
+        ssh_authorized_key_title => $ssh_authorized_key_title,
+      }
     }
   }
 }