ssh key parameter will always be longer than 80 chars

[rharrison10]

puppet-lint should not generate a warning or an error about lines longer than 80 characters for lines containing an ssh key. The only built in resource types that have a key parameter are ssh_authorized_key and sshkey resources.

Using the --no-80chars-check command line switch isn't helpful since I do want to receive warnings for other lines that are longer than 80 characters.

[rodjek]

We've actually discussed this in a previous issue. Pasting giant key strings that can easily go over 500 characters into your manifests is exactly the kind of thing that puppet-lint is trying to warn you not to do.

A much cleaner solution is to put the text of the key into a file and read it in via template()

ssh_authorized_key { '...':
  key => template('path/to/my/key'),
}

[rharrison10]

rodjek I see how your method would read cleaner and do like it conceptually but it isn't how the ssh key resources are documented. Besides changing our method of setting up users at this point would be a major undertaking and would require buy in from the rest of the team. If we were just starting out switching would make since, but I don't see it happening any time soon and I'd hate to disable 80 char check across the board because we use the type as its intended.

It also occurs to me that password hashes in user resources are also likely to be longer than 80 chars as well so that is another case that probably would cause issues.

t would be great if there was an option to turn off the 80 char check for only lines containing 'key =>' and / or 'password =>' At least then I'd have to take action to ignore the better way rather than ignoring it by default. Then at least I'd know its something I need to get into the schedule but can could still use puppet-lint for automated validation in the mean time.

[rkhatibi]

@rharrison10 I opened the other issue and came around to rodjek's point of view. puppet-lint is concerned with creating a maintainable style. It will be opinion based, but in this case I think it's right.

fwiw, it's trivial to add any changes or just turn off the 80 char check. However it is going make more sense to move this sort of data into an external data source.

[rharrison10]

I understand the arguments of why I should move these values to external data sources and I agree with the theory behind them.
In practice, the problem is I'm not the only one maintaining our puppet configurations. We've already got many of these resources in our manifests and converting them would be time consuming and require buy in from the entire team. For the time being we've got more pressing tasks on our plates so I don't see this getting cleaned up in the near term.
As a result I've been forced to add the --no-80chars-check to our call of puppet-lint in our pre-commit script which is less than optimal to say the least. I would very much like to be able to check for lines longer than 80 chars before someone commits a manifest to the repository but I'm not able to do so without the ability to disable the check for specific types of parameters that are likely to be longer than 80chars.

[rodjek]

Closing this issue as it probably will never be resolved.