From 5e34abee3721a5936b386203951ffd7b71d176ba Mon Sep 17 00:00:00 2001
From: Tim Meusel <tim@bastelfreak.de>
Date: Tue, 7 May 2024 09:52:18 +0200
Subject: [PATCH] usermanagement: prohibit empty ssh keys

previously we allowed ssh keys as empty strings `''`. This doesn't make
sense and breaks the `accounts_ssh_authorized_keys_line_parser()`
function.
---
 REFERENCE.md                                                | 6 +++---
 .../functions/accounts_ssh_authorized_keys_line_parser.rb   | 2 +-
 manifests/key_management.pp                                 | 2 +-
 manifests/user.pp                                           | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/REFERENCE.md b/REFERENCE.md
index 940ea5dd..40efa683 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -505,7 +505,7 @@ Default value: `'0600'`
 
 ##### <a name="-accounts--user--sshkeys"></a>`sshkeys`
 
-Data type: `Array[String]`
+Data type: `Array[String[1]]`
 
 An array of SSH public keys associated with the user. These should be
 complete public key strings that include the type, content and name of the
@@ -559,7 +559,7 @@ The returned options element can by an empty string.
 accounts_ssh_authorized_keys_line_parser_string('options ssh-rsa AAAA... comment)
 ```
 
-#### `accounts_ssh_authorized_keys_line_parser(String $str)`
+#### `accounts_ssh_authorized_keys_line_parser(String[1] $str)`
 
 Parse an ssh authorized_keys line string into an array using its expected
 pattern by using a combination of regex matching and extracting the substring
@@ -580,7 +580,7 @@ accounts_ssh_authorized_keys_line_parser_string('options ssh-rsa AAAA... comment
 
 ##### `str`
 
-Data type: `String`
+Data type: `String[1]`
 
 ssh authorized_keys line string
 
diff --git a/lib/puppet/functions/accounts_ssh_authorized_keys_line_parser.rb b/lib/puppet/functions/accounts_ssh_authorized_keys_line_parser.rb
index 77ca368a..c3940dec 100644
--- a/lib/puppet/functions/accounts_ssh_authorized_keys_line_parser.rb
+++ b/lib/puppet/functions/accounts_ssh_authorized_keys_line_parser.rb
@@ -12,7 +12,7 @@
   # @example Calling the function
   #   accounts_ssh_authorized_keys_line_parser_string('options ssh-rsa AAAA... comment)
   dispatch :accounts_ssh_authorized_keys_line_parser_string do
-    param 'String', :str
+    param 'String[1]', :str
   end
 
   def accounts_ssh_authorized_keys_line_parser_string(str)
diff --git a/manifests/key_management.pp b/manifests/key_management.pp
index 01a06392..5e7a06d7 100644
--- a/manifests/key_management.pp
+++ b/manifests/key_management.pp
@@ -98,7 +98,7 @@
   }
 
   if $sshkeys != [] {
-    $sshkeys.each |$sshkey| {
+    $sshkeys.each |String[1] $sshkey| {
       accounts::manage_keys { "${sshkey} for ${user}":
         ensure    => $ensure,
         keyspec   => $sshkey,
diff --git a/manifests/user.pp b/manifests/user.pp
index dec6cf83..d90dfceb 100644
--- a/manifests/user.pp
+++ b/manifests/user.pp
@@ -213,7 +213,7 @@
   Optional[Accounts::User::Name]           $sshkey_group             = $group,
   Optional[Accounts::User::Name]           $sshkey_owner             = $name,
   Variant[Integer[0],String]               $sshkey_mode              = '0600',
-  Array[String]                            $sshkeys                  = [],
+  Array[String[1]]                         $sshkeys                  = [],
   Boolean                                  $system                   = false,
   Optional[Accounts::User::Uid]            $uid                      = undef,
 ) {