Support custom target_user (#7)

README.md

@@ -54,6 +54,15 @@ The key will be exported as `alice_key@foo` (suffix is taken from the `hostname`
 Ssh_authorized_key <<| tag == "tag_users" |>>
 ```
 
+Customize `target_user` in order to store authorized key under different account than it was exported from.
+```
+pubkey::ssh { 'bob_ed25519':
+  user        => 'bob', # auto-detected from title
+  target_user => 'deploy', # user account under which authorized key will be stored
+  tags        => ['users'],
+}
+```
+
 All Puppet variables are documented in [REFERENCE.md](./REFERENCE.md).
 
 ## How does this work?

manifests/ssh.pp

@@ -3,7 +3,8 @@
 # Exports public ssh key to Puppetserver
 #
 # @param generate Whether missing key should be generated
-# @param user account name under which we will store the ssh key
+# @param user account name where ssh key is (optionally) generated and public key stored into exported resource
+# @param target_user account name under which we will store the authorized key (by default same as `user`)
 # @param type ssh key type one of: 'dsa', 'rsa', 'ecdsa', 'ed25519', 'ecdsa-sk', 'ed25519-sk'
 # @param home user's home directory, assuming .ssh is located in $HOME/.ssh
 # @param prefix custom key file prefix for the ssh key file (default: 'id')
@@ -17,9 +18,24 @@
 #
 # @example
 #   pubkey::ssh { 'john_rsa': }
+#
+# @example
+#  pubkey::ssh { 'johndoe':
+#    type    => 'ed25519',
+#    comment => 'johndoe_ed25519',
+#    tags    => ['users'],
+#  }
+#
+# @example
+#  pubkey::ssh { 'bob_ed25519':
+#    user        => 'bob', # auto-detected from title
+#    target_user => 'deploy', # user account under which authorized key will be stored
+#    tags        => ['users'],
+#  }
 define pubkey::ssh (
   Boolean                    $generate = true,
   Optional[String[1]]        $user = undef,
+  Optional[String[1]]        $target_user = undef,
   Optional[Pubkey::Type]     $type = undef,
   Stdlib::AbsolutePath       $path = $facts['path'],
   Optional[Stdlib::UnixPath] $home = undef,
@@ -52,6 +68,11 @@
     default => $user
   }
 
+  $_target_user = $target_user ? {
+    undef   => $_user,
+    default => $target_user,
+  }
+
   $_home = $home ? {
     undef   => $_user ? {
       'root'  => '/root',
@@ -107,7 +128,7 @@
         if !empty($_key['type']) and !empty($_key['key']) {
           @@ssh_authorized_key { "${title}@${hostname}":
             ensure => present,
-            user   => $_user,
+            user   => $_target_user,
             type   => $_key['type'],
             key    => $_key['key'],
             tag    => $tags,

spec/classes/pubkey_spec.rb

@@ -144,6 +144,48 @@
 
     it {
       expect(exported_resources).to contain_ssh_authorized_key('alice_ed25519@host.test').with(
+        user: 'alice',
+        type: 'ssh-ed25519',
+        key: 'AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGgW3IPS7MrL1t8Bta0cZFzvqR8pZMoyuqIVAEXWwb9fAAAABHNzaDo=',
+      )
+    }
+  end
+
+  context 'with target_user' do
+    let(:facts) { os_facts }
+    let :pre_condition do
+      <<-PP
+        pubkey::ssh { 'alice_ed25519':
+          tags        => ['users'],
+          target_user => 'bob',
+        }
+        Ssh_authorized_key <<| tag == 'users' |>>
+      PP
+    end
+
+    exported_keys = '/var/cache/pubkey/exported_keys'
+    it { is_expected.to compile.with_all_deps }
+
+    it { is_expected.to contain_pubkey__ssh('alice_ed25519') }
+
+    it {
+      is_expected.to contain_pubkey__keygen('keygen-alice_ed25519')
+        .with({
+                user: 'alice',
+                type: 'ed25519',
+              })
+    }
+
+    it {
+      is_expected.to contain_file_line('alice:/home/alice/.ssh/id_ed25519.pub')
+        .with(
+        path: exported_keys,
+      )
+    }
+
+    it {
+      expect(exported_resources).to contain_ssh_authorized_key('alice_ed25519@host.test').with(
+        user: 'bob',
         type: 'ssh-ed25519',
         key: 'AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGgW3IPS7MrL1t8Bta0cZFzvqR8pZMoyuqIVAEXWwb9fAAAABHNzaDo=',
       )