Added random strings in key comments

[mcodenie]

Describe the Bug

It generates random strings in the key comment section, ie below - luigi_ssh-rsa_old@config.com_6bbd0f3daa6a944dcf5be78dbe171d1c
cat /home/xunil/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCU6RPX1CY+WB2wU6pWU6Nkb7HTE6qaFymT31o/m1F6KUkgU9xxbTWEhqbzU1t1m5QaEJT6YYDm9UjFtP19Y6q6phkWGH+8HJtOeJ8nEezsXM0nl3erSj8Tnyhq7fc8aAm+GYdSdtq+SnRojFeAeGAGS3aE6JExYsh6wjZ0uBEEzq88nm6vgIxm00m7htUSdkHHL+Z+VMMsX4xpDLH/zCaRVesOuSO1Dd919ttLyZffrzF3P98LXa7sTS5p44I9k2YyxJ3lcBxj4cuq0OmtNGnd7bBH6gzPrIrZC7d/TsNHNyc4F7LfkiyFUxXr5khphto//XLsw/gL1rNj1tB42qxtbcouu7VbMNQTgj7QFUtQ1DKuR7bSB1s3iJ54Xo4dcLJyQna+bXtt/CghcTf/iHWfWNvCZkzh06JP5DY6HxVJQP2GueRnUxs7zlqDRlAbhW02RyypEtpnzUFdmwItiLvfkzrJtBbjao8/nJO+EVJUPB2vIJjqDbYxJMEgJI/dMks= luigi_ssh-rsa_old@config.com_6bbd0f3daa6a944dcf5be78dbe171d1c

Expected Behavior

It should have a clear ssh key without a random string so easy to make a condition. If rerun the puppet, it keeps generating a new one.
type key_fingerprint key_comment
ie 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCU6RPX1CY+WB2wU6pWU6Nkb7HTE6qaFymT31o/m1F6KUkgU9xxbTWEhqbzU1t1m5QaEJT6YYDm9UjFtP19Y6q6phkWGH+8HJtOeJ8nEezsXM0nl3erSj8Tnyhq7fc8aAm+GYdSdtq+SnRojFeAeGAGS3aE6JExYsh6wjZ0uBEEzq88nm6vgIxm00m7htUSdkHHL+Z+VMMsX4xpDLH/zCaRVesOuSO1Dd919ttLyZffrzF3P98LXa7sTS5p44I9k2YyxJ3lcBxj4cuq0OmtNGnd7bBH6gzPrIrZC7d/TsNHNyc4F7LfkiyFUxXr5khphto//XLsw/gL1rNj1tB42qxtbcouu7VbMNQTgj7QFUtQ1DKuR7bSB1s3iJ54Xo4dcLJyQna+bXtt/CghcTf/iHWfWNvCZkzh06JP5DY6HxVJQP2GueRnUxs7zlqDRlAbhW02RyypEtpnzUFdmwItiLvfkzrJtBbjao8/nJO+EVJUPB2vIJjqDbYxJMEgJI/dMks= old@config.com'

Steps to Reproduce

Steps to reproduce the behavior:

1. In the manifest,

  lookup('users', Hash, 'hash').each | String $username, Hash $attrs | {
    accounts::user { $username:
      * => $attrs,
    }
  }

2. In the heira data.

users:
  'luigi':
    sshkeys:
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCU6RPX1CY+WB2wU6pWU6Nkb7HTE6qaFymT31o/m1F6KUkgU9xxbTWEhqbzU1t1m5QaEJT6YYDm9UjFtP19Y6q6phkWGH+8HJtOeJ8nEezsXM0nl3erSj8Tnyhq7fc8aAm+GYdSdtq+SnRojFeAeGAGS3aE6JExYsh6wjZ0uBEEzq88nm6vgIxm00m7htUSdkHHL+Z+VMMsX4xpDLH/zCaRVesOuSO1Dd919ttLyZffrzF3P98LXa7sTS5p44I9k2YyxJ3lcBxj4cuq0OmtNGnd7bBH6gzPrIrZC7d/TsNHNyc4F7LfkiyFUxXr5khphto//XLsw/gL1rNj1tB42qxtbcouu7VbMNQTgj7QFUtQ1DKuR7bSB1s3iJ54Xo4dcLJyQna+bXtt/CghcTf/iHWfWNvCZkzh06JP5DY6HxVJQP2GueRnUxs7zlqDRlAbhW02RyypEtpnzUFdmwItiLvfkzrJtBbjao8/nJO+EVJUPB2vIJjqDbYxJMEgJI/dMks= old@config.com'
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCXXgsjIZYtY1Sk3D961fuW+ht9TeX3NfVfEO7cwxuqnFpZP3xATbLvPbXTRe2xXc3kheTT1id039IBb4/AFSQWaYxkH8dUv6cQxcZvbcQQ5aljqI8UZQdiNCX2Mrq42OViF0RbAKH+ofjCELG/hzdDxj/iYgF10u05bCRN9Z7LhwHMCRL8ODTO91sIu1KdHm67cdGmqoi5bx8yBs1IctWwBoDQqqtnKAtiGFQOSSQln9A5MgBk9bj+Nrh9FlAojoHe5ivC5pYBduROoI+ONoeVwHxBjj3tzN7NkxXNcf28vpQem63QCVHxmRvLHVKUdis0VXkTKyHlHOpRoKu6G+Ev0xdLT+P4KVEqb4o0Cr/5QYmI7V//DUMjWauUZVD0uu3ZKxZP5FJvMpYFBdmRneH9x+c1GWTIFJLMg592kgOpZDUmPuhF9k0vagZsww3aTi7Io4N3E/Vmcst5jXT+S364o9SIjd4W64BFaRmidtc7GatT8ZJV7G1Sro+6Vypfo8M= new@config.com'

Environment

puppet6-release-6.0.0-23.el8.noarch
puppet-agent-6.28.0-1.el8.x86_64
in
Red Hat Enterprise Linux release 8.7 (Ootpa)

Additional Context

Using this module version.
mod 'puppetlabs-accounts', '8.1.0'

The documentation doesn't mention that it generates a random string, or any options to get rid of those strings.

[mcodenie]

Initial solution in my end similar to puppetlabs-sshkeys_core using like this format

ssh_authorized_key { 'nick@magpie.example.com':
  ensure => present,
  user   => 'nick',
  type   => 'ssh-rsa',
  key    => 'AAAAB3Nza[...]qXfdaQ==',
}

In line 43, manifests/manage_keys.pp, altered the key_title to use only 3rd entry instead of adding md5, user and key name in the key title.
from
$key_title = "${user}_${key_type}_${key_name}"
to
$key_title = $key_def[3]

[kenyon]

It's just the md5sum of the key to ensure uniqueness. See https://puppet.atlassian.net/browse/MODULES-10867 and #340.

[mcodenie]

I see, but why just use a simpler ssh key name by just adding the md5 checksum so easy to determine that's from that particular user.

    $key_name    = "${key_def[3]}_${key_md5}"
    $key_title = $key_name

So able to comply with SSH Public Key format, as mostly comment in the format user@host...
[type-name] [base64-encoded-ssh-public-key] [comment]
ie ssh-rsa AAAAB3NzaC1yc2E...Q02P1Eamz/nT4I3 root@localhost

At least on that, it just added the md5 checksum after the user@host.
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCU6RPX1CY+WB2wU6pWU6Nkb7HTE6qaFymT31o/m1F6KUkgU9xxbTWEhqbzU1t1m5QaEJT6YYDm9UjFtP19Y6q6phkWGH+8HJtOeJ8nEezsXM0nl3erSj8Tnyhq7fc8aAm+GYdSdtq+SnRojFeAeGAGS3aE6JExYsh6wjZ0uBEEzq88nm6vgIxm00m7htUSdkHHL+Z+VMMsX4xpDLH/zCaRVesOuSO1Dd919ttLyZffrzF3P98LXa7sTS5p44I9k2YyxJ3lcBxj4cuq0OmtNGnd7bBH6gzPrIrZC7d/TsNHNyc4F7LfkiyFUxXr5khphto//XLsw/gL1rNj1tB42qxtbcouu7VbMNQTgj7QFUtQ1DKuR7bSB1s3iJ54Xo4dcLJyQna+bXtt/CghcTf/iHWfWNvCZkzh06JP5DY6HxVJQP2GueRnUxs7zlqDRlAbhW02RyypEtpnzUFdmwItiLvfkzrJtBbjao8/nJO+EVJUPB2vIJjqDbYxJMEgJI/dMks= old@config.com_6bbd0f3daa6a944dcf5be78dbe171d1c