Properly setup of jenkins keys

Stop using ssh_authorized_key with a fixed name,
and move key generation to a template. It will accept
an ssh_key parameter, that can accept either an array
or a single string. And it will populate these keys on the
.ssh/authorized_keys properly.
Doing that we allow to rotate keys properly, and avoid
some of the races that could be originated using a
single key using the ssh_authorized_key way.

Change-Id: I572b7a18186329c4277a3f460fc05e6eb30c63b7

manifests/jenkinsuser.pp

@@ -55,17 +55,15 @@ class jenkins::jenkinsuser(
     require => File['/home/jenkins'],
   }
 
-  ssh_authorized_key { 'jenkins-master-2014-04-24':
-    ensure  => present,
-    user    => 'jenkins',
-    type    => 'ssh-rsa',
-    key     => $ssh_key,
+  # cleanup old content in directory
+  file { '/home/jenkins/.ssh/authorized_keys':
+    ensure  => 'file',
+    owner   => 'jenkins',
+    group   => 'jenkins',
+    mode    => '0600',
+    content => template('jenkins/authorized_keys.erb'),
     require => File['/home/jenkins/.ssh'],
   }
-  ssh_authorized_key { '/home/jenkins/.ssh/authorized_keys':
-    ensure => absent,
-    user   => 'jenkins',
-  }
 
   #NOTE: not all distributions have default bash files in /etc/skel
   if ($::osfamily == 'Debian') {

templates/authorized_keys.erb

@@ -0,0 +1,10 @@
+# HEADER: This file has been autogenerated by puppet.
+# HEADER: While it can still be managed manually, it
+# HEADER: is definitely not recommended.
+<% if @ssh_key.is_a? Array -%>
+<% @ssh_key.each do |key| -%>
+ssh-rsa <%= key %>
+<% end -%>
+<% else %>
+ssh-rsa <%= @ssh_key %>
+<% end -%>