smoser and I had a conversation in #cloud-init about this on Friday. Our conclusion was that we should mirror what the cloud vendor is doing (i.e. ignore project-level keys if instance-level keys are specified).
We also discussed how we could configure an instance in a project _with_ SSH keys to start _without_ any SSH keys. smoser proposed (a) using the presence of the empty string in the instance sshKeys metadata value. He also noted that (b) creating a fresh key, attaching it as an instance- level SSH key and instantly shredding it would also give the desired behaviour. I think that this requirement is uncommon enough that (b) should suffice. Furthermore, I can imagine (a) breaking automation that would work with just GCE's daemons (as they just ignore the empty string). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1403617 Title: gce datasource does not handle instance ssh keys To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1403617/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs