+# export sshd's authorized_keys fragments
+#
+# This creates exported sshd `authorized_keys` snippets that different
+# hosts can then collect using `ssh::authorized_key_collect`.
+#
+# This is a replacement for the builtin ssh_authorized_keys, although
+# it requires exported resources to work.
+#
+# The builtin type had too many problems to overcome to be useful in
+# our environment. A short overview of known issues, some of which are
+# security-sensitive:
+#
+# * MODULES-7595: ssh_authorized_key should be able to take a ready-made OpenSSH public key
+# * MODULES-7596: puppet ssh_authorized_key not purged as expected
+# * MODULES-9726: allow read-only authorized_keys
+# * MODULES-7610: sshkey uses name instead of title for duplication check
+#
+# There are many more issues on the sshkeys module, which doesn't seem
+# to be very well maintained anyways:
+#
+# https://tickets.puppetlabs.com/browse/MODULES-9726?jql=project%20%3D%20MODULES%20AND%20component%20%3D%20sshkeys_core
+#
+# @param target_user the filename to save the key under
+#
+# @param collect_tag which tag to export this resource as
+#
+# @param options a list of options, defaults to ["restrict"]
+#
+# @param command the command to enforce for this keyfile
+#
+# @param from a list of IPv4 or IPv6 address to pass to the
+# key's `from=` parameter.
+#
+# @param key the actual public key, including ssh-*, the public key
+# material and the comment