I have a recipe with a bash script that, based on an ldap query (group membership etc), or if ldap is unreachable based on cookbook files, generates the authorized_keys file for ssh login. This works great.
However one nitpick is that as the script runs every time, and really must run every time, it is counted in the "resources updated" summary at the end of the chef client run. Even when the authorized_keys files generated didn't change.
Is there a way for the script to run and not count as an updated resource?
I could then have another block that would check whether the generated keys file differs from the installed one and update only when needed. Unless its possible to tell chef-client of the result from within the script so the additional block would not be needed.