(PUP-2635) use generate instead of eval_generate to purge ssh keys
The generating of ssh_authorized_keys resources for purging is implemented
in Puppet::Type::User#eval_generate. The resources are added as the graph
is being traversed.
This exhibits unexpected behavior under certain circumstances. Specifically,
generated keys can be considered already absent (and hence in sync) if there
is a package resource in the catalog. The error disappears when the
functionality is moved from the eval_generate hook in favor of the generate
hook.
The reasons for the wrong behavior is an issue between the transaction code
and the eval_generate mode of operation. During evaluation, the transaction
will call its #prefetch_if_necessary hook for each resource in turn, which
relies on #resources_by_provider. The latter has a cache and misses all
resources that are added using eval_generate after the initial method call.
As a result, those resources are not passed to the provider for prefetching
and thus remain in an uninitialized state, just as though the resource
would not exist on the target system (ensure => absent). They are therefor
not eligible for syncing/purging.