Restrict tf user from jumping out of puppetserver

Author: cmd-ntrf

common/configuration/puppet.yaml.tftpl

@@ -175,7 +175,7 @@ write_files:
     permissions: "0600"
 %{ endif ~}
 %{ if contains(tags, "puppet") ~}
-  - content: %{ if length(setintersection(tags, bastion_tags)) == 0 }restrict,%{ endif }pty ${tf_ssh_public_key}
+  - content: restrict,pty ${tf_ssh_public_key}
     path: /etc/ssh/authorized_keys.tf
     permissions: "0644"
 %{ else ~}