Add ability to allow only deploy keys in AuthorizedKeysCommand
What does this MR do?
This is a follow-up to !19911 (merged). Now (as discussed in the commit message) administrators can forbid non-deploy keys, this is useful in combination with SSH certificates. See gitlab-shell!220 (closed) for the gitlab-shell MR.
Are there points in the code the reviewer needs to double check?
I still don't have any test for this. Thought I'd submit this sooner than later for feedback on what I have already.
Adding those was easier than expected, both this MR and the gitlab-shell MR have tests now.
Why was this MR needed?
A common use-case with SSH certificates is to ensure that only a whitelist of user keys with certs are used on the instance (not issued by the user, but by a central SSH key issuer). Users being able to have their manually uploaded keys used in such a setup bypasses the security policy.
Screenshots (if relevant)
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
API support added -
Tests added for this feature/bug - Conforms to the code review guidelines
-
Has been reviewed by a UX Designer -
Has been reviewed by a Frontend maintainer -
Has been reviewed by a Backend maintainer -
Has been reviewed by a Database specialist
-
-
Conforms to the merge request performance guidelines -
Conforms to the style guides -
Conforms to the database guides -
If you have multiple commits, please combine them into a few logically organized commits by squashing them -
Internationalization required/considered -
End-to-end tests pass ( package-and-qa
manual pipeline job)
What are the relevant issue numbers?
Closes #49218 (moved)
Edited by Nick Thomas