Deploy Keys API: adding existing keys is broken
Summary
Adding an existing deployment key through the API always returns "fingerprint":["has already been taken"]. According to the Deploy Key API Docs, the key should be joined and enabled in the project if it already exists:
If the deploy key already exists in another project, it will be joined to current project only if original one was is accessible by the same user.
(by the way, there's a typo: "if .. was is accessible").
Steps to reproduce
Create two projects, add a deployment key to one of them, try to add the same deployment key to the other project as well:
curl --request POST --header "PRIVATE-TOKEN: ***" --header "Content-Type: application/json" --data '{"id": "29", "title": "testkey", "key": "ssh-rsa AAA..."}' "https://git.example.org/api/v4/projects/29/deploy_keys/"
{"id":60,"title":"testkey","key":"ssh-rsa AAA...","created_at":"2017-08-10T12:36:09.491Z","can_push":false}
curl --request POST --header "PRIVATE-TOKEN: ***" --header "Content-Type: application/json" --data '{"id": "45", "title": "testkey", "key": "ssh-rsa AAA..."}' "https://git.example.org/api/v4/projects/45/deploy_keys/"
{"message":{"fingerprint":["has already been taken"]}}Both commands are similar except for the project ID. As both commands use the same API token user, the key should be accessible to this user.
What is the expected correct behavior?
The second command should enable the deployment key for the second project.
Relevant logs and/or screenshots
From /var/log/gitlab/gitlab-rails/production.log:
Started POST "/api/v4/projects/45/deploy_keys/" for 46.246.38.92 at 2017-08-10 12:42:10 +0000
You are setting a key that conflicts with a built-in method Hashie::Mash#key defined in Hash. This can cause unexpected behavior when accessing the key via as a property. You can still access the key via the #[] method.
You are setting a key that conflicts with a built-in method Hashie::Mash#key defined in Hash. This can cause unexpected behavior when accessing the key via as a property. You can still access the key via the #[] method.Results of GitLab environment info
System information
System: Debian 9.1
Current User: git
Using RVM: no
Ruby Version: 2.3.3p222
Gem Version: 2.6.6
Bundler Version:1.13.7
Rake Version: 10.5.0
Redis Version: 3.2.5
Git Version: 2.13.0
Sidekiq Version:5.0.0
Go Version: unknown
GitLab information
Version: 9.4.3
Revision: b125d21
Directory: /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: postgresql
URL: https://git.example.org
HTTP Clone URL: https://git.example.org/some-group/some-project.git
SSH Clone URL: git@git.example.org:some-group/some-project.git
Using LDAP: no
Using Omniauth: no
GitLab Shell
Version: 5.3.1
Repository storage paths:
- default: /var/opt/gitlab/git-data/repositories
Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks
Git: /opt/gitlab/embedded/bin/gitResults of GitLab application Check
Checking GitLab Shell ...
GitLab Shell version >= 5.3.1 ? ... OK (5.3.1)
Repo base directory exists?
default... yes
Repo storage directories are symlinks?
default... no
Repo paths owned by git:root, or git:git?
default... yes
Repo paths access is drwxrws---?
default... yes
hooks directories in repos are links: ...
8/16 ... ok
12/29 ... ok
12/34 ... ok
3/42 ... ok
8/43 ... ok
3/45 ... ok
3/47 ... ok
3/48 ... ok
8/53 ... ok
8/54 ... ok
8/56 ... ok
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Check GitLab API access: OK
Access to /var/opt/gitlab/.ssh/authorized_keys: OK
Send ping to redis server: OK
gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Sidekiq ...
Running? ... yes
Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Checking Reply by email ...
Reply by email is disabled in config/gitlab.yml
Checking Reply by email ... Finished
Checking LDAP ...
LDAP is disabled in config/gitlab.yml
Checking LDAP ... Finished
Checking GitLab ...
Git configured correctly? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config up to date? ... yes
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory exists? ... yes
Uploads directory has correct permissions? ... yes
Uploads directory tmp has correct permissions? ... yes
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
Projects have namespace: ...
8/16 ... yes
12/29 ... yes
12/34 ... yes
3/42 ... yes
8/43 ... yes
3/45 ... yes
3/47 ... yes
3/48 ... yes
8/53 ... yes
8/54 ... yes
8/56 ... yes
Redis version >= 2.8.0? ... yes
Ruby version >= 2.3.3 ? ... yes (2.3.3)
Git version >= 2.7.3 ? ... yes (2.13.0)
Active users: ... 7
Checking GitLab ... FinishedEdited by 🤖 GitLab Bot 🤖