Skip to content
Snippets Groups Projects

Default `authorized_keys_enabled` setting to true

Merged Michael Kozono requested to merge fix-authorized-keys-enabled-default-2738 into master
All threads resolved!
Compare and Show latest version
1 file
+ 3
3
Compare changes
  • Side-by-side
  • Inline
@@ -104,13 +104,305 @@ describe Gitlab::Shell, lib: true do
@@ -104,13 +104,305 @@ describe Gitlab::Shell, lib: true do
end
end
describe '#add_key' do
describe '#add_key' do
it 'removes trailing garbage' do
context 'when authorized_keys_enabled is true' do
allow(gitlab_shell).to receive(:gitlab_shell_keys_path).and_return(:gitlab_shell_keys_path)
it 'removes trailing garbage' do
expect(Gitlab::Utils).to receive(:system_silent).with(
allow(gitlab_shell).to receive(:gitlab_shell_keys_path).and_return(:gitlab_shell_keys_path)
[:gitlab_shell_keys_path, 'add-key', 'key-123', 'ssh-rsa foobar']
expect(Gitlab::Utils).to receive(:system_silent).with(
)
[:gitlab_shell_keys_path, 'add-key', 'key-123', 'ssh-rsa foobar']
 
)
 
 
gitlab_shell.add_key('key-123', 'ssh-rsa foobar trailing garbage')
 
end
 
end
 
 
context 'when authorized_keys_enabled is false' do
 
before do
 
stub_application_setting(authorized_keys_enabled: false)
 
end
 
 
it 'does nothing' do
 
expect(Gitlab::Utils).not_to receive(:system_silent)
 
 
gitlab_shell.add_key('key-123', 'ssh-rsa foobar trailing garbage')
 
end
 
end
 
 
context 'when authorized_keys_enabled is nil' do
 
before do
 
stub_application_setting(authorized_keys_enabled: nil)
 
end
gitlab_shell.add_key('key-123', 'ssh-rsa foobar trailing garbage')
it 'removes trailing garbage' do
 
allow(gitlab_shell).to receive(:gitlab_shell_keys_path).and_return(:gitlab_shell_keys_path)
 
expect(Gitlab::Utils).to receive(:system_silent).with(
 
[:gitlab_shell_keys_path, 'add-key', 'key-123', 'ssh-rsa foobar']
 
)
 
 
gitlab_shell.add_key('key-123', 'ssh-rsa foobar trailing garbage')
 
end
 
end
 
end
 
 
describe '#batch_add_keys' do
 
context 'when authorized_keys_enabled is true' do
 
it 'instantiates KeyAdder' do
 
expect_any_instance_of(Gitlab::Shell::KeyAdder).to receive(:add_key).with('key-123', 'ssh-rsa foobar')
 
 
gitlab_shell.batch_add_keys do |adder|
 
adder.add_key('key-123', 'ssh-rsa foobar')
 
end
 
end
 
end
 
 
context 'when authorized_keys_enabled is false' do
 
before do
 
stub_application_setting(authorized_keys_enabled: false)
 
end
 
 
it 'does nothing' do
 
expect_any_instance_of(Gitlab::Shell::KeyAdder).not_to receive(:add_key)
 
 
gitlab_shell.batch_add_keys do |adder|
 
adder.add_key('key-123', 'ssh-rsa foobar')
 
end
 
end
 
end
 
 
context 'when authorized_keys_enabled is nil' do
 
before do
 
stub_application_setting(authorized_keys_enabled: nil)
 
end
 
 
it 'instantiates KeyAdder' do
 
expect_any_instance_of(Gitlab::Shell::KeyAdder).to receive(:add_key).with('key-123', 'ssh-rsa foobar')
 
 
gitlab_shell.batch_add_keys do |adder|
 
adder.add_key('key-123', 'ssh-rsa foobar')
 
end
 
end
 
end
 
end
 
 
describe '#remove_key' do
 
context 'when authorized_keys_enabled is true' do
 
it 'removes trailing garbage' do
 
allow(gitlab_shell).to receive(:gitlab_shell_keys_path).and_return(:gitlab_shell_keys_path)
 
expect(Gitlab::Utils).to receive(:system_silent).with(
 
[:gitlab_shell_keys_path, 'rm-key', 'key-123', 'ssh-rsa foobar']
 
)
 
 
gitlab_shell.remove_key('key-123', 'ssh-rsa foobar')
 
end
 
end
 
 
context 'when authorized_keys_enabled is false' do
 
before do
 
stub_application_setting(authorized_keys_enabled: false)
 
end
 
 
it 'does nothing' do
 
expect(Gitlab::Utils).not_to receive(:system_silent)
 
 
gitlab_shell.remove_key('key-123', 'ssh-rsa foobar')
 
end
 
end
 
 
context 'when authorized_keys_enabled is nil' do
 
before do
 
stub_application_setting(authorized_keys_enabled: nil)
 
end
 
 
it 'removes trailing garbage' do
 
allow(gitlab_shell).to receive(:gitlab_shell_keys_path).and_return(:gitlab_shell_keys_path)
 
expect(Gitlab::Utils).to receive(:system_silent).with(
 
[:gitlab_shell_keys_path, 'rm-key', 'key-123', 'ssh-rsa foobar']
 
)
 
 
gitlab_shell.remove_key('key-123', 'ssh-rsa foobar')
 
end
 
end
 
 
context 'when key content is not given' do
 
it 'calls rm-key with only one argument' do
 
allow(gitlab_shell).to receive(:gitlab_shell_keys_path).and_return(:gitlab_shell_keys_path)
 
expect(Gitlab::Utils).to receive(:system_silent).with(
 
[:gitlab_shell_keys_path, 'rm-key', 'key-123']
 
)
 
 
gitlab_shell.remove_key('key-123')
 
end
 
end
 
end
 
 
describe '#remove_all_keys' do
 
context 'when authorized_keys_enabled is true' do
 
it 'removes trailing garbage' do
 
allow(gitlab_shell).to receive(:gitlab_shell_keys_path).and_return(:gitlab_shell_keys_path)
 
expect(Gitlab::Utils).to receive(:system_silent).with([:gitlab_shell_keys_path, 'clear'])
 
 
gitlab_shell.remove_all_keys
 
end
 
end
 
 
context 'when authorized_keys_enabled is false' do
 
before do
 
stub_application_setting(authorized_keys_enabled: false)
 
end
 
 
it 'does nothing' do
 
expect(Gitlab::Utils).not_to receive(:system_silent)
 
 
gitlab_shell.remove_all_keys
 
end
 
end
 
 
context 'when authorized_keys_enabled is nil' do
 
before do
 
stub_application_setting(authorized_keys_enabled: nil)
 
end
 
 
it 'removes trailing garbage' do
 
allow(gitlab_shell).to receive(:gitlab_shell_keys_path).and_return(:gitlab_shell_keys_path)
 
expect(Gitlab::Utils).to receive(:system_silent).with([:gitlab_shell_keys_path, 'clear'])
 
 
gitlab_shell.remove_all_keys
 
end
 
end
 
end
 
 
describe '#remove_keys_not_found_in_db' do
 
context 'when keys are in the file that are not in the DB' do
 
before do
 
gitlab_shell.remove_all_keys
 
gitlab_shell.add_key('key-1234', 'ssh-rsa ASDFASDF')
 
gitlab_shell.add_key('key-9876', 'ssh-rsa ASDFASDF')
 
@another_key = create(:key) # this one IS in the DB
 
end
 
 
it 'removes the keys' do
 
expect(find_in_authorized_keys_file(1234)).to be_truthy
 
expect(find_in_authorized_keys_file(9876)).to be_truthy
 
expect(find_in_authorized_keys_file(@another_key.id)).to be_truthy
 
gitlab_shell.remove_keys_not_found_in_db
 
expect(find_in_authorized_keys_file(1234)).to be_falsey
 
expect(find_in_authorized_keys_file(9876)).to be_falsey
 
expect(find_in_authorized_keys_file(@another_key.id)).to be_truthy
 
end
 
end
 
 
context 'when keys there are duplicate keys in the file that are not in the DB' do
 
before do
 
gitlab_shell.remove_all_keys
 
gitlab_shell.add_key('key-1234', 'ssh-rsa ASDFASDF')
 
gitlab_shell.add_key('key-1234', 'ssh-rsa ASDFASDF')
 
end
 
 
it 'removes the keys' do
 
expect(find_in_authorized_keys_file(1234)).to be_truthy
 
gitlab_shell.remove_keys_not_found_in_db
 
expect(find_in_authorized_keys_file(1234)).to be_falsey
 
end
 
 
it 'does not run remove more than once per key (in a batch)' do
 
expect(gitlab_shell).to receive(:remove_key).with('key-1234').once
 
gitlab_shell.remove_keys_not_found_in_db
 
end
 
end
 
 
context 'when keys there are duplicate keys in the file that ARE in the DB' do
 
before do
 
gitlab_shell.remove_all_keys
 
@key = create(:key)
 
gitlab_shell.add_key(@key.shell_id, @key.key)
 
end
 
 
it 'does not remove the key' do
 
gitlab_shell.remove_keys_not_found_in_db
 
expect(find_in_authorized_keys_file(@key.id)).to be_truthy
 
end
 
 
it 'does not need to run a SELECT query for that batch, on account of that key' do
 
expect_any_instance_of(ActiveRecord::Relation).not_to receive(:pluck)
 
gitlab_shell.remove_keys_not_found_in_db
 
end
 
end
 
 
unless ENV['CI'] # Skip in CI, it takes 1 minute
 
context 'when the first batch can be skipped, but the next batch has keys that are not in the DB' do
 
before do
 
gitlab_shell.remove_all_keys
 
100.times { |i| create(:key) } # first batch is all in the DB
 
gitlab_shell.add_key('key-1234', 'ssh-rsa ASDFASDF')
 
end
 
 
it 'removes the keys not in the DB' do
 
expect(find_in_authorized_keys_file(1234)).to be_truthy
 
gitlab_shell.remove_keys_not_found_in_db
 
expect(find_in_authorized_keys_file(1234)).to be_falsey
 
end
 
end
 
end
 
end
 
 
describe '#batch_read_key_ids' do
 
context 'when there are keys in the authorized_keys file' do
 
before do
 
gitlab_shell.remove_all_keys
 
(1..4).each do |i|
 
gitlab_shell.add_key("key-#{i}", "ssh-rsa ASDFASDF#{i}")
 
end
 
end
 
 
it 'iterates over the key IDs in the file, in batches' do
 
loop_count = 0
 
first_batch = [1, 2]
 
second_batch = [3, 4]
 
 
gitlab_shell.batch_read_key_ids(batch_size: 2) do |batch|
 
expected = (loop_count == 0 ? first_batch : second_batch)
 
expect(batch).to eq(expected)
 
loop_count += 1
 
end
 
end
 
end
 
end
 
 
describe '#list_key_ids' do
 
context 'when there are keys in the authorized_keys file' do
 
before do
 
gitlab_shell.remove_all_keys
 
(1..4).each do |i|
 
gitlab_shell.add_key("key-#{i}", "ssh-rsa ASDFASDF#{i}")
 
end
 
end
 
 
it 'outputs the key IDs in the file, separated by newlines' do
 
ids = []
 
gitlab_shell.list_key_ids do |io|
 
io.each do |line|
 
ids << line
 
end
 
end
 
 
expect(ids).to eq(%W{1\n 2\n 3\n 4\n})
 
end
 
end
 
 
context 'when there are no keys in the authorized_keys file' do
 
before do
 
gitlab_shell.remove_all_keys
 
end
 
 
it 'outputs nothing, not even an empty string' do
 
ids = []
 
gitlab_shell.list_key_ids do |io|
 
io.each do |line|
 
ids << line
 
end
 
end
 
 
expect(ids).to eq([])
 
end
end
end
end
end
@@ -188,4 +480,12 @@ describe Gitlab::Shell, lib: true do
@@ -188,4 +480,12 @@ describe Gitlab::Shell, lib: true do
end
end
end
end
end
end
 
 
def find_in_authorized_keys_file(key_id)
 
gitlab_shell.batch_read_key_ids do |ids|
 
return true if ids.include?(key_id)
 
end
 
 
false
 
end
end
end
Loading