Merge branch 'da-fix-openssh-expected-command' into 'master'

Fix incorrect OPENSSH_EXPECTED_COMMAND on gitlab:geo:check task

See merge request gitlab-org/gitlab-ee!4236

changelogs/unreleased-ee/da-fix-openssh-expected-command.yml

+---
+title: Geo - Fix OPENSSH_EXPECTED_COMMAND in the geo:check rake task
+merge_request:
+author:
+type: fixed

ee/lib/system_check/geo/authorized_keys_check.rb

@@ -22,7 +22,7 @@ module SystemCheck
         \s*                        # optional any amount of space character
         (?:\#.*)?$                 # optional start-comment symbol followed by optionally any character until end of line
       }x
-      OPENSSH_EXPECTED_COMMAND = '/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check %u %k'.freeze
+      OPENSSH_EXPECTED_COMMAND = '/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k'.freeze
 
       def multi_check
         unless openssh_config_exists?

spec/ee/fixtures/system_check/sshd_config

@@ -32,7 +32,7 @@ RSAAuthentication yes
 PubkeyAuthentication yes
 #AuthorizedKeysFile	%h/.ssh/authorized_keys
 #AuthorizedKeysCommand /opt/gitlab-shell/invalid_authorized_keys %u %k
-AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check %u %k
+AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k
 AuthorizedKeysCommandUser git
 
 # Don't read the user's ~/.rhosts and ~/.shosts files

spec/ee/fixtures/system_check/sshd_config_invalid_user

@@ -4,5 +4,5 @@
 RSAAuthentication yes
 PubkeyAuthentication yes
 #AuthorizedKeysFile	%h/.ssh/authorized_keys
-AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check %u %k          # comment
+AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k          # comment
 AuthorizedKeysCommandUser anotheruser  #comment with more stuff#

spec/ee/fixtures/system_check/sshd_config_no_user

@@ -5,5 +5,5 @@ RSAAuthentication yes
 PubkeyAuthentication yes
 #AuthorizedKeysFile	%h/.ssh/authorized_keys
 #AuthorizedKeysCommand /opt/gitlab-shell/invalid_authorized_keys %u %k
-AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check %u %k
+AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k
 #AuthorizedKeysCommandUser git

spec/ee/spec/lib/system_check/geo/authorized_keys_check_spec.rb

@@ -106,7 +106,7 @@ describe SystemCheck::Geo::AuthorizedKeysCheck do
     it 'returns correct (uncommented) command' do
       override_sshd_config('system_check/sshd_config')
 
-      expect(subject.extract_authorized_keys_command).to eq('/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check %u %k')
+      expect(subject.extract_authorized_keys_command).to eq('/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k')
     end
 
     it 'returns command without comments and without quotes' do