Return SSH key details in /internal/allowed response

Right now when a client such as gitlab-shell calls the
`/api/v4/internal/allowed` API, the response only tells the client what
user has been granted access, and it's impossible to tell which deploy
key/token was used in the authentication request.

This commit adds `gl_key_type` (e.g. `deploy_key`) and `gl_key_id`
fields to the API response so that admins can identify the exact record
that was used to authenticate the user.

This is needed to support
https://gitlab.com/gitlab-org/gitlab-shell/-/issues/203.

changelogs/unreleased/sh-return-key-details.yml

+---
+title: Return SSH key details in /internal/allowed response
+merge_request: 37289
+author:
+type: changed

lib/api/internal/base.rb

@@ -67,7 +67,7 @@ module API
                                    "uploadpack.allowAnySHA1InWant=true"],
               gitaly: gitaly_payload(params[:action]),
               gl_console_messages: check_result.console_messages
-            }
+            }.merge!(actor.key_details)
 
             # Custom option for git-receive-pack command
 

lib/api/support/git_access_actor.rb

@@ -39,6 +39,15 @@ module API
       def update_last_used_at!
         key&.update_last_used_at
       end
+
+      def key_details
+        return {} unless key
+
+        {
+          gl_key_type: key.model_name.singular,
+          gl_key_id: key.id
+        }
+      end
     end
   end
 end

spec/lib/api/support/git_access_actor_spec.rb

@@ -36,7 +36,7 @@ RSpec.describe API::Support::GitAccessActor do
   describe 'attributes' do
     describe '#user' do
       context 'when initialized with a User' do
-        let(:user) { create(:user) }
+        let(:user) { build(:user) }
 
         it 'returns the User' do
           expect(subject.user).to eq(user)
@@ -44,7 +44,7 @@ RSpec.describe API::Support::GitAccessActor do
       end
 
       context 'when initialized with a Key' do
-        let(:user_for_key) { create(:user) }
+        let(:user_for_key) { build(:user) }
         let(:key) { create(:key, user: user_for_key) }
 
         it 'returns the User associated to the Key' do
@@ -85,7 +85,7 @@ RSpec.describe API::Support::GitAccessActor do
 
   describe '#username' do
     context 'when initialized with a User' do
-      let(:user) { create(:user) }
+      let(:user) { build(:user) }
 
       it 'returns the username' do
         expect(subject.username).to eq(user.username)
@@ -104,7 +104,7 @@ RSpec.describe API::Support::GitAccessActor do
       end
 
       context 'that has a User associated' do
-        let(:user_for_key) { create(:user) }
+        let(:user_for_key) { build(:user) }
 
         it 'returns the username of the User associated to the Key' do
           expect(subject.username).to eq(user_for_key.username)
@@ -113,9 +113,47 @@ RSpec.describe API::Support::GitAccessActor do
     end
   end
 
+  describe '#key_details' do
+    context 'when initialized with a User' do
+      let(:user) { build(:user) }
+
+      it 'returns an empty Hash' do
+        expect(subject.key_details).to eq({})
+      end
+    end
+
+    context 'when initialized with a Key' do
+      let(:key) { create(:key, user: user_for_key) }
+
+      context 'that has no User associated' do
+        let(:user_for_key) { nil }
+
+        it 'returns a Hash' do
+          expect(subject.key_details).to eq({ gl_key_type: 'key', gl_key_id: key.id })
+        end
+      end
+
+      context 'that has a User associated' do
+        let(:user_for_key) { build(:user) }
+
+        it 'returns a Hash' do
+          expect(subject.key_details).to eq({ gl_key_type: 'key', gl_key_id: key.id })
+        end
+      end
+    end
+
+    context 'when initialized with a DeployKey' do
+      let(:key) { create(:deploy_key) }
+
+      it 'returns a Hash' do
+        expect(subject.key_details).to eq({ gl_key_type: 'deploy_key', gl_key_id: key.id })
+      end
+    end
+  end
+
   describe '#update_last_used_at!' do
     context 'when initialized with a User' do
-      let(:user) { create(:user) }
+      let(:user) { build(:user) }
 
       it 'does nothing' do
         expect(user).not_to receive(:update_last_used_at)

spec/requests/api/internal/base_spec.rb

@@ -321,6 +321,8 @@ RSpec.describe API::Internal::Base do
           expect(json_response["status"]).to be_truthy
           expect(json_response["gl_project_path"]).to eq(project.wiki.full_path)
           expect(json_response["gl_repository"]).to eq("wiki-#{project.id}")
+          expect(json_response["gl_key_type"]).to eq("key")
+          expect(json_response["gl_key_id"]).to eq(key.id)
           expect(user.reload.last_activity_on).to be_nil
         end
 
@@ -444,6 +446,8 @@ RSpec.describe API::Internal::Base do
             expect(json_response["status"]).to be_truthy
             expect(json_response["gl_repository"]).to eq("project-#{project.id}")
             expect(json_response["gl_project_path"]).to eq(project.full_path)
+            expect(json_response["gl_key_type"]).to eq("key")
+            expect(json_response["gl_key_id"]).to eq(key.id)
             expect(json_response["gitaly"]).not_to be_nil
             expect(json_response["gitaly"]["repository"]).not_to be_nil
             expect(json_response["gitaly"]["repository"]["storage_name"]).to eq(project.repository.gitaly_repository.storage_name)
@@ -706,6 +710,8 @@ RSpec.describe API::Internal::Base do
           expect(response).to have_gitlab_http_status(:ok)
           expect(json_response["status"]).to be_truthy
           expect(json_response["gitaly"]).not_to be_nil
+          expect(json_response["gl_key_type"]).to eq("deploy_key")
+          expect(json_response["gl_key_id"]).to eq(key.id)
           expect(json_response["gitaly"]["repository"]).not_to be_nil
           expect(json_response["gitaly"]["repository"]["storage_name"]).to eq(project.repository.gitaly_repository.storage_name)
           expect(json_response["gitaly"]["repository"]["relative_path"]).to eq(project.repository.gitaly_repository.relative_path)