Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-shell
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-shell
Commits
f52cffed
Commit
f52cffed
authored
Sep 04, 2019
by
Patrick Bajao
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Remove gitlab-keys script
parent
27ac9328
Changes
5
Expand all
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
1 addition
and
519 deletions
+1
-519
README.md
README.md
+0
-18
bin/check
bin/check
+0
-10
bin/gitlab-keys
bin/gitlab-keys
+0
-27
lib/gitlab_keys.rb
lib/gitlab_keys.rb
+1
-152
spec/gitlab_keys_spec.rb
spec/gitlab_keys_spec.rb
+0
-312
No files found.
README.md
View file @
f52cffed
...
@@ -76,24 +76,6 @@ Checks if GitLab API access and redis via internal API can be reached:
...
@@ -76,24 +76,6 @@ Checks if GitLab API access and redis via internal API can be reached:
make check
make check
## Keys
Add key:
./bin/gitlab-keys add-key key-782 "ssh-rsa AAAAx321..."
Remove key:
./bin/gitlab-keys rm-key key-23 "ssh-rsa AAAAx321..."
List all keys:
./bin/gitlab-keys list-keys
Remove all keys from authorized_keys file:
./bin/gitlab-keys clear
## Testing
## Testing
Run Ruby and Golang tests:
Run Ruby and Golang tests:
...
...
bin/check
View file @
f52cffed
...
@@ -29,14 +29,4 @@ rescue GitlabNet::ApiUnreachableError
...
@@ -29,14 +29,4 @@ rescue GitlabNet::ApiUnreachableError
abort
"FAILED: Failed to connect to internal API"
abort
"FAILED: Failed to connect to internal API"
end
end
config
=
GitlabConfig
.
new
abort
(
"ERROR: missing option in config.yml"
)
unless
config
.
auth_file
print
"Access to
#{
config
.
auth_file
}
: "
if
system
(
File
.
dirname
(
__FILE__
)
+
'/gitlab-keys'
,
'check-permissions'
)
print
'OK'
else
abort
"FAILED"
end
puts
"
\n
"
puts
"
\n
"
bin/gitlab-keys
deleted
100755 → 0
View file @
27ac9328
#!/usr/bin/env ruby
require_relative
'../lib/gitlab_init'
#
# GitLab Keys shell. Add/remove keys from ~/.ssh/authorized_keys
#
# Ex.
# /bin/gitlab-keys add-key key-782 "ssh-rsa AAAAx321..."
#
# printf "key-782\tssh-rsa AAAAx321...\n" | /bin/gitlab-keys batch-add-keys
#
# /bin/gitlab-keys rm-key key-23 "ssh-rsa AAAAx321..."
#
# /bin/gitlab-keys list-keys
#
# /bin/gitlab-keys clear
#
require
File
.
join
(
ROOT_PATH
,
'lib'
,
'gitlab_keys'
)
# Return non-zero if command execution was not successful
if
GitlabKeys
.
new
.
exec
exit
0
else
exit
1
end
lib/gitlab_keys.rb
View file @
f52cffed
require
'timeout'
module
GitlabKeys
require_relative
'gitlab_config'
require_relative
'gitlab_logger'
require_relative
'gitlab_metrics'
class
GitlabKeys
# rubocop:disable Metrics/ClassLength
class
KeyError
<
StandardError
;
end
class
KeyError
<
StandardError
;
end
attr_accessor
:auth_file
,
:key
def
self
.
command
(
whatever
)
def
self
.
command
(
whatever
)
"
#{
ROOT_PATH
}
/bin/gitlab-shell
#{
whatever
}
"
"
#{
ROOT_PATH
}
/bin/gitlab-shell
#{
whatever
}
"
end
end
...
@@ -44,147 +36,4 @@ class GitlabKeys # rubocop:disable Metrics/ClassLength
...
@@ -44,147 +36,4 @@ class GitlabKeys # rubocop:disable Metrics/ClassLength
whatever_line
(
command_key
(
username_key_id
),
principal
)
whatever_line
(
command_key
(
username_key_id
),
principal
)
end
end
def
initialize
@command
=
ARGV
.
shift
@key_id
=
ARGV
.
shift
key
=
ARGV
.
shift
@key
=
key
.
dup
if
key
@auth_file
=
GitlabConfig
.
new
.
auth_file
end
def
exec
GitlabMetrics
.
measure
(
"command-
#{
@command
}
"
)
do
case
@command
when
'add-key'
add_key
when
'batch-add-keys'
batch_add_keys
when
'rm-key'
rm_key
when
'list-keys'
list_keys
when
'list-key-ids'
list_key_ids
when
'clear'
clear
when
'check-permissions'
check_permissions
else
$logger
.
warn
(
'Attempt to execute invalid gitlab-keys command'
,
command:
@command
.
inspect
)
puts
'not allowed'
false
end
end
end
protected
def
add_key
lock
do
$logger
.
info
(
'Adding key'
,
key_id:
@key_id
,
public_key:
@key
)
auth_line
=
self
.
class
.
key_line
(
@key_id
,
@key
)
open_auth_file
(
'a'
)
{
|
file
|
file
.
puts
(
auth_line
)
}
end
true
end
def
list_keys
$logger
.
info
'Listing all keys'
keys
=
''
File
.
readlines
(
auth_file
).
each
do
|
line
|
# key_id & public_key
# command=".../bin/gitlab-shell key-741" ... ssh-rsa AAAAB3NzaDAxx2E\n
# ^^^^^^^ ^^^^^^^^^^^^^^^
matches
=
/^command=\".+?\s+(.+?)\".+?(?:ssh|ecdsa)-.*?\s(.+)\s*.*\n*$/
.
match
(
line
)
keys
<<
"
#{
matches
[
1
]
}
#{
matches
[
2
]
}
\n
"
unless
matches
.
nil?
end
puts
keys
end
def
list_key_ids
$logger
.
info
'Listing all key IDs'
open_auth_file
(
'r'
)
do
|
f
|
f
.
each_line
do
|
line
|
matchd
=
line
.
match
(
/key-(\d+)/
)
next
unless
matchd
puts
matchd
[
1
]
end
end
end
def
batch_add_keys
lock
(
300
)
do
# Allow 300 seconds (5 minutes) for batch_add_keys
open_auth_file
(
'a'
)
do
|
file
|
stdin
.
each_line
do
|
input
|
tokens
=
input
.
strip
.
split
(
"
\t
"
)
abort
(
"
#{
$0
}
: invalid input
#{
input
.
inspect
}
"
)
unless
tokens
.
count
==
2
key_id
,
public_key
=
tokens
$logger
.
info
(
'Adding key'
,
key_id:
key_id
,
public_key:
public_key
)
file
.
puts
(
self
.
class
.
key_line
(
key_id
,
public_key
))
end
end
end
true
end
def
stdin
$stdin
end
def
rm_key
lock
do
$logger
.
info
(
'Removing key'
,
key_id:
@key_id
)
open_auth_file
(
'r+'
)
do
|
f
|
while
line
=
f
.
gets
# rubocop:disable Lint/AssignmentInCondition
next
unless
line
.
start_with?
(
"command=
\"
#{
self
.
class
.
command_key
(
@key_id
)
}
\"
"
)
f
.
seek
(
-
line
.
length
,
IO
::
SEEK_CUR
)
# Overwrite the line with #'s. Because the 'line' variable contains
# a terminating '\n', we write line.length - 1 '#' characters.
f
.
write
(
'#'
*
(
line
.
length
-
1
))
end
end
end
true
end
def
clear
open_auth_file
(
'w'
)
{
|
file
|
file
.
puts
'# Managed by gitlab-shell'
}
true
end
def
check_permissions
open_auth_file
(
File
::
RDWR
|
File
::
CREAT
)
{
true
}
rescue
=>
ex
puts
"error: could not open
#{
auth_file
}
:
#{
ex
}
"
if
File
.
exist?
(
auth_file
)
system
(
'ls'
,
'-l'
,
auth_file
)
else
# Maybe the parent directory is not writable?
system
(
'ls'
,
'-ld'
,
File
.
dirname
(
auth_file
))
end
false
end
def
lock
(
timeout
=
10
)
File
.
open
(
lock_file
,
"w+"
)
do
|
f
|
begin
f
.
flock
File
::
LOCK_EX
Timeout
.
timeout
(
timeout
)
{
yield
}
ensure
f
.
flock
File
::
LOCK_UN
end
end
end
def
lock_file
@lock_file
||=
auth_file
+
'.lock'
end
def
open_auth_file
(
mode
)
open
(
auth_file
,
mode
,
0
o600
)
do
|
file
|
file
.
chmod
(
0
o600
)
yield
file
end
end
end
end
spec/gitlab_keys_spec.rb
View file @
f52cffed
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment