Auto create authorized_keys file if doesn't exist

Utilize the auto repair functionality of system checks.
2019-08-29 16:28:22 +08:00 · 2019-08-29 16:28:22 +08:00 · a1ec2ad0b2
commit a1ec2ad0b2
parent b047359de5
4 changed files with 70 additions and 0 deletions
--- a/lib/gitlab/authorized_keys.rb
+++ b/lib/gitlab/authorized_keys.rb
@ -22,6 +22,15 @@ module Gitlab
      false
    end

+    # Creates the authorized_keys file if it doesn't exist
+    #
+    # @return [Boolean]
+    def create
+      open_authorized_keys_file(File::CREAT) { true }
+    rescue Errno::EACCES
+      false
+    end
+
    # Add id and its key to the authorized_keys file
    #
    # @param [String] id identifier of key prefixed by `key-`
--- a/lib/system_check/app/authorized_keys_permission_check.rb
+++ b/lib/system_check/app/authorized_keys_permission_check.rb
@ -14,6 +14,10 @@ module SystemCheck
        authorized_keys.accessible?
      end

+      def repair!
+        authorized_keys.create
+      end
+
      def show_error
        try_fixing_it([
          "sudo chmod 700 #{File.dirname(authorized_keys.file)}",
--- a/spec/lib/gitlab/authorized_keys_spec.rb
+++ b/spec/lib/gitlab/authorized_keys_spec.rb
@ -37,6 +37,41 @@ describe Gitlab::AuthorizedKeys do
    end
  end

+  describe '#create' do
+    subject { authorized_keys.create }
+
+    context 'authorized_keys file exists' do
+      before do
+        create_authorized_keys_fixture
+      end
+
+      after do
+        delete_authorized_keys_file
+      end
+
+      it { is_expected.to be_truthy }
+    end
+
+    context 'authorized_keys file does not exist' do
+      after do
+        delete_authorized_keys_file
+      end
+
+      it 'creates authorized_keys file' do
+        expect(subject).to be_truthy
+        expect(File.exist?(tmp_authorized_keys_path)).to be_truthy
+      end
+    end
+
+    context 'cannot create file' do
+      before do
+        allow(File).to receive(:open).and_raise(Errno::EACCES)
+      end
+
+      it { is_expected.to be_falsey }
+    end
+  end
+
  describe '#add_key' do
    let(:id) { 'key-741' }

--- a/spec/lib/system_check/app/authorized_keys_permission_check_spec.rb
+++ b/spec/lib/system_check/app/authorized_keys_permission_check_spec.rb
@ -42,4 +42,26 @@ describe SystemCheck::App::AuthorizedKeysPermissionCheck do
      it { is_expected.to eq(false) }
    end
  end
+
+  describe '#repair!' do
+    subject { system_check.repair! }
+
+    before do
+      expect_next_instance_of(Gitlab::AuthorizedKeys) do |instance|
+        allow(instance).to receive(:create) { created }
+      end
+    end
+
+    context 'authorized_keys file created' do
+      let(:created) { true }
+
+      it { is_expected.to eq(true) }
+    end
+
+    context 'authorized_keys file is not created' do
+      let(:created) { false }
+
+      it { is_expected.to eq(false) }
+    end
+  end
 end