From a1ec2ad0b2638f084dffbe804b681c96dc6dadb8 Mon Sep 17 00:00:00 2001 From: Patrick Bajao Date: Thu, 29 Aug 2019 16:28:22 +0800 Subject: [PATCH] Auto create authorized_keys file if doesn't exist Utilize the auto repair functionality of system checks. --- lib/gitlab/authorized_keys.rb | 9 +++++ .../app/authorized_keys_permission_check.rb | 4 +++ spec/lib/gitlab/authorized_keys_spec.rb | 35 +++++++++++++++++++ .../authorized_keys_permission_check_spec.rb | 22 ++++++++++++ 4 files changed, 70 insertions(+) diff --git a/lib/gitlab/authorized_keys.rb b/lib/gitlab/authorized_keys.rb index ca9b65b7c44..820a78b653c 100644 --- a/lib/gitlab/authorized_keys.rb +++ b/lib/gitlab/authorized_keys.rb @@ -22,6 +22,15 @@ module Gitlab false end + # Creates the authorized_keys file if it doesn't exist + # + # @return [Boolean] + def create + open_authorized_keys_file(File::CREAT) { true } + rescue Errno::EACCES + false + end + # Add id and its key to the authorized_keys file # # @param [String] id identifier of key prefixed by `key-` diff --git a/lib/system_check/app/authorized_keys_permission_check.rb b/lib/system_check/app/authorized_keys_permission_check.rb index 1c581f88abc..1246a6875a3 100644 --- a/lib/system_check/app/authorized_keys_permission_check.rb +++ b/lib/system_check/app/authorized_keys_permission_check.rb @@ -14,6 +14,10 @@ module SystemCheck authorized_keys.accessible? end + def repair! + authorized_keys.create + end + def show_error try_fixing_it([ "sudo chmod 700 #{File.dirname(authorized_keys.file)}", diff --git a/spec/lib/gitlab/authorized_keys_spec.rb b/spec/lib/gitlab/authorized_keys_spec.rb index 0aeccc256ca..adf36cf1050 100644 --- a/spec/lib/gitlab/authorized_keys_spec.rb +++ b/spec/lib/gitlab/authorized_keys_spec.rb @@ -37,6 +37,41 @@ describe Gitlab::AuthorizedKeys do end end + describe '#create' do + subject { authorized_keys.create } + + context 'authorized_keys file exists' do + before do + create_authorized_keys_fixture + end + + after do + delete_authorized_keys_file + end + + it { is_expected.to be_truthy } + end + + context 'authorized_keys file does not exist' do + after do + delete_authorized_keys_file + end + + it 'creates authorized_keys file' do + expect(subject).to be_truthy + expect(File.exist?(tmp_authorized_keys_path)).to be_truthy + end + end + + context 'cannot create file' do + before do + allow(File).to receive(:open).and_raise(Errno::EACCES) + end + + it { is_expected.to be_falsey } + end + end + describe '#add_key' do let(:id) { 'key-741' } diff --git a/spec/lib/system_check/app/authorized_keys_permission_check_spec.rb b/spec/lib/system_check/app/authorized_keys_permission_check_spec.rb index ac216c1860c..1a8123c3f0a 100644 --- a/spec/lib/system_check/app/authorized_keys_permission_check_spec.rb +++ b/spec/lib/system_check/app/authorized_keys_permission_check_spec.rb @@ -42,4 +42,26 @@ describe SystemCheck::App::AuthorizedKeysPermissionCheck do it { is_expected.to eq(false) } end end + + describe '#repair!' do + subject { system_check.repair! } + + before do + expect_next_instance_of(Gitlab::AuthorizedKeys) do |instance| + allow(instance).to receive(:create) { created } + end + end + + context 'authorized_keys file created' do + let(:created) { true } + + it { is_expected.to eq(true) } + end + + context 'authorized_keys file is not created' do + let(:created) { false } + + it { is_expected.to eq(false) } + end + end end