Commit e6eaa8e0 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'banish_shell_from_gitlab_keys' of /home/git/repositories/gitlab/gitlab-shell

parents af88f842 ab008254
...@@ -36,12 +36,17 @@ class GitlabKeys ...@@ -36,12 +36,17 @@ class GitlabKeys
def rm_key def rm_key
$logger.info "Removing key #{@key_id}" $logger.info "Removing key #{@key_id}"
Tempfile.open('authorized_keys') do |temp| Tempfile.open('authorized_keys') do |temp|
cmd = "sed '/shell #{@key_id}\"/d' #{auth_file} > #{temp.path} && mv #{temp.path} #{auth_file}" open(auth_file, 'r+') do |current|
system(cmd) current.each do |line|
temp.puts(line) unless line.include?("/bin/gitlab-shell #{@key_id}\"")
end
end
temp.close
FileUtils.cp(temp.path, auth_file)
end end
end end
def clear def clear
system("echo '# Managed by gitlab-shell' > #{auth_file}") open(auth_file, 'w') { |file| file.puts '# Managed by gitlab-shell' }
end end
end end
...@@ -14,39 +14,46 @@ describe GitlabKeys do ...@@ -14,39 +14,46 @@ describe GitlabKeys do
it { gitlab_keys.instance_variable_get(:@key_id).should == 'key-741' } it { gitlab_keys.instance_variable_get(:@key_id).should == 'key-741' }
end end
describe :add_key do context "file writing tests" do
let(:gitlab_keys) { build_gitlab_keys('add-key', 'key-741', 'ssh-rsa AAAAB3NzaDAxx2E') } before do
let(:file) { mock(:file) } FileUtils.mkdir_p(File.dirname(tmp_authorized_keys_path))
open(tmp_authorized_keys_path, 'w') { |file| file.puts('existing content') }
it "should receive valid cmd" do gitlab_keys.stub(auth_file: tmp_authorized_keys_path)
auth_line = "command=\"#{ROOT_PATH}/bin/gitlab-shell key-741\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaDAxx2E"
gitlab_keys.should_receive(:open).with(GitlabConfig.new.auth_file, 'a').and_yield(file)
file.should_receive(:puts).with(auth_line)
gitlab_keys.send :add_key
end end
it "should log an add-key event" do describe :add_key do
$logger.should_receive(:info).with('Adding key key-741 => "ssh-rsa AAAAB3NzaDAxx2E"') let(:gitlab_keys) { build_gitlab_keys('add-key', 'key-741', 'ssh-rsa AAAAB3NzaDAxx2E') }
gitlab_keys.stub(:open)
gitlab_keys.send :add_key
end
end
describe :rm_key do it "adds a line at the end of the file" do
let(:gitlab_keys) { build_gitlab_keys('rm-key', 'key-741', 'ssh-rsa AAAAB3NzaDAxx2E') } gitlab_keys.send :add_key
let(:temp_file) { mock(:temp_file, path: 'tmp_path') } auth_line = "command=\"#{ROOT_PATH}/bin/gitlab-shell key-741\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaDAxx2E"
before { Tempfile.should_receive(:open).and_yield(temp_file) } File.read(tmp_authorized_keys_path).should == "existing content\n#{auth_line}\n"
end
it "should receive valid cmd" do it "should log an add-key event" do
auth_file = GitlabConfig.new.auth_file $logger.should_receive(:info).with('Adding key key-741 => "ssh-rsa AAAAB3NzaDAxx2E"')
valid_cmd = "sed '/shell key-741\"/d' #{auth_file} > tmp_path && mv tmp_path #{auth_file}" gitlab_keys.stub(:open)
gitlab_keys.should_receive(:system).with(valid_cmd) gitlab_keys.send :add_key
gitlab_keys.send :rm_key end
end end
it "should log an rm-key event" do describe :rm_key do
$logger.should_receive(:info).with('Removing key key-741') let(:gitlab_keys) { build_gitlab_keys('rm-key', 'key-741', 'ssh-rsa AAAAB3NzaDAxx2E') }
gitlab_keys.send :rm_key
it "removes the right line" do
other_line = "command=\"#{ROOT_PATH}/bin/gitlab-shell key-742\",options ssh-rsa AAAAB3NzaDAxx2E"
open(tmp_authorized_keys_path, 'a') do |auth_file|
auth_file.puts "command=\"#{ROOT_PATH}/bin/gitlab-shell key-741\",options ssh-rsa AAAAB3NzaDAxx2E"
auth_file.puts other_line
end
gitlab_keys.send :rm_key
File.read(tmp_authorized_keys_path).should == "existing content\n#{other_line}\n"
end
it "should log an rm-key event" do
$logger.should_receive(:info).with('Removing key key-741')
gitlab_keys.send :rm_key
end
end end
end end
...@@ -87,4 +94,8 @@ describe GitlabKeys do ...@@ -87,4 +94,8 @@ describe GitlabKeys do
ARGV[i] = arg ARGV[i] = arg
end end
end end
def tmp_authorized_keys_path
File.join(ROOT_PATH, 'tmp', 'authorized_keys')
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment