Improve regex for geo auth keys checker

- The `gitlab:geo:check` rake task produced misleading results if the AuthorizedKeysCommand* directives had leading whitespace. Altered the regular expressions to allow for zero-to-many occurrences of whitespace before the directives. Related https://gitlab.com/gitlab-org/gitlab-orchestrator/-/issues/30 Closes https://gitlab.com/gitlab-org/gitlab/-/issues/219572Signed-off-by: Robert Marshall <rmarshall@gitlab.com>

Improve regex for geo auth keys checker
- The `gitlab:geo:check` rake task produced misleading results if the AuthorizedKeysCommand* directives had leading whitespace. Altered the regular expressions to allow for zero-to-many occurrences of whitespace before the directives. Related https://gitlab.com/gitlab-org/gitlab-orchestrator/-/issues/30 Closes https://gitlab.com/gitlab-org/gitlab/-/issues/219572Signed-off-by: Robert Marshall <rmarshall@gitlab.com>
03759b4b · Robert Marshall · Robert Speicher · e8550c5d · 03759b4b · 03759b4b
Commit 03759b4b authored Jun 01, 2020 by Robert Marshall Committed by Robert Speicher Jun 01, 2020
4 changed files
--- a/ee/changelogs/unreleased/30-fix-geo-authorized-keys-regex.yml
+++ b/ee/changelogs/unreleased/30-fix-geo-authorized-keys-regex.yml
+---
+title: Improve regex for geo auth keys checker
+merge_request: 33447
+author:
+type: fixed
--- a/ee/lib/system_check/geo/authorized_keys_check.rb
+++ b/ee/lib/system_check/geo/authorized_keys_check.rb
@@ -193,7 +193,7 @@ module SystemCheck

        File.open(openssh_config_path) do |f|
          f.each_line do |line|
-            if (match = line.match(regexp))
+            if (match = line.strip.match(regexp))
              raw_content = match[:content]
              # remove linebreak, and lead and trailing spaces
              return raw_content.chomp.strip # rubocop:disable Cop/AvoidReturnFromBlocks

--- a/ee/spec/fixtures/system_check/sshd_config_leading_whitespace
+++ b/ee/spec/fixtures/system_check/sshd_config_leading_whitespace
+# Package generated configuration file
+# See the sshd_config(5) manpage for details
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+#AuthorizedKeysFile	%h/.ssh/authorized_keys
+#AuthorizedKeysCommand /opt/gitlab-shell/invalid_authorized_keys %u %k
+ AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k
+  AuthorizedKeysCommandUser git
--- a/ee/spec/lib/system_check/geo/authorized_keys_check_spec.rb
+++ b/ee/spec/lib/system_check/geo/authorized_keys_check_spec.rb
@@ -111,6 +111,12 @@ describe SystemCheck::Geo::AuthorizedKeysCheck do
      expect(subject.extract_authorized_keys_command).to eq('/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k')
    end

+    it 'returns correct (leading whitespace) command' do
+      override_sshd_config('system_check/sshd_config_leading_whitespace')
+
+      expect(subject.extract_authorized_keys_command).to eq('/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k')
+    end
+
    it 'returns command without comments and without quotes' do
      override_sshd_config('system_check/sshd_config_invalid_command')

@@ -131,6 +137,12 @@ describe SystemCheck::Geo::AuthorizedKeysCheck do
      expect(subject.extract_authorized_keys_command_user).to eq('git')
    end

+    it 'returns correct (leading whitespace) command' do
+      override_sshd_config('system_check/sshd_config_leading_whitespace')
+
+      expect(subject.extract_authorized_keys_command_user).to eq('git')
+    end
+
    it 'returns command without comments' do
      override_sshd_config('system_check/sshd_config_invalid_command')