Use a scope to add/remove LDAP keys

For some reason I needed to add a reload statement in the specs.

app/models/key.rb

@@ -27,6 +27,8 @@ class Key < ActiveRecord::Base
   validates :key, presence: true, length: { within: 0..5000 }, format: { with: /\A(ssh|ecdsa)-.*\Z/ }, uniqueness: true
   validates :fingerprint, uniqueness: true, presence: { message: 'cannot be generated' }
 
+  scope :ldap, -> { where(type: 'LDAPKey') }
+
   delegate :name, :email, to: :user, prefix: true
 
   after_create :add_to_shell

lib/gitlab/ldap/access.rb

@@ -62,17 +62,14 @@ module Gitlab
         # Get LDAP user entry
         ldap_user = Gitlab::LDAP::Person.find_by_dn(user.extern_uid)
 
-        ldap_user.ssh_keys.each do |key|
-          unless user.keys.find_by_key(key)
-            k = LDAPKey.new(title: "LDAP - #{Gitlab.config.ldap['sync_ssh_keys']}", key: key)
-            user.keys << k if k.save
-          end
+        user.keys.ldap.where.not(key: ldap_user.ssh_keys).each do |deleted_key|
+          deleted_key.destroy
         end
-        user.keys.to_a.each do |k|
-          if k.is_a?(LDAPKey) && !ldap_user.ssh_keys.include?(k.key)
-            user.keys.delete(k)
-            k.destroy
-          end
+
+        (ldap_user.ssh_keys - user.keys.ldap.pluck(:key)).each do |key|
+          new_key = LDAPKey.new(title: "LDAP - #{Gitlab.config.ldap['sync_ssh_keys']}", key: key)
+          new_key.user = user
+          new_key.save
         end
       end
 

spec/lib/gitlab/ldap/ldap_access_spec.rb

@@ -88,6 +88,7 @@ describe Gitlab::LDAP::Access do
 
       expect(user_ldap.keys.size).to be(0)
       access.update_ssh_keys(user_ldap)
+      user_ldap.reload
       expect(user_ldap.keys.size).to be(1)
     end