Add script to identify problematic deploy keys

doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md

@@ -305,6 +305,44 @@ p.statistics.refresh!
 pp p.statistics  # compare with earlier values
 ```
 
+### Identify deploy keys associated with blocked and non-member users 
+
+When the user who created a deploy key is blocked or removed from the project the key can no longer be used to push to the project (see https://gitlab.com/gitlab-org/gitlab/-/issues/329742).
+
+```ruby
+def deploy_key_allowed(deploy_key, project)
+  deploy_key.has_access_to?(project) && deploy_key.can_push_to?(project)
+end
+
+def user_allowed(user, project)
+  user_access = Gitlab::UserAccess.new(user, container: project)
+  user_can_push = user_access.can_do_action?(:push_code) ||
+    project.any_branch_allows_collaboration?(user)
+
+  user_access.allowed? && user_can_push
+end
+
+ghost_user_id = User.ghost.id
+
+DeployKeysProject.with_write_access.find_each do |deploy_key_mapping|
+  project = deploy_key_mapping.project
+  deploy_key = deploy_key_mapping.deploy_key
+  user = deploy_key.user
+
+  next if deploy_key_allowed(deploy_key, project) and user_allowed(user, project)
+
+  puts "==="
+  puts "Unusable deploy key for pushing: ID #{deploy_key.id} for project #{project.id}"
+
+  if user.id == ghost_user_id
+    puts "No user associated"
+    next
+  end
+
+  puts "Associated user: #{user.username}, status: #{user.state}"
+end
+```
+
 ## Wikis
 
 ### Recreate