Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
d9958c11
Commit
d9958c11
authored
May 30, 2017
by
Michael Kozono
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add authorized_keys_enabled to Application Settings
parent
e9fcae37
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
139 additions
and
7 deletions
+139
-7
app/controllers/admin/application_settings_controller.rb
app/controllers/admin/application_settings_controller.rb
+2
-1
app/models/ee/application_setting.rb
app/models/ee/application_setting.rb
+1
-0
app/views/admin/application_settings/_form.html.haml
app/views/admin/application_settings/_form.html.haml
+14
-0
db/migrate/20170531180233_add_authorized_keys_enabled_to_application_settings.rb
...33_add_authorized_keys_enabled_to_application_settings.rb
+15
-0
db/schema.rb
db/schema.rb
+1
-0
lib/gitlab/shell.rb
lib/gitlab/shell.rb
+12
-0
spec/lib/gitlab/shell_spec.rb
spec/lib/gitlab/shell_spec.rb
+94
-6
No files found.
app/controllers/admin/application_settings_controller.rb
View file @
d9958c11
...
@@ -177,7 +177,8 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
...
@@ -177,7 +177,8 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
:check_namespace_plan
,
:check_namespace_plan
,
:mirror_max_delay
,
:mirror_max_delay
,
:mirror_max_capacity
,
:mirror_max_capacity
,
:mirror_capacity_threshold
:mirror_capacity_threshold
,
:authorized_keys_enabled
]
]
end
end
end
end
app/models/ee/application_setting.rb
View file @
d9958c11
...
@@ -32,6 +32,7 @@ module EE
...
@@ -32,6 +32,7 @@ module EE
module
ClassMethods
module
ClassMethods
def
defaults
def
defaults
super
.
merge
(
super
.
merge
(
authorized_keys_enabled:
true
,
# TODO default to false if the instance is configured to use AuthorizedKeysCommand
elasticsearch_url:
ENV
[
'ELASTIC_URL'
]
||
'http://localhost:9200'
,
elasticsearch_url:
ENV
[
'ELASTIC_URL'
]
||
'http://localhost:9200'
,
elasticsearch_aws:
false
,
elasticsearch_aws:
false
,
elasticsearch_aws_region:
ENV
[
'ELASTIC_REGION'
]
||
'us-east-1'
,
elasticsearch_aws_region:
ENV
[
'ELASTIC_REGION'
]
||
'us-east-1'
,
...
...
app/views/admin/application_settings/_form.html.haml
View file @
d9958c11
...
@@ -637,6 +637,20 @@
...
@@ -637,6 +637,20 @@
installations. Set to 0 to completely disable polling.
installations. Set to 0 to completely disable polling.
=
link_to
icon
(
'question-circle'
),
help_page_path
(
'administration/polling'
)
=
link_to
icon
(
'question-circle'
),
help_page_path
(
'administration/polling'
)
%fieldset
%legend
Performance optimization
.form-group
.col-sm-offset-2.col-sm-10
.checkbox
=
f
.
label
:authorized_keys_enabled
do
=
f
.
check_box
:authorized_keys_enabled
Write to "authorized_keys" file
.help-block
By default, we write to the "authorized_keys" file to support old
OpenSSH servers. If, and only if, you have configured the GitLab
instance to use the AuthorizedKeysCommand, uncheck this to improve
performance.
-
if
Gitlab
::
Geo
.
license_allows?
-
if
Gitlab
::
Geo
.
license_allows?
%fieldset
%fieldset
%legend
GitLab Geo
%legend
GitLab Geo
...
...
db/migrate/20170531180233_add_authorized_keys_enabled_to_application_settings.rb
0 → 100644
View file @
d9958c11
# See http://doc.gitlab.com/ce/development/migration_style_guide.html
# for more information on how to write migrations for GitLab.
class
AddAuthorizedKeysEnabledToApplicationSettings
<
ActiveRecord
::
Migration
include
Gitlab
::
Database
::
MigrationHelpers
# Set this constant to true if this migration requires downtime.
DOWNTIME
=
false
def
change
# allow_null: true because we want to set the default based on if the
# instance is configured to use AuthorizedKeysCommand
add_column
:application_settings
,
:authorized_keys_enabled
,
:boolean
,
allow_null:
true
end
end
db/schema.rb
View file @
d9958c11
...
@@ -140,6 +140,7 @@ ActiveRecord::Schema.define(version: 20170602003304) do
...
@@ -140,6 +140,7 @@ ActiveRecord::Schema.define(version: 20170602003304) do
t
.
integer
"mirror_max_delay"
,
default:
5
,
null:
false
t
.
integer
"mirror_max_delay"
,
default:
5
,
null:
false
t
.
integer
"mirror_max_capacity"
,
default:
100
,
null:
false
t
.
integer
"mirror_max_capacity"
,
default:
100
,
null:
false
t
.
integer
"mirror_capacity_threshold"
,
default:
50
,
null:
false
t
.
integer
"mirror_capacity_threshold"
,
default:
50
,
null:
false
t
.
boolean
"authorized_keys_enabled"
end
end
create_table
"approvals"
,
force: :cascade
do
|
t
|
create_table
"approvals"
,
force: :cascade
do
|
t
|
...
...
lib/gitlab/shell.rb
View file @
d9958c11
...
@@ -197,6 +197,8 @@ module Gitlab
...
@@ -197,6 +197,8 @@ module Gitlab
# add_key("key-42", "sha-rsa ...")
# add_key("key-42", "sha-rsa ...")
#
#
def
add_key
(
key_id
,
key_content
)
def
add_key
(
key_id
,
key_content
)
return
unless
self
.
authorized_keys_enabled?
Gitlab
::
Utils
.
system_silent
([
gitlab_shell_keys_path
,
Gitlab
::
Utils
.
system_silent
([
gitlab_shell_keys_path
,
'add-key'
,
key_id
,
self
.
class
.
strip_key
(
key_content
)])
'add-key'
,
key_id
,
self
.
class
.
strip_key
(
key_content
)])
end
end
...
@@ -206,6 +208,8 @@ module Gitlab
...
@@ -206,6 +208,8 @@ module Gitlab
# Ex.
# Ex.
# batch_add_keys { |adder| adder.add_key("key-42", "sha-rsa ...") }
# batch_add_keys { |adder| adder.add_key("key-42", "sha-rsa ...") }
def
batch_add_keys
(
&
block
)
def
batch_add_keys
(
&
block
)
return
unless
self
.
authorized_keys_enabled?
IO
.
popen
(
%W(
#{
gitlab_shell_path
}
/bin/gitlab-keys batch-add-keys)
,
'w'
)
do
|
io
|
IO
.
popen
(
%W(
#{
gitlab_shell_path
}
/bin/gitlab-keys batch-add-keys)
,
'w'
)
do
|
io
|
yield
(
KeyAdder
.
new
(
io
))
yield
(
KeyAdder
.
new
(
io
))
end
end
...
@@ -217,6 +221,8 @@ module Gitlab
...
@@ -217,6 +221,8 @@ module Gitlab
# remove_key("key-342", "sha-rsa ...")
# remove_key("key-342", "sha-rsa ...")
#
#
def
remove_key
(
key_id
,
key_content
)
def
remove_key
(
key_id
,
key_content
)
return
unless
self
.
authorized_keys_enabled?
Gitlab
::
Utils
.
system_silent
([
gitlab_shell_keys_path
,
Gitlab
::
Utils
.
system_silent
([
gitlab_shell_keys_path
,
'rm-key'
,
key_id
,
key_content
])
'rm-key'
,
key_id
,
key_content
])
end
end
...
@@ -227,6 +233,8 @@ module Gitlab
...
@@ -227,6 +233,8 @@ module Gitlab
# remove_all_keys
# remove_all_keys
#
#
def
remove_all_keys
def
remove_all_keys
return
unless
self
.
authorized_keys_enabled?
Gitlab
::
Utils
.
system_silent
([
gitlab_shell_keys_path
,
'clear'
])
Gitlab
::
Utils
.
system_silent
([
gitlab_shell_keys_path
,
'clear'
])
end
end
...
@@ -356,5 +364,9 @@ module Gitlab
...
@@ -356,5 +364,9 @@ module Gitlab
def
gitlab_shell_keys_path
def
gitlab_shell_keys_path
File
.
join
(
gitlab_shell_path
,
'bin'
,
'gitlab-keys'
)
File
.
join
(
gitlab_shell_path
,
'bin'
,
'gitlab-keys'
)
end
end
def
authorized_keys_enabled?
current_application_settings
.
authorized_keys_enabled
end
end
end
end
end
spec/lib/gitlab/shell_spec.rb
View file @
d9958c11
...
@@ -104,13 +104,101 @@ describe Gitlab::Shell, lib: true do
...
@@ -104,13 +104,101 @@ describe Gitlab::Shell, lib: true do
end
end
describe
'#add_key'
do
describe
'#add_key'
do
it
'removes trailing garbage'
do
context
'when authorized_keys_enabled is true'
do
allow
(
gitlab_shell
).
to
receive
(
:gitlab_shell_keys_path
).
and_return
(
:gitlab_shell_keys_path
)
it
'removes trailing garbage'
do
expect
(
Gitlab
::
Utils
).
to
receive
(
:system_silent
).
with
(
allow
(
gitlab_shell
).
to
receive
(
:gitlab_shell_keys_path
).
and_return
(
:gitlab_shell_keys_path
)
[
:gitlab_shell_keys_path
,
'add-key'
,
'key-123'
,
'ssh-rsa foobar'
]
expect
(
Gitlab
::
Utils
).
to
receive
(
:system_silent
).
with
(
)
[
:gitlab_shell_keys_path
,
'add-key'
,
'key-123'
,
'ssh-rsa foobar'
]
)
gitlab_shell
.
add_key
(
'key-123'
,
'ssh-rsa foobar trailing garbage'
)
end
end
context
'when authorized_keys_enabled is false'
do
before
do
stub_application_setting
(
authorized_keys_enabled:
false
)
end
it
'does nothing'
do
expect
(
Gitlab
::
Utils
).
not_to
receive
(
:system_silent
)
gitlab_shell
.
add_key
(
'key-123'
,
'ssh-rsa foobar trailing garbage'
)
end
end
end
describe
'#batch_add_keys'
do
context
'when authorized_keys_enabled is true'
do
it
'instantiates KeyAdder'
do
expect_any_instance_of
(
Gitlab
::
Shell
::
KeyAdder
).
to
receive
(
:add_key
).
with
(
'key-123'
,
'ssh-rsa foobar'
)
gitlab_shell
.
batch_add_keys
do
|
adder
|
adder
.
add_key
(
'key-123'
,
'ssh-rsa foobar'
)
end
end
end
context
'when authorized_keys_enabled is false'
do
before
do
stub_application_setting
(
authorized_keys_enabled:
false
)
end
it
'does nothing'
do
expect_any_instance_of
(
Gitlab
::
Shell
::
KeyAdder
).
not_to
receive
(
:add_key
)
gitlab_shell
.
batch_add_keys
do
|
adder
|
adder
.
add_key
(
'key-123'
,
'ssh-rsa foobar'
)
end
end
end
end
gitlab_shell
.
add_key
(
'key-123'
,
'ssh-rsa foobar trailing garbage'
)
describe
'#remove_key'
do
context
'when authorized_keys_enabled is true'
do
it
'removes trailing garbage'
do
allow
(
gitlab_shell
).
to
receive
(
:gitlab_shell_keys_path
).
and_return
(
:gitlab_shell_keys_path
)
expect
(
Gitlab
::
Utils
).
to
receive
(
:system_silent
).
with
(
[
:gitlab_shell_keys_path
,
'rm-key'
,
'key-123'
,
'ssh-rsa foobar'
]
)
gitlab_shell
.
remove_key
(
'key-123'
,
'ssh-rsa foobar'
)
end
end
context
'when authorized_keys_enabled is false'
do
before
do
stub_application_setting
(
authorized_keys_enabled:
false
)
end
it
'does nothing'
do
expect
(
Gitlab
::
Utils
).
not_to
receive
(
:system_silent
)
gitlab_shell
.
remove_key
(
'key-123'
,
'ssh-rsa foobar'
)
end
end
end
describe
'#remove_all_keys'
do
context
'when authorized_keys_enabled is true'
do
it
'removes trailing garbage'
do
allow
(
gitlab_shell
).
to
receive
(
:gitlab_shell_keys_path
).
and_return
(
:gitlab_shell_keys_path
)
expect
(
Gitlab
::
Utils
).
to
receive
(
:system_silent
).
with
([
:gitlab_shell_keys_path
,
'clear'
])
gitlab_shell
.
remove_all_keys
end
end
context
'when authorized_keys_enabled is false'
do
before
do
stub_application_setting
(
authorized_keys_enabled:
false
)
end
it
'does nothing'
do
expect
(
Gitlab
::
Utils
).
not_to
receive
(
:system_silent
)
gitlab_shell
.
remove_all_keys
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment