Merge branch 'enable-force-write-auth-keys-restore' into 'master'

Enable the ability to use the force env for rebuilding authorized_keys during a restore Closes #7686 See merge request gitlab-org/gitlab-ee!7419

Merge branch 'enable-force-write-auth-keys-restore' into 'master'
Enable the ability to use the force env for rebuilding authorized_keys during a restore Closes #7686 See merge request gitlab-org/gitlab-ee!7419
f15c7dd8 · Nick Thomas · f8a0eff2 · 65afe7ed · f15c7dd8 · f15c7dd8
Commit f15c7dd8 authored Sep 25, 2018 by Nick Thomas
3 changed files
--- a/doc/raketasks/backup_restore.md
+++ b/doc/raketasks/backup_restore.md
@@ -523,7 +523,7 @@ more of the following options:

 - `BACKUP=timestamp_of_backup` - Required if more than one backup exists.
  Read what the [backup timestamp is about](#backup-timestamp).
- `force=yes` - Does not ask if the authorized_keys file should get regenerated and assumes 'yes' for warning that database tables will be removed.
+- `force=yes` - Does not ask if the authorized_keys file should get regenerated and assumes 'yes' for warning that database tables will be removed, enabling the "Write to authorized_keys file" setting, and updating LDAP providers.

 If you are restoring into directories that are mountpoints you will need to make
 sure these directories are empty before attempting a restore. Otherwise GitLab

--- a/ee/changelogs/unreleased/enable-force-write-auth-keys-restore.yml
+++ b/ee/changelogs/unreleased/enable-force-write-auth-keys-restore.yml
+---
+title: Check for force env var when rebuilding auth_keys
+merge_request: 7419
+author:
+type: fixed
--- a/lib/tasks/gitlab/shell.rake
+++ b/lib/tasks/gitlab/shell.rake
@@ -126,19 +126,16 @@ namespace :gitlab do

    puts authorized_keys_is_disabled_warning

-    answer = prompt('Do you want to permanently enable the "Write to authorized_keys file" setting now (yes/no)? '.color(:blue), %w{yes no})
-    if answer == 'yes'
-      puts 'Enabling the "Write to authorized_keys file" setting...'
-      uncached_settings = ApplicationSetting.last
-      uncached_settings.authorized_keys_enabled = true
-      uncached_settings.save!
-      puts 'Successfully enabled "Write to authorized_keys file"!'
-      puts ''
-    else
-      puts 'Leaving the "Write to authorized_keys file" setting disabled.'
-      puts 'Failed to rebuild authorized_keys file...'.color(:red)
-      exit 1
+    unless ENV['force'] == 'yes'
+      puts 'Do you want to permanently enable the "Write to authorized_keys file" setting now?'
+      ask_to_continue
    end
+
+    puts 'Enabling the "Write to authorized_keys file" setting...'
+    Gitlab::CurrentSettings.current_application_settings.update!(authorized_keys_enabled: true)
+
+    puts 'Successfully enabled "Write to authorized_keys file"!'
+    puts ''
  end

  def authorized_keys_is_disabled_warning