Merge branch 'authorized_keys_lock' into 'master'

Authorized keys lock

Merge branch 'authorized_keys_lock' into 'master'
Authorized keys lock
4038ef2e · Dmitriy Zaporozhets · d8600696 · 19a5c54a · 4038ef2e · 4038ef2e
Commit 4038ef2e authored Apr 22, 2014 by Dmitriy Zaporozhets
Hide whitespace changes
Inline Side-by-side

Showing with 74 additions and 14 deletions

.gitignore .gitignore +1 -0

CHANGELOG CHANGELOG +3 -0

lib/gitlab_keys.rb lib/gitlab_keys.rb +34 -14

spec/gitlab_keys_spec.rb spec/gitlab_keys_spec.rb +36 -0

No files found.
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ config.yml
 tmp/*
 *.log
 /*.log.*
+authorized_keys.lock
--- a/CHANGELOG
+++ b/CHANGELOG
+v1.9.4
+  - Use lock file when modify authorized_keys
 v1.9.3
  - Ignore force push detection for new branch or branch remove push

--- a/lib/gitlab_keys.rb
+++ b/lib/gitlab_keys.rb
@@ -36,13 +36,15 @@ class GitlabKeys
  end
  def batch_add_keys
-    open(auth_file, 'a') do |file|
+    lock do
-      stdin.each_line do |input|
+      open(auth_file, 'a') do |file|
-        tokens = input.strip.split("\t")
+        stdin.each_line do |input|
-        abort("#{$0}: invalid input #{input.inspect}") unless tokens.count == 2
+          tokens = input.strip.split("\t")
-        key_id, public_key = tokens
+          abort("#{$0}: invalid input #{input.inspect}") unless tokens.count == 2
-        $logger.info "Adding key #{key_id} => #{public_key.inspect}"
+          key_id, public_key = tokens
-        file.puts(key_line(key_id, public_key))
+          $logger.info "Adding key #{key_id} => #{public_key.inspect}"
+          file.puts(key_line(key_id, public_key))
+        end
      end
    end
    true
@@ -57,15 +59,17 @@ class GitlabKeys
  end
  def rm_key
-    $logger.info "Removing key #{@key_id}"
+    lock do
-    Tempfile.open('authorized_keys') do |temp|
+      $logger.info "Removing key #{@key_id}"
-      open(auth_file, 'r+') do |current|
+      Tempfile.open('authorized_keys') do |temp|
-        current.each do |line|
+        open(auth_file, 'r+') do |current|
-          temp.puts(line) unless line.include?("/bin/gitlab-shell #{@key_id}\"")
+          current.each do |line|
+            temp.puts(line) unless line.include?("/bin/gitlab-shell #{@key_id}\"")
+          end
        end
+        temp.close
+        FileUtils.cp(temp.path, auth_file)
      end
-      temp.close
-      FileUtils.cp(temp.path, auth_file)
    end
    true
  end
@@ -74,4 +78,20 @@ class GitlabKeys
    open(auth_file, 'w') { |file| file.puts '# Managed by gitlab-shell' }
    true
  end
+  def lock(timeout = 10)
+    File.open(lock_file, "w+") do |f|
+      begin
+        f.flock File::LOCK_EX
+        Timeout::timeout(timeout) { yield }
+      ensure
+        f.flock File::LOCK_UN
+      end
+    end
+  end
+  def lock_file
+    @lock_file ||= File.join(ROOT_PATH, "authorized_keys.lock")
+  end
 end
--- a/spec/gitlab_keys_spec.rb
+++ b/spec/gitlab_keys_spec.rb
@@ -145,6 +145,42 @@ describe GitlabKeys do
    end
  end
+  describe :lock do
+    it "should raise exception if operation lasts more then timeout" do
+      key = GitlabKeys.new
+      expect do
+        key.send :lock, 1 do
+          sleep 2
+        end
+      end.to raise_error
+    end
+    it "should actually lock file" do
+      $global = ""
+      key = GitlabKeys.new
+      thr1 = Thread.new do
+        key.send :lock do
+          # Put bigger sleep here to test if main thread will
+          # wait for lock file released before executing code
+          sleep 1
+          $global << "foo"
+        end
+      end
+      # make sure main thread start lock command after
+      # thread above
+      sleep 0.5
+      key.send :lock do
+        $global << "bar"
+      end
+      thr1.join
+      $global.should == "foobar"
+    end
+  end
  def build_gitlab_keys(*args)
    argv(*args)
    GitlabKeys.new