Allow administrators to log users by key id (faster) or by username (clearer).

config.yml.example

@@ -29,3 +29,8 @@ log_file: "/home/git/gitlab-shell/gitlab-shell.log"
 
 # Log level. INFO by default
 log_level: INFO
+
+# Audit usernames.
+# Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but
+# incurs an extra API call on every gitlab-shell command.
+audit_usernames: false

lib/gitlab_config.rb

@@ -39,6 +39,10 @@ class GitlabConfig
     @config['log_level'] ||= 'INFO'
   end
 
+  def audit_usernames
+    @config['audit_usernames'] ||= false
+  end
+
   # Build redis command to write update event in gitlab queue
   def redis_command
     if redis.empty?

lib/gitlab_shell.rb

@@ -8,7 +8,9 @@ class GitlabShell
   def initialize
     @key_id = ARGV.shift
     @origin_cmd = ENV['SSH_ORIGINAL_COMMAND']
-    @repos_path = GitlabConfig.new.repos_path
+    @config = GitlabConfig.new
+    @repos_path = @config.repos_path
+    @user_tried = false
   end
 
   def exec
@@ -21,19 +23,16 @@ class GitlabShell
         if validate_access
           process_cmd
         else
-          message = "gitlab-shell: Access denied for git command <#{@origin_cmd}>"
-          message << " by user with key #{@key_id}."
+          message = "gitlab-shell: Access denied for git command <#{@origin_cmd}> by #{log_username}."
           $logger.warn message
         end
       else
-        message = "gitlab-shell: Attempt to execute disallowed command "
-        message << "<#{@origin_cmd}> by user with key #{@key_id}."
+        message = "gitlab-shell: Attempt to execute disallowed command <#{@origin_cmd}> by #{log_username}."
         $logger.warn message
         puts 'Not allowed command'
       end
     else
-      user = api.discover(@key_id)
-      puts "Welcome to GitLab, #{user && user['name'] || 'Anonymous'}!"
+      puts "Welcome to GitLab, #{username}!"
     end
   end
 
@@ -52,7 +51,7 @@ class GitlabShell
   def process_cmd
     repo_full_path = File.join(repos_path, repo_name)
     cmd = "#{@git_cmd} #{repo_full_path}"
-    $logger.info "gitlab-shell: executing git command <#{cmd}> for user with key #{@key_id}."
+    $logger.info "gitlab-shell: executing git command <#{cmd}> for #{log_username}."
     exec_cmd(cmd)
   end
 
@@ -67,4 +66,23 @@ class GitlabShell
   def api
     GitlabNet.new
   end
+
+  def user
+    # Can't use "@user ||=" because that will keep hitting the API when @user is really nil!
+    if @user_tried
+      @user
+    else
+      @user_tried = true
+      @user = api.discover(@key_id)
+    end
+  end
+
+  def username
+    user && user['name'] || 'Anonymous'
+  end
+
+  # User identifier to be used in log messages.
+  def log_username
+    @config.audit_usernames ? username : "user with key #{@key_id}"
+  end
 end

spec/gitlab_shell_spec.rb

@@ -11,13 +11,15 @@ describe GitlabShell do
   end
   let(:api) do
     double(GitlabNet).tap do |api|
-      api.stub(discover: 'John Doe')
+      api.stub(discover: { 'name' => 'John Doe' })
       api.stub(allowed?: true)
     end
   end
   let(:key_id) { "key-#{rand(100) + 100}" }
   let(:repository_path) { "/home/git#{rand(100)}/repos" }
-  before { GitlabConfig.any_instance.stub(:repos_path).and_return(repository_path) }
+  before do
+    GitlabConfig.any_instance.stub(repos_path: repository_path, audit_usernames: false)
+  end
 
   describe :initialize do
     before { ssh_cmd 'git-receive-pack' }
@@ -71,6 +73,11 @@ describe GitlabShell do
         message << "for user with key #{key_id}."
         $logger.should_receive(:info).with(message)
       end
+
+      it "should use usernames if configured to do so" do
+        GitlabConfig.any_instance.stub(audit_usernames: true)
+        $logger.should_receive(:info) { |msg| msg.should =~ /for John Doe/ }
+      end
     end
 
     context 'git-receive-pack' do