Use lock file when add or remove keys from authorized_keys file

This prevents concurrent modification of authorized_keys file Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Use lock file when add or remove keys from authorized_keys file
This prevents concurrent modification of authorized_keys file Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
acc1d883 · Dmitriy Zaporozhets · d8600696 · acc1d883 · acc1d883 · acc1d883
Commit acc1d883 authored Apr 18, 2014 by Dmitriy Zaporozhets
Show whitespace changes
Inline Side-by-side

Showing with 71 additions and 14 deletions

.gitignore .gitignore +1 -0

lib/gitlab_keys.rb lib/gitlab_keys.rb +34 -14

spec/gitlab_keys_spec.rb spec/gitlab_keys_spec.rb +36 -0

No files found.
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ config.yml
 tmp/*
 *.log
 /*.log.*
+authorized_keys.lock
--- a/lib/gitlab_keys.rb
+++ b/lib/gitlab_keys.rb
@@ -36,6 +36,7 @@ class GitlabKeys
  end
  def batch_add_keys
+    lock do
      open(auth_file, 'a') do |file|
        stdin.each_line do |input|
          tokens = input.strip.split("\t")
@@ -45,6 +46,7 @@ class GitlabKeys
          file.puts(key_line(key_id, public_key))
        end
      end
+    end
    true
  end
@@ -57,6 +59,7 @@ class GitlabKeys
  end
  def rm_key
+    lock do
      $logger.info "Removing key #{@key_id}"
      Tempfile.open('authorized_keys') do |temp|
        open(auth_file, 'r+') do |current|
@@ -67,6 +70,7 @@ class GitlabKeys
        temp.close
        FileUtils.cp(temp.path, auth_file)
      end
+    end
    true
  end
@@ -74,4 +78,20 @@ class GitlabKeys
    open(auth_file, 'w') { |file| file.puts '# Managed by gitlab-shell' }
    true
  end
+  def lock(timeout = 10)
+    File.open(lock_file, "w+") do |f|
+      begin
+        f.flock File::LOCK_EX
+        Timeout::timeout(timeout) { yield }
+      ensure
+        f.flock File::LOCK_UN
+      end
+    end
+  end
+  def lock_file
+    @lock_file ||= File.join(ROOT_PATH, "authorized_keys.lock")
+  end
 end
--- a/spec/gitlab_keys_spec.rb
+++ b/spec/gitlab_keys_spec.rb
@@ -145,6 +145,42 @@ describe GitlabKeys do
    end
  end
+  describe :lock do
+    it "should raise exception if operation lasts more then timeout" do
+      key = GitlabKeys.new
+      expect do
+        key.send :lock, 1 do
+          sleep 2
+        end
+      end.to raise_error
+    end
+    it "should actually lock file" do
+      $global = ""
+      key = GitlabKeys.new
+      thr1 = Thread.new do
+        key.send :lock do
+          # Put bigger sleep here to test if main thread will
+          # wait for lock file released before executing code
+          sleep 1
+          $global << "foo"
+        end
+      end
+      # make sure main thread start lock command after
+      # thread above
+      sleep 0.5
+      key.send :lock do
+        $global << "bar"
+      end
+      thr1.join
+      $global.should == "foobar"
+    end
+  end
  def build_gitlab_keys(*args)
    argv(*args)
    GitlabKeys.new