Merge branch 'pb-remove-gitlab-keys' into 'master'

Remove gitlab-keys script

See merge request gitlab-org/gitlab-shell!329

README.md

@@ -76,24 +76,6 @@ Checks if GitLab API access and redis via internal API can be reached:
 
     make check
 
-## Keys
-
-Add key:
-
-    ./bin/gitlab-keys add-key key-782 "ssh-rsa AAAAx321..."
-
-Remove key:
-
-    ./bin/gitlab-keys rm-key key-23 "ssh-rsa AAAAx321..."
-
-List all keys:
-
-    ./bin/gitlab-keys list-keys
-
-Remove all keys from authorized_keys file:
-
-    ./bin/gitlab-keys clear
-
 ## Testing
 
 Run Ruby and Golang tests:

bin/check

@@ -29,14 +29,4 @@ rescue GitlabNet::ApiUnreachableError
   abort "FAILED: Failed to connect to internal API"
 end
 
-config = GitlabConfig.new
-
-abort("ERROR: missing option in config.yml") unless config.auth_file
-
-print "Access to #{config.auth_file}: "
-if system(File.dirname(__FILE__) + '/gitlab-keys', 'check-permissions')
-  print 'OK'
-else
-  abort "FAILED"
-end
 puts "\n"

bin/gitlab-keys

-#!/usr/bin/env ruby
-
-require_relative '../lib/gitlab_init'
-
-#
-# GitLab Keys shell. Add/remove keys from ~/.ssh/authorized_keys
-#
-# Ex.
-#   /bin/gitlab-keys add-key key-782 "ssh-rsa AAAAx321..."
-#
-#   printf "key-782\tssh-rsa AAAAx321...\n" | /bin/gitlab-keys batch-add-keys
-#
-#   /bin/gitlab-keys rm-key key-23 "ssh-rsa AAAAx321..."
-#
-#   /bin/gitlab-keys list-keys
-#   
-#   /bin/gitlab-keys clear
-#
-
-require File.join(ROOT_PATH, 'lib', 'gitlab_keys')
-
-# Return non-zero if command execution was not successful
-if GitlabKeys.new.exec
-  exit 0
-else
-  exit 1
-end

lib/gitlab_keys.rb

-require 'timeout'
-
-require_relative 'gitlab_config'
-require_relative 'gitlab_logger'
-require_relative 'gitlab_metrics'
-
-class GitlabKeys # rubocop:disable Metrics/ClassLength
+module GitlabKeys
   class KeyError < StandardError; end
 
-  attr_accessor :auth_file, :key
-
   def self.command(whatever)
     "#{ROOT_PATH}/bin/gitlab-shell #{whatever}"
   end
@@ -44,147 +36,4 @@ class GitlabKeys # rubocop:disable Metrics/ClassLength
 
     whatever_line(command_key(username_key_id), principal)
   end
-
-  def initialize
-    @command = ARGV.shift
-    @key_id = ARGV.shift
-    key = ARGV.shift
-    @key = key.dup if key
-    @auth_file = GitlabConfig.new.auth_file
-  end
-
-  def exec
-    GitlabMetrics.measure("command-#{@command}") do
-      case @command
-      when 'add-key'
-        add_key
-      when 'batch-add-keys'
-        batch_add_keys
-      when 'rm-key'
-        rm_key
-      when 'list-keys'
-        list_keys
-      when 'list-key-ids'
-        list_key_ids
-      when 'clear'
-        clear
-      when 'check-permissions'
-        check_permissions
-      else
-        $logger.warn('Attempt to execute invalid gitlab-keys command', command: @command.inspect)
-        puts 'not allowed'
-        false
-      end
-    end
-  end
-
-  protected
-
-  def add_key
-    lock do
-      $logger.info('Adding key', key_id: @key_id, public_key: @key)
-      auth_line = self.class.key_line(@key_id, @key)
-      open_auth_file('a') { |file| file.puts(auth_line) }
-    end
-    true
-  end
-
-  def list_keys
-    $logger.info 'Listing all keys'
-    keys = ''
-    File.readlines(auth_file).each do |line|
-      # key_id & public_key
-      # command=".../bin/gitlab-shell key-741" ... ssh-rsa AAAAB3NzaDAxx2E\n
-      #                               ^^^^^^^              ^^^^^^^^^^^^^^^
-      matches = /^command=\".+?\s+(.+?)\".+?(?:ssh|ecdsa)-.*?\s(.+)\s*.*\n*$/.match(line)
-      keys << "#{matches[1]} #{matches[2]}\n" unless matches.nil?
-    end
-    puts keys
-  end
-
-  def list_key_ids
-    $logger.info 'Listing all key IDs'
-    open_auth_file('r') do |f|
-      f.each_line do |line|
-        matchd = line.match(/key-(\d+)/)
-        next unless matchd
-        puts matchd[1]
-      end
-    end
-  end
-
-  def batch_add_keys
-    lock(300) do # Allow 300 seconds (5 minutes) for batch_add_keys
-      open_auth_file('a') do |file|
-        stdin.each_line do |input|
-          tokens = input.strip.split("\t")
-          abort("#{$0}: invalid input #{input.inspect}") unless tokens.count == 2
-          key_id, public_key = tokens
-          $logger.info('Adding key', key_id: key_id, public_key: public_key)
-          file.puts(self.class.key_line(key_id, public_key))
-        end
-      end
-    end
-    true
-  end
-
-  def stdin
-    $stdin
-  end
-
-  def rm_key
-    lock do
-      $logger.info('Removing key', key_id: @key_id)
-      open_auth_file('r+') do |f|
-        while line = f.gets # rubocop:disable Lint/AssignmentInCondition
-          next unless line.start_with?("command=\"#{self.class.command_key(@key_id)}\"")
-          f.seek(-line.length, IO::SEEK_CUR)
-          # Overwrite the line with #'s. Because the 'line' variable contains
-          # a terminating '\n', we write line.length - 1 '#' characters.
-          f.write('#' * (line.length - 1))
-        end
-      end
-    end
-    true
-  end
-
-  def clear
-    open_auth_file('w') { |file| file.puts '# Managed by gitlab-shell' }
-    true
-  end
-
-  def check_permissions
-    open_auth_file(File::RDWR | File::CREAT) { true }
-  rescue => ex
-    puts "error: could not open #{auth_file}: #{ex}"
-    if File.exist?(auth_file)
-      system('ls', '-l', auth_file)
-    else
-      # Maybe the parent directory is not writable?
-      system('ls', '-ld', File.dirname(auth_file))
-    end
-    false
-  end
-
-  def lock(timeout = 10)
-    File.open(lock_file, "w+") do |f|
-      begin
-        f.flock File::LOCK_EX
-        Timeout.timeout(timeout) { yield }
-      ensure
-        f.flock File::LOCK_UN
-      end
-    end
-  end
-
-  def lock_file
-    @lock_file ||= auth_file + '.lock'
-  end
-
-  def open_auth_file(mode)
-    open(auth_file, mode, 0o600) do |file|
-      file.chmod(0o600)
-      yield file
-    end
-  end
 end