Class: Gitlab::AuthorizedKeys
- Inherits:
-
Object
- Object
- Gitlab::AuthorizedKeys
- Defined in:
- lib/gitlab/authorized_keys.rb
Constant Summary collapse
- KeyError =
Class.new(StandardError)
Instance Attribute Summary collapse
-
#logger ⇒ Object
readonly
Returns the value of attribute logger.
Instance Method Summary collapse
-
#accessible? ⇒ Boolean
Checks if the file is accessible or not.
-
#add_key(id, key) ⇒ Boolean
Add id and its key to the authorized_keys file.
-
#batch_add_keys(keys) ⇒ Boolean
Atomically add all the keys to the authorized_keys file.
-
#clear ⇒ Boolean
Clear the authorized_keys file.
-
#create ⇒ Boolean
Creates the authorized_keys file if it doesn’t exist.
- #file ⇒ Object
-
#initialize(logger = Gitlab::AppLogger) ⇒ AuthorizedKeys
constructor
Initializes the class.
-
#list_key_ids ⇒ Array<Integer>
Read the authorized_keys file and return IDs of each key.
-
#remove_key(id) ⇒ Boolean
Remove key by ID from the authorized_keys file.
Constructor Details
#initialize(logger = Gitlab::AppLogger) ⇒ AuthorizedKeys
Initializes the class
12 13 14 |
# File 'lib/gitlab/authorized_keys.rb', line 12 def initialize(logger = Gitlab::AppLogger) @logger = logger end |
Instance Attribute Details
#logger ⇒ Object (readonly)
Returns the value of attribute logger.
7 8 9 |
# File 'lib/gitlab/authorized_keys.rb', line 7 def logger @logger end |
Instance Method Details
#accessible? ⇒ Boolean
Checks if the file is accessible or not
19 20 21 22 23 |
# File 'lib/gitlab/authorized_keys.rb', line 19 def accessible? ('r') { true } rescue Errno::ENOENT, Errno::EACCES false end |
#add_key(id, key) ⇒ Boolean
Add id and its key to the authorized_keys file
39 40 41 42 43 44 45 46 47 |
# File 'lib/gitlab/authorized_keys.rb', line 39 def add_key(id, key) lock do public_key = strip(key) logger.info("Adding key (#{id}): #{public_key}") ('a') { |file| file.puts(key_line(id, public_key)) } end true end |
#batch_add_keys(keys) ⇒ Boolean
Atomically add all the keys to the authorized_keys file
53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
# File 'lib/gitlab/authorized_keys.rb', line 53 def batch_add_keys(keys) lock(300) do # Allow 300 seconds (5 minutes) for batch_add_keys ('a') do |file| keys.each do |key| public_key = strip(key.key) logger.info("Adding key (#{key.shell_id}): #{public_key}") file.puts(key_line(key.shell_id, public_key)) end end end true rescue Gitlab::AuthorizedKeys::KeyError false end |
#clear ⇒ Boolean
Clear the authorized_keys file
96 97 98 99 100 |
# File 'lib/gitlab/authorized_keys.rb', line 96 def clear ('w') { |file| file.puts '# Managed by gitlab-rails' } true end |
#create ⇒ Boolean
Creates the authorized_keys file if it doesn’t exist
28 29 30 31 32 |
# File 'lib/gitlab/authorized_keys.rb', line 28 def create (File::CREAT) { true } rescue Errno::EACCES false end |
#file ⇒ Object
123 124 125 |
# File 'lib/gitlab/authorized_keys.rb', line 123 def file @file ||= Gitlab.config.gitlab_shell. end |
#list_key_ids ⇒ Array<Integer>
Read the authorized_keys file and return IDs of each key
105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
# File 'lib/gitlab/authorized_keys.rb', line 105 def list_key_ids logger.info('Listing all key IDs') [].tap do |a| ('r') do |f| f.each_line do |line| key_id = line.match(/key-(\d+)/) next unless key_id a << key_id[1].chomp.to_i end end end rescue Errno::ENOENT [] end |
#remove_key(id) ⇒ Boolean
Remove key by ID from the authorized_keys file
73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 |
# File 'lib/gitlab/authorized_keys.rb', line 73 def remove_key(id) lock do logger.info("Removing key (#{id})") ('r+') do |f| while line = f.gets next unless line.start_with?("command=\"#{command(id)}\"") f.seek(-line.length, IO::SEEK_CUR) # Overwrite the line with #'s. Because the 'line' variable contains # a terminating '\n', we write line.length - 1 '#' characters. f.write('#' * (line.length - 1)) end end end true rescue Errno::ENOENT false end |