Class: Gitlab::AuthorizedKeys

Inherits:
Object
  • Object
show all
Defined in:
lib/gitlab/authorized_keys.rb

Constant Summary collapse

KeyError =
Class.new(StandardError)

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(logger = Gitlab::AppLogger) ⇒ AuthorizedKeys

Initializes the class

Parameters:


12
13
14
# File 'lib/gitlab/authorized_keys.rb', line 12

def initialize(logger = Gitlab::AppLogger)
  @logger = logger
end

Instance Attribute Details

#loggerObject (readonly)

Returns the value of attribute logger


7
8
9
# File 'lib/gitlab/authorized_keys.rb', line 7

def logger
  @logger
end

Instance Method Details

#accessible?Boolean

Checks if the file is accessible or not

Returns:

  • (Boolean)

19
20
21
22
23
# File 'lib/gitlab/authorized_keys.rb', line 19

def accessible?
  open_authorized_keys_file('r') { true }
rescue Errno::ENOENT, Errno::EACCES
  false
end

#add_key(id, key) ⇒ Boolean

Add id and its key to the authorized_keys file

Parameters:

  • id (String)

    identifier of key prefixed by `key-`

  • key (String)

    public key to be added

Returns:

  • (Boolean)

39
40
41
42
43
44
45
46
47
# File 'lib/gitlab/authorized_keys.rb', line 39

def add_key(id, key)
  lock do
    public_key = strip(key)
    logger.info("Adding key (#{id}): #{public_key}")
    open_authorized_keys_file('a') { |file| file.puts(key_line(id, public_key)) }
  end

  true
end

#batch_add_keys(keys) ⇒ Boolean

Atomically add all the keys to the authorized_keys file

Parameters:

  • keys (Array<::Key>)

    list of Key objects to be added

Returns:

  • (Boolean)

53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# File 'lib/gitlab/authorized_keys.rb', line 53

def batch_add_keys(keys)
  lock(300) do # Allow 300 seconds (5 minutes) for batch_add_keys
    open_authorized_keys_file('a') do |file|
      keys.each do |key|
        public_key = strip(key.key)
        logger.info("Adding key (#{key.shell_id}): #{public_key}")
        file.puts(key_line(key.shell_id, public_key))
      end
    end
  end

  true
rescue Gitlab::AuthorizedKeys::KeyError
  false
end

#clearBoolean

Clear the authorized_keys file

Returns:

  • (Boolean)

96
97
98
99
100
# File 'lib/gitlab/authorized_keys.rb', line 96

def clear
  open_authorized_keys_file('w') { |file| file.puts '# Managed by gitlab-rails' }

  true
end

#createBoolean

Creates the authorized_keys file if it doesn't exist

Returns:

  • (Boolean)

28
29
30
31
32
# File 'lib/gitlab/authorized_keys.rb', line 28

def create
  open_authorized_keys_file(File::CREAT) { true }
rescue Errno::EACCES
  false
end

#fileObject


123
124
125
# File 'lib/gitlab/authorized_keys.rb', line 123

def file
  @file ||= Gitlab.config.gitlab_shell.authorized_keys_file
end

#list_key_idsArray<Integer>

Read the authorized_keys file and return IDs of each key

Returns:

  • (Array<Integer>)

105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# File 'lib/gitlab/authorized_keys.rb', line 105

def list_key_ids
  logger.info('Listing all key IDs')

  [].tap do |a|
    open_authorized_keys_file('r') do |f|
      f.each_line do |line|
        key_id = line.match(/key-(\d+)/)

        next unless key_id

        a << key_id[1].chomp.to_i
      end
    end
  end
rescue Errno::ENOENT
  []
end

#remove_key(id) ⇒ Boolean

Remove key by ID from the authorized_keys file

Parameters:

  • id (String)

    identifier of the key to be removed prefixed by `key-`

Returns:

  • (Boolean)

73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# File 'lib/gitlab/authorized_keys.rb', line 73

def remove_key(id)
  lock do
    logger.info("Removing key (#{id})")
    open_authorized_keys_file('r+') do |f|
      while line = f.gets
        next unless line.start_with?("command=\"#{command(id)}\"")

        f.seek(-line.length, IO::SEEK_CUR)
        # Overwrite the line with #'s. Because the 'line' variable contains
        # a terminating '\n', we write line.length - 1 '#' characters.
        f.write('#' * (line.length - 1))
      end
    end
  end

  true
rescue Errno::ENOENT
  false
end