As we reevaluate how to best support and maintain Staging Ref in the future, we encourage development teams using this environment to highlight their use cases in the following issue: https://gitlab.com/gitlab-com/gl-infra/software-delivery/framework/software-delivery-framework-issue-tracker/-/issues/36.

Skip to content
Snippets Groups Projects
Commit c9fac154 authored by Pablo Carranza's avatar Pablo Carranza
Browse files

Add authorized keys bin script to find keys by fingerprint

parent 1f2bef76
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
bin/authorized_keys 0 → 100755
+ 25
0
View file @ c9fac154
#!/usr/bin/env ruby
#
# GitLab shell authorized_keys. Query gitlab API to get the authorized command for a given ssh key fingerprint
#
# Ex.
# /bin/authorized_keys e6:17:f2:f3:b7
#
# Returns
# command="/bin/gitlab-shell key-#",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQA...
#
fingerprint = ARGV[0]
abort "# No fingerprint provided" if fingerprint.nil?
require_relative "../lib/gitlab_init"
require_relative "../lib/gitlab_net"
require_relative "../lib/gitlab_keys"
authorized_key = GitlabNet.new.authorized_key(fingerprint)
unless authorized_key.nil?
puts GitlabKey.new.key_line(authorized_key["id"], authorized_key["key"])
else
puts "# No key was found with fingerprint #{fingerprint}"
end
lib/gitlab_authorized_keys.rb 0 → 100644
+ 0
0
View file @ c9fac154
lib/gitlab_keys.rb
+ 15
11
View file @ c9fac154
@@ -11,6 +11,7 @@ class GitlabKeys
@key_id = ARGV.shift
@key = ARGV.shift
@auth_file = GitlabConfig.new.auth_file
@gitlab_key = GitlabKey.new
end
def exec
@@ -32,7 +33,7 @@ class GitlabKeys
def add_key
lock do
$logger.info "Adding key #{@key_id} => #{@key.inspect}"
auth_line = key_line(@key_id, @key)
auth_line = @gitlab_key.key_line(@key_id, @key)
open(auth_file, 'a') { |file| file.puts(auth_line) }
end
true
@@ -59,7 +60,7 @@ class GitlabKeys
abort("#{$0}: invalid input #{input.inspect}") unless tokens.count == 2
key_id, public_key = tokens
$logger.info "Adding key #{key_id} => #{public_key.inspect}"
file.puts(key_line(key_id, public_key))
file.puts(@gitlab_key.key_line(key_id, public_key))
end
end
end
@@ -70,20 +71,12 @@ class GitlabKeys
$stdin
end
def key_command(key_id)
"#{ROOT_PATH}/bin/gitlab-shell #{key_id}"
end
def key_line(key_id, public_key)
auth_line = "command=\"#{key_command(key_id)}\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty #{public_key}"
end
def rm_key
lock do
$logger.info "Removing key #{@key_id}"
open(auth_file, 'r+') do |f|
while line = f.gets do
next unless line.start_with?("command=\"#{key_command(@key_id)}\"")
next unless line.start_with?("command=\"#{@gitlab_key.command(@key_id)}\"")
f.seek(-line.length, IO::SEEK_CUR)
# Overwrite the line with #'s. Because the 'line' variable contains
# a terminating '\n', we write line.length - 1 '#' characters.
@@ -115,3 +108,14 @@ class GitlabKeys
@lock_file ||= auth_file + '.lock'
end
end
class GitlabKey
def command(key_id)
"#{ROOT_PATH}/bin/gitlab-shell #{key_id}"
end
def key_line(key_id, public_key)
"command=\"#{command(key_id)}\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty #{public_key}"
end
end
lib/gitlab_net.rb
+ 4
2
View file @ c9fac154
@@ -56,9 +56,11 @@ class GitlabNet
get("#{host}/check", read_timeout: CHECK_TIMEOUT)
end
def ssh_key(fingerprint)
def authorized_key(fingerprint)
resp = get("#{host}/ssh-key?fingerprint=#{fingerprint}")
JSON.parse(resp.body) rescue nil
JSON.parse(resp.body) if resp.code == "200"
rescue
nil
end
protected
spec/gitlab_net_spec.rb
+ 4
4
View file @ c9fac154
@@ -76,24 +76,24 @@ describe GitlabNet, vcr: true do
end
end
describe :ssh_key do
describe :authorized_key do
it "should return nil when the resource is not implemented" do
VCR.use_cassette("ssh-key-not-implemented") do
result = gitlab_net.ssh_key("whatever")
result = gitlab_net.authorized_key("whatever")
result.should be_nil
end
end
it "should return nil when the fingerprint is not found" do
VCR.use_cassette("ssh-key-not-found") do
result = gitlab_net.ssh_key("whatever")
result = gitlab_net.authorized_key("whatever")
result.should be_nil
end
end
it "should return a ssh key with a valid fingerprint" do
VCR.use_cassette("ssh-key-ok") do
result = gitlab_net.ssh_key("42:18:16")
result = gitlab_net.authorized_key("42:18:16")
result.should eq({
"created_at" => "2016-03-04T18:27:36.959Z",
"id" => 2,
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

As we reevaluate how to best support and maintain Staging Ref in the future, we encourage development teams using this environment to highlight their use cases in the following issue: https://gitlab.com/gitlab-com/gl-infra/software-delivery/framework/software-delivery-framework-issue-tracker/-/issues/36.