Remove gitlab-keys scriptpb-remove-gitlab-keys

author: Patrick Bajao <ebajao@gitlab.com> 2019-08-23 14:15:33 +0800
committer: Patrick Bajao <ebajao@gitlab.com> 2019-08-23 14:15:33 +0800
commit: cb9b5447eb8cb8ae6535ebf90e5a5e9e724721bd (patch)
tree: 5fcc947f3c98c9021d4a21a338bf462ccba5d84b /lib/gitlab_keys.rb
parent: 27ac932878d117d1cbffc0d190ed179f3353886c (diff)
download: gitlab-shell-pb-remove-gitlab-keys.tar.gz
1 files changed, 1 insertions, 146 deletions
diff --git a/lib/gitlab_keys.rb b/lib/gitlab_keys.rb
index 85ca797..f583ede 100644
--- a/lib/gitlab_keys.rb
+++ b/lib/gitlab_keys.rb
@@ -4,11 +4,9 @@ require_relative 'gitlab_config'
 require_relative 'gitlab_logger'
 require_relative 'gitlab_metrics'
 
-class GitlabKeys # rubocop:disable Metrics/ClassLength
+module GitlabKeys
   class KeyError < StandardError; end
 
-  attr_accessor :auth_file, :key
-
   def self.command(whatever)
     "#{ROOT_PATH}/bin/gitlab-shell #{whatever}"
   end
@@ -44,147 +42,4 @@ class GitlabKeys # rubocop:disable Metrics/ClassLength
 
     whatever_line(command_key(username_key_id), principal)
   end
-
-  def initialize
-    @command = ARGV.shift
-    @key_id = ARGV.shift
-    key = ARGV.shift
-    @key = key.dup if key
-    @auth_file = GitlabConfig.new.auth_file
-  end
-
-  def exec
-    GitlabMetrics.measure("command-#{@command}") do
-      case @command
-      when 'add-key'
-        add_key
-      when 'batch-add-keys'
-        batch_add_keys
-      when 'rm-key'
-        rm_key
-      when 'list-keys'
-        list_keys
-      when 'list-key-ids'
-        list_key_ids
-      when 'clear'
-        clear
-      when 'check-permissions'
-        check_permissions
-      else
-        $logger.warn('Attempt to execute invalid gitlab-keys command', command: @command.inspect)
-        puts 'not allowed'
-        false
-      end
-    end
-  end
-
-  protected
-
-  def add_key
-    lock do
-      $logger.info('Adding key', key_id: @key_id, public_key: @key)
-      auth_line = self.class.key_line(@key_id, @key)
-      open_auth_file('a') { |file| file.puts(auth_line) }
-    end
-    true
-  end
-
-  def list_keys
-    $logger.info 'Listing all keys'
-    keys = ''
-    File.readlines(auth_file).each do |line|
-      # key_id & public_key
-      # command=".../bin/gitlab-shell key-741" ... ssh-rsa AAAAB3NzaDAxx2E\n
-      #                               ^^^^^^^              ^^^^^^^^^^^^^^^
-      matches = /^command=\".+?\s+(.+?)\".+?(?:ssh|ecdsa)-.*?\s(.+)\s*.*\n*$/.match(line)
-      keys << "#{matches[1]} #{matches[2]}\n" unless matches.nil?
-    end
-    puts keys
-  end
-
-  def list_key_ids
-    $logger.info 'Listing all key IDs'
-    open_auth_file('r') do |f|
-      f.each_line do |line|
-        matchd = line.match(/key-(\d+)/)
-        next unless matchd
-        puts matchd[1]
-      end
-    end
-  end
-
-  def batch_add_keys
-    lock(300) do # Allow 300 seconds (5 minutes) for batch_add_keys
-      open_auth_file('a') do |file|
-        stdin.each_line do |input|
-          tokens = input.strip.split("\t")
-          abort("#{$0}: invalid input #{input.inspect}") unless tokens.count == 2
-          key_id, public_key = tokens
-          $logger.info('Adding key', key_id: key_id, public_key: public_key)
-          file.puts(self.class.key_line(key_id, public_key))
-        end
-      end
-    end
-    true
-  end
-
-  def stdin
-    $stdin
-  end
-
-  def rm_key
-    lock do
-      $logger.info('Removing key', key_id: @key_id)
-      open_auth_file('r+') do |f|
-        while line = f.gets # rubocop:disable Lint/AssignmentInCondition
-          next unless line.start_with?("command=\"#{self.class.command_key(@key_id)}\"")
-          f.seek(-line.length, IO::SEEK_CUR)
-          # Overwrite the line with #'s. Because the 'line' variable contains
-          # a terminating '\n', we write line.length - 1 '#' characters.
-          f.write('#' * (line.length - 1))
-        end
-      end
-    end
-    true
-  end
-
-  def clear
-    open_auth_file('w') { |file| file.puts '# Managed by gitlab-shell' }
-    true
-  end
-
-  def check_permissions
-    open_auth_file(File::RDWR | File::CREAT) { true }
-  rescue => ex
-    puts "error: could not open #{auth_file}: #{ex}"
-    if File.exist?(auth_file)
-      system('ls', '-l', auth_file)
-    else
-      # Maybe the parent directory is not writable?
-      system('ls', '-ld', File.dirname(auth_file))
-    end
-    false
-  end
-
-  def lock(timeout = 10)
-    File.open(lock_file, "w+") do |f|
-      begin
-        f.flock File::LOCK_EX
-        Timeout.timeout(timeout) { yield }
-      ensure
-        f.flock File::LOCK_UN
-      end
-    end
-  end
-
-  def lock_file
-    @lock_file ||= auth_file + '.lock'
-  end
-
-  def open_auth_file(mode)
-    open(auth_file, mode, 0o600) do |file|
-      file.chmod(0o600)
-      yield file
-    end
-  end
 end
author	Patrick Bajao <ebajao@gitlab.com>	2019-08-23 14:15:33 +0800
committer	Patrick Bajao <ebajao@gitlab.com>	2019-08-23 14:15:33 +0800
commit	cb9b5447eb8cb8ae6535ebf90e5a5e9e724721bd (patch)
tree	5fcc947f3c98c9021d4a21a338bf462ccba5d84b /lib/gitlab_keys.rb
parent	27ac932878d117d1cbffc0d190ed179f3353886c (diff)
download	gitlab-shell-pb-remove-gitlab-keys.tar.gz