1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
|
require_relative 'spec_helper'
require_relative '../lib/gitlab_keys'
require 'stringio'
describe GitlabKeys do
before do
$logger = double('logger').as_null_object
end
describe '.command' do
it 'returns the "command" part of the key line' do
command = "#{ROOT_PATH}/bin/gitlab-shell key-123"
expect(described_class.command('key-123')).to eq(command)
end
it 'raises KeyError on invalid input' do
expect { described_class.command("\nssh-rsa AAA") }.to raise_error(described_class::KeyError)
end
end
describe '.key_line' do
let(:line) { %(command="#{ROOT_PATH}/bin/gitlab-shell key-741",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaDAxx2E) }
it 'returns the key line' do
expect(described_class.key_line('key-741', 'ssh-rsa AAAAB3NzaDAxx2E')).to eq(line)
end
it 'silently removes a trailing newline' do
expect(described_class.key_line('key-741', "ssh-rsa AAAAB3NzaDAxx2E\n")).to eq(line)
end
it 'raises KeyError on invalid input' do
expect { described_class.key_line('key-741', "ssh-rsa AAA\nssh-rsa AAA") }.to raise_error(described_class::KeyError)
end
end
describe :initialize do
let(:gitlab_keys) { build_gitlab_keys('add-key', 'key-741', 'ssh-rsa AAAAB3NzaDAxx2E') }
it { gitlab_keys.key.should == 'ssh-rsa AAAAB3NzaDAxx2E' }
it { gitlab_keys.instance_variable_get(:@command).should == 'add-key' }
it { gitlab_keys.instance_variable_get(:@key_id).should == 'key-741' }
end
describe :add_key do
let(:gitlab_keys) { build_gitlab_keys('add-key', 'key-741', 'ssh-rsa AAAAB3NzaDAxx2E') }
it "adds a line at the end of the file" do
create_authorized_keys_fixture
gitlab_keys.send :add_key
auth_line = "command=\"#{ROOT_PATH}/bin/gitlab-shell key-741\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaDAxx2E"
File.read(tmp_authorized_keys_path).should == "existing content\n#{auth_line}\n"
end
context "without file writing" do
before { gitlab_keys.stub(:open) }
before { create_authorized_keys_fixture }
it "should log an add-key event" do
$logger.should_receive(:info).with('Adding key key-741 => "ssh-rsa AAAAB3NzaDAxx2E"')
gitlab_keys.send :add_key
end
it "should return true" do
gitlab_keys.send(:add_key).should be_true
end
end
end
describe :list_keys do
let(:gitlab_keys) do
build_gitlab_keys('add-key', 'key-741', 'ssh-rsa AAAAB3NzaDAxx2E')
end
it 'adds a key and lists it' do
create_authorized_keys_fixture
gitlab_keys.send :add_key
auth_line1 = 'key-741 AAAAB3NzaDAxx2E'
gitlab_keys.send(:list_keys).should == "#{auth_line1}\n"
end
end
describe :batch_add_keys do
let(:gitlab_keys) { build_gitlab_keys('batch-add-keys') }
let(:fake_stdin) { StringIO.new("key-12\tssh-dsa ASDFASGADG\nkey-123\tssh-rsa GFDGDFSGSDFG\n", 'r') }
before do
create_authorized_keys_fixture
gitlab_keys.stub(stdin: fake_stdin)
end
it "adds lines at the end of the file" do
gitlab_keys.send :batch_add_keys
auth_line1 = "command=\"#{ROOT_PATH}/bin/gitlab-shell key-12\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dsa ASDFASGADG"
auth_line2 = "command=\"#{ROOT_PATH}/bin/gitlab-shell key-123\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa GFDGDFSGSDFG"
File.read(tmp_authorized_keys_path).should == "existing content\n#{auth_line1}\n#{auth_line2}\n"
end
context "with invalid input" do
let(:fake_stdin) { StringIO.new("key-12\tssh-dsa ASDFASGADG\nkey-123\tssh-rsa GFDGDFSGSDFG\nfoo\tbar\tbaz\n", 'r') }
it "aborts" do
gitlab_keys.should_receive(:abort)
gitlab_keys.send :batch_add_keys
end
end
context "without file writing" do
before do
gitlab_keys.should_receive(:open).and_yield(mock(:file, puts: nil, chmod: nil))
end
it "should log an add-key event" do
$logger.should_receive(:info).with('Adding key key-12 => "ssh-dsa ASDFASGADG"')
$logger.should_receive(:info).with('Adding key key-123 => "ssh-rsa GFDGDFSGSDFG"')
gitlab_keys.send :batch_add_keys
end
it "should return true" do
gitlab_keys.send(:batch_add_keys).should be_true
end
end
end
describe :stdin do
let(:gitlab_keys) { build_gitlab_keys }
subject { gitlab_keys.send :stdin }
before { $stdin = 1 }
it { should equal(1) }
end
describe :rm_key do
let(:gitlab_keys) { build_gitlab_keys('rm-key', 'key-741', 'ssh-rsa AAAAB3NzaDAxx2E') }
it "removes the right line" do
create_authorized_keys_fixture
other_line = "command=\"#{ROOT_PATH}/bin/gitlab-shell key-742\",options ssh-rsa AAAAB3NzaDAxx2E"
delete_line = "command=\"#{ROOT_PATH}/bin/gitlab-shell key-741\",options ssh-rsa AAAAB3NzaDAxx2E"
open(tmp_authorized_keys_path, 'a') do |auth_file|
auth_file.puts delete_line
auth_file.puts other_line
end
gitlab_keys.send :rm_key
erased_line = delete_line.gsub(/./, '#')
File.read(tmp_authorized_keys_path).should == "existing content\n#{erased_line}\n#{other_line}\n"
end
context "without file writing" do
before do
gitlab_keys.stub(:open)
gitlab_keys.stub(:lock).and_yield
end
it "should log an rm-key event" do
$logger.should_receive(:info).with('Removing key key-741')
gitlab_keys.send :rm_key
end
it "should return true" do
gitlab_keys.send(:rm_key).should be_true
end
end
end
describe :clear do
let(:gitlab_keys) { build_gitlab_keys('clear') }
it "should return true" do
gitlab_keys.stub(:open)
gitlab_keys.send(:clear).should be_true
end
end
describe :check_permissions do
let(:gitlab_keys) { build_gitlab_keys('check-permissions') }
it 'returns true when the file can be opened' do
create_authorized_keys_fixture
expect(gitlab_keys.exec).to eq(true)
end
it 'returns false if opening raises an exception' do
gitlab_keys.should_receive(:open_auth_file).and_raise("imaginary error")
expect(gitlab_keys.exec).to eq(false)
end
it 'creates the keys file if it does not exist' do
create_authorized_keys_fixture
FileUtils.rm(tmp_authorized_keys_path)
expect(gitlab_keys.exec).to eq(true)
expect(File.exist?(tmp_authorized_keys_path)).to eq(true)
end
end
describe :exec do
it 'add-key arg should execute add_key method' do
gitlab_keys = build_gitlab_keys('add-key')
gitlab_keys.should_receive(:add_key)
gitlab_keys.exec
end
it 'batch-add-keys arg should execute batch_add_keys method' do
gitlab_keys = build_gitlab_keys('batch-add-keys')
gitlab_keys.should_receive(:batch_add_keys)
gitlab_keys.exec
end
it 'rm-key arg should execute rm_key method' do
gitlab_keys = build_gitlab_keys('rm-key')
gitlab_keys.should_receive(:rm_key)
gitlab_keys.exec
end
it 'clear arg should execute clear method' do
gitlab_keys = build_gitlab_keys('clear')
gitlab_keys.should_receive(:clear)
gitlab_keys.exec
end
it 'check-permissions arg should execute check_permissions method' do
gitlab_keys = build_gitlab_keys('check-permissions')
gitlab_keys.should_receive(:check_permissions)
gitlab_keys.exec
end
it 'should puts message if unknown command arg' do
gitlab_keys = build_gitlab_keys('change-key')
gitlab_keys.should_receive(:puts).with('not allowed')
gitlab_keys.exec
end
it 'should log a warning on unknown commands' do
gitlab_keys = build_gitlab_keys('nooope')
gitlab_keys.stub(puts: nil)
$logger.should_receive(:warn).with('Attempt to execute invalid gitlab-keys command "nooope".')
gitlab_keys.exec
end
end
describe :lock do
before do
GitlabKeys.any_instance.stub(lock_file: tmp_lock_file_path)
end
it "should raise exception if operation lasts more then timeout" do
key = GitlabKeys.new
expect do
key.send :lock, 1 do
sleep 2
end
end.to raise_error
end
it "should actually lock file" do
$global = ""
key = GitlabKeys.new
thr1 = Thread.new do
key.send :lock do
# Put bigger sleep here to test if main thread will
# wait for lock file released before executing code
sleep 1
$global << "foo"
end
end
# make sure main thread start lock command after
# thread above
sleep 0.5
key.send :lock do
$global << "bar"
end
thr1.join
$global.should == "foobar"
end
end
def build_gitlab_keys(*args)
argv(*args)
GitlabKeys.new
end
def argv(*args)
args.each_with_index do |arg, i|
ARGV[i] = arg.freeze
end
end
def create_authorized_keys_fixture
FileUtils.mkdir_p(File.dirname(tmp_authorized_keys_path))
open(tmp_authorized_keys_path, 'w') { |file| file.puts('existing content') }
gitlab_keys.stub(auth_file: tmp_authorized_keys_path)
end
def tmp_authorized_keys_path
File.join(ROOT_PATH, 'tmp', 'authorized_keys')
end
def tmp_lock_file_path
tmp_authorized_keys_path + '.lock'
end
end
|
