From a1ec2ad0b2638f084dffbe804b681c96dc6dadb8 Mon Sep 17 00:00:00 2001
From: Patrick Bajao <ebajao@gitlab.com>
Date: Thu, 29 Aug 2019 16:28:22 +0800
Subject: Auto create authorized_keys file if doesn't exist

Utilize the auto repair functionality of system checks.
---
 lib/gitlab/authorized_keys.rb                      |  9 ++++++
 .../app/authorized_keys_permission_check.rb        |  4 +++
 spec/lib/gitlab/authorized_keys_spec.rb            | 35 ++++++++++++++++++++++
 .../app/authorized_keys_permission_check_spec.rb   | 22 ++++++++++++++
 4 files changed, 70 insertions(+)

diff --git a/lib/gitlab/authorized_keys.rb b/lib/gitlab/authorized_keys.rb
index ca9b65b7c44..820a78b653c 100644
--- a/lib/gitlab/authorized_keys.rb
+++ b/lib/gitlab/authorized_keys.rb
@@ -22,6 +22,15 @@ module Gitlab
       false
     end
 
+    # Creates the authorized_keys file if it doesn't exist
+    #
+    # @return [Boolean]
+    def create
+      open_authorized_keys_file(File::CREAT) { true }
+    rescue Errno::EACCES
+      false
+    end
+
     # Add id and its key to the authorized_keys file
     #
     # @param [String] id identifier of key prefixed by `key-`
diff --git a/lib/system_check/app/authorized_keys_permission_check.rb b/lib/system_check/app/authorized_keys_permission_check.rb
index 1c581f88abc..1246a6875a3 100644
--- a/lib/system_check/app/authorized_keys_permission_check.rb
+++ b/lib/system_check/app/authorized_keys_permission_check.rb
@@ -14,6 +14,10 @@ module SystemCheck
         authorized_keys.accessible?
       end
 
+      def repair!
+        authorized_keys.create
+      end
+
       def show_error
         try_fixing_it([
           "sudo chmod 700 #{File.dirname(authorized_keys.file)}",
diff --git a/spec/lib/gitlab/authorized_keys_spec.rb b/spec/lib/gitlab/authorized_keys_spec.rb
index 0aeccc256ca..adf36cf1050 100644
--- a/spec/lib/gitlab/authorized_keys_spec.rb
+++ b/spec/lib/gitlab/authorized_keys_spec.rb
@@ -37,6 +37,41 @@ describe Gitlab::AuthorizedKeys do
     end
   end
 
+  describe '#create' do
+    subject { authorized_keys.create }
+
+    context 'authorized_keys file exists' do
+      before do
+        create_authorized_keys_fixture
+      end
+
+      after do
+        delete_authorized_keys_file
+      end
+
+      it { is_expected.to be_truthy }
+    end
+
+    context 'authorized_keys file does not exist' do
+      after do
+        delete_authorized_keys_file
+      end
+
+      it 'creates authorized_keys file' do
+        expect(subject).to be_truthy
+        expect(File.exist?(tmp_authorized_keys_path)).to be_truthy
+      end
+    end
+
+    context 'cannot create file' do
+      before do
+        allow(File).to receive(:open).and_raise(Errno::EACCES)
+      end
+
+      it { is_expected.to be_falsey }
+    end
+  end
+
   describe '#add_key' do
     let(:id) { 'key-741' }
 
diff --git a/spec/lib/system_check/app/authorized_keys_permission_check_spec.rb b/spec/lib/system_check/app/authorized_keys_permission_check_spec.rb
index ac216c1860c..1a8123c3f0a 100644
--- a/spec/lib/system_check/app/authorized_keys_permission_check_spec.rb
+++ b/spec/lib/system_check/app/authorized_keys_permission_check_spec.rb
@@ -42,4 +42,26 @@ describe SystemCheck::App::AuthorizedKeysPermissionCheck do
       it { is_expected.to eq(false) }
     end
   end
+
+  describe '#repair!' do
+    subject { system_check.repair! }
+
+    before do
+      expect_next_instance_of(Gitlab::AuthorizedKeys) do |instance|
+        allow(instance).to receive(:create) { created }
+      end
+    end
+
+    context 'authorized_keys file created' do
+      let(:created) { true }
+
+      it { is_expected.to eq(true) }
+    end
+
+    context 'authorized_keys file is not created' do
+      let(:created) { false }
+
+      it { is_expected.to eq(false) }
+    end
+  end
 end
-- 
cgit v1.2.1