Merge branch 'permissions-create-keys' into 'master'

Update the keys permission check to open the file in write mode.

That way the file is created if it does not exist.

This will help simplify the check being running from omnibus. Currently we create the authorized_keys, file in omnibus. We want to instead have omnibus call check-permissions as the git user, to get around nfs root_squash issues with the authorized_keys file.

See merge request !83

2 files changed, 9 insertions, 2 deletions

diff --git a/lib/gitlab_keys.rb b/lib/gitlab_keys.rb
index d4c4102..eb359f8 100644
--- a/lib/gitlab_keys.rb
+++ b/lib/gitlab_keys.rb
@@ -106,7 +106,7 @@ class GitlabKeys
   end
 
   def check_permissions
-    open_auth_file('r+') { true }
+    open_auth_file(File::RDWR | File::CREAT) { true }
   rescue => ex
     puts "error: could not open #{auth_file}: #{ex}"
     if File.exist?(auth_file)
@@ -132,7 +132,7 @@ class GitlabKeys
   def lock_file
     @lock_file ||= auth_file + '.lock'
   end
-  
+
   def open_auth_file(mode)
     open(auth_file, mode, 0600) do |file|
       file.chmod(0600)
diff --git a/spec/gitlab_keys_spec.rb b/spec/gitlab_keys_spec.rb
index adff6b4..d944278 100644
--- a/spec/gitlab_keys_spec.rb
+++ b/spec/gitlab_keys_spec.rb
@@ -183,6 +183,13 @@ describe GitlabKeys do
       gitlab_keys.should_receive(:open_auth_file).and_raise("imaginary error")
       expect(gitlab_keys.exec).to eq(false)
     end
+
+    it 'creates the keys file if it does not exist' do
+      create_authorized_keys_fixture
+      FileUtils.rm(tmp_authorized_keys_path)
+      expect(gitlab_keys.exec).to eq(true)
+      expect(File.exist?(tmp_authorized_keys_path)).to eq(true)
+    end
   end
 
   describe :exec do