summaryrefslogtreecommitdiff
path: root/lib/gitlab_keys.rb
Commit message (Collapse)AuthorAgeFilesLines
* Revert "Merge branch 'sh-bump-ruby-version' into 'master'"Douwe Maan2018-12-131-18/+10
| | | This reverts merge request !257
* Upgrade to Ruby 2.5.3Stan Hu2018-12-131-10/+18
|
* Fix a RuboCop warningRobert Speicher2018-08-151-1/+1
|
* Revert "Merge branch 'ash.mckenzie/srp-refactor' into 'master'"Nick Thomas2018-08-141-2/+0
| | | | | This reverts commit 3aaf4751e09262c53544a1987f59b1308af9b6c1, reversing changes made to c6577e0d75f51b017f2f332838b97c3ca5b497c0.
* Added TODO to fixup whatever namingAsh McKenzie2018-08-011-0/+2
|
* Add support for SSH certificate authenticationÆvar Arnfjörð Bjarmason2018-07-261-4/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This along with the code submitted to gitlab-ce in the gitlab-org/gitlab-ce! MR implements SSH certificate authentication. See the docs added to gitlab-ce for why and how to enable this. This, along with that MR, closes gitlab-org/gitlab-ce#3457 Implementation notes: - Because it's easy to do, and because an earlier nascent version of this would pass user-ID to gitlab-shell, that's now supported, even though the SSH certificate authentication uses username-USERNAME. - The astute reader will notice that not all the API calls in gitlab-ce's lib/api/internal.rb support a "username" argument, some only support "user_id". There's a few reasons for this: a) For this to be efficient, I am bending over backwards to avoid extra API calls when using SSH certificates. Therefore the /allowed API call will now return a "user id" to us if we're allowed to proceed further. This is then fed to existing APIs that would only be called after a successful call to /allowed. b) Not all of the git-shell codepaths go through /internal/allowed, or ever deal with a repository, e.g. the argument-less "Welcome to GitLab", and /internal/2fa_recovery_codes. These need to use /internal/discover to figure out details about the user, so support looking that up by username. c) Once we have the "user id", the GL_ID gets passed down to e.g. user-authored hooks. I don't want to have those all break by having to handle a third GL_ID mode of "username" in addition to the current "key id" and "user id".
* Switch to structured loggingJacob Vosmaer (GitLab)2018-03-191-4/+4
|
* Update files to pass modern rubocop checks. Disable some of themdz-update-depsDmitriy Zaporozhets2018-02-221-13/+20
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Update rubocop and code to pass itDmitriy Zaporozhets2018-02-221-2/+2
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Add list-key-ids commandMichael Kozono2017-06-281-0/+13
|
* Instrument GitLab Shell and log metrics data to a filePaco Guzman2016-10-111-11/+20
|
* In order to use chomp! on the input later, we need to dup the ARGV input ↵dup-frozen-argv-keyDJ Mountney2016-08-101-1/+2
| | | | | | string for keys Also updated the gitlab_key tests to freeze the ARGV variables.
* Update the keys permission check to open the file in write mode.DJ Mountney2016-08-101-2/+2
| | | | That way the file is created if it does not exist.
* Changes proposed during reviewJacob Vosmaer2016-08-101-1/+1
|
* Defense in depth for authorized_keys linesJacob Vosmaer2016-08-051-0/+5
|
* Refactor 'GitlabKey' class awaysmall-fixesJacob Vosmaer2016-08-041-15/+11
| | | | | It is not nice to have both 'GitlabKeys' and 'GitlabKey'. We also do not need GitlabKey to be a class when it has no state.
* Add permission check tests, improve checkauthorized-keys-permission-checkJacob Vosmaer2016-08-031-3/+3
|
* Improve authorized_keys checkJacob Vosmaer2016-08-021-0/+13
| | | | | | The old check only looked if authorized_keys exists. With this change, we look whether we can actually open the file for reading and writing. When this fails we try to print useful diagnostic information.
* Manage authorized_keys permissions continuouslykeys-chmodJacob Vosmaer2016-08-011-4/+11
| | | | | | We can lazily create authorized_keys and set its permissions. This adds negligible overhead and it allows us to remove a setup step from GitLab both on source and in omnibus-gitlab.
* Add authorized keys bin script to find keys by fingerprintPablo Carranza2016-03-241-11/+15
|
* Merge branch 'batch-add-keys-timeout'Dmitriy Zaporozhets2015-07-171-1/+1
|\ | | | | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
| * Increase batch_add_keys lock timeout to 300 secondsJacob Vosmaer2015-07-161-1/+1
| |
* | Remove keys from authorized_keys in-placeJacob Vosmaer2015-07-161-8/+7
|/ | | | | | This will speed up the rm-key operation. The downside is that authorized_keys will not shrink when you remove a key. If this ever becomes a problem it can be fixed by running 'rake gitlab:shell:setup'.
* Prevent keys with a very specific comment from accidentally being deleted.Douwe Maan2015-04-141-2/+6
|
* Include ecdsa keys in `gitlab_keys list-keys`.list-ecdsaDouwe Maan2015-04-101-1/+1
|
* Added list-keys command and specDavid Martin2014-10-151-0/+14
| | | | | | | | | | | | | | | | | | Removed puts and tidied up regex Address the hound Address the hound, again Use single quotes Add back travis.yml file Remove travis.yml, only keep on fh-master Use single quotes Use single quotes
* Expliclity require 'timeout' from the stdlibJacob Vosmaer2014-06-101-0/+1
| | | | | | This avoids getting the following error on some platforms: NameError: uninitialized constant GitlabKeys::Timeout
* Use authorized_keys lock when add new key to fileDmitriy Zaporozhets2014-05-311-3/+5
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Put authorized_keys.lock in the .ssh directoryJacob Vosmaer2014-05-301-1/+1
|
* Use lock file when add or remove keys from authorized_keys fileDmitriy Zaporozhets2014-04-181-14/+34
| | | | | | This prevents concurrent modification of authorized_keys file Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Add gitlab-keys batch-add-keysJacob Vosmaer2014-03-141-0/+18
| | | | | This command is intended to be called by the GitLab Rails code when restoring an application backup.
* Generate key_line in separate methodJacob Vosmaer2014-03-141-1/+5
|
* Fix return values in GitlabKeysJacob Vosmaer2013-11-201-0/+3
|
* Use Ruby instead of the Bourne shellJacob Vosmaer2013-11-021-1/+1
|
* Remove sed invocation from GitlabKeysJacob Vosmaer2013-11-021-2/+7
|
* Use Kernel#open to append lines to authorized_keysJacob Vosmaer2013-10-311-3/+2
|
* Use Tempfile instead of `sed -i`Jacob Vosmaer2013-07-191-2/+5
| | | | | | The syntax for `sed -i` is incompatible between GNU sed and BSD sed. By Tempfile from the Ruby standard library we can avoid using the `-i` option of sed.
* Remove unused require statementJacob Vosmaer2013-07-191-1/+0
|
* Ability to clear authorized_keys fileDmitriy Zaporozhets2013-07-181-0/+5
|
* Use :warn instead of :error for invalid commands.ash2013-05-181-1/+1
|
* Use a better error message if gitlab-keys gets an invalid command.ash2013-05-181-1/+1
|
* Add log messages for gitlab_keys.ash2013-05-171-0/+4
|
* Regex used in rm-key command is too laxMax Krasnyansky2013-04-241-1/+1
| | | | | | Basically the issue is that 'gitlab-shell rm-key key-2' removes all keys that match "key-2" pattern. "key-20", "key-25", etc. This change makes the regex used in the sed command more strict.
* return non-zero status if gitlab-projects or gitlab-keys cmd was not successfulv1.2.0Dmitriy Zaporozhets2013-03-251-0/+1
|
* test GitlabKeys execDmitriy Zaporozhets2013-03-111-0/+2
|
* more accurate key deletionDmitriy Zaporozhets2013-02-091-1/+1
|
* Include gitlab_config in gitlab_initDmitriy Zaporozhets2013-02-061-1/+0
|
* Fix key removalDmitriy Zaporozhets2013-02-051-1/+1
|
* add/remove keys by idDmitriy Zaporozhets2013-02-051-4/+4
|
* More testsDmitriy Zaporozhets2013-02-051-6/+0
|
View Lorry Controller Status