diff options
| author | Patrick Bajao <ebajao@gitlab.com> | 2019-08-27 07:33:48 +0300 |
|---|---|---|
| committer | Patrick Bajao <ebajao@gitlab.com> | 2019-08-29 11:33:04 +0300 |
| commit | 0e33f16b5f93382214f806737d3fcf5e065c5447 (patch) | |
| tree | d7ba941512c78438f7605f63bbf255ecb9f22eab /spec/lib | |
| parent | 95ffd22f07d821f223388bd60a287365d3b7d8f6 (diff) | |
Add system check for authorized_keys file perm
This check is being removed from gitlab-shell as the file
is now being managed by gitlab-rails.
Diffstat (limited to 'spec/lib')
| -rw-r--r-- | spec/lib/gitlab/authorized_keys_spec.rb | 34 | ||||
| -rw-r--r-- | spec/lib/system_check/app/authorized_keys_permission_check_spec.rb | 50 |
2 files changed, 84 insertions, 0 deletions
diff --git a/spec/lib/gitlab/authorized_keys_spec.rb b/spec/lib/gitlab/authorized_keys_spec.rb index 42bc509eeef..85d1cc3aaa3 100644 --- a/spec/lib/gitlab/authorized_keys_spec.rb +++ b/spec/lib/gitlab/authorized_keys_spec.rb @@ -7,6 +7,40 @@ describe Gitlab::AuthorizedKeys do subject { described_class.new(logger) } + describe '#accessible?' do + context 'authorized_keys file exists' do + before do + create_authorized_keys_fixture + end + + after do + delete_authorized_keys_file + end + + context 'can open file' do + it 'returns true' do + expect(subject.accessible?).to eq(true) + end + end + + context 'cannot open file' do + before do + allow(File).to receive(:open).and_raise(Errno::EACCES) + end + + it 'returns false' do + expect(subject.accessible?).to eq(false) + end + end + end + + context 'authorized_keys file does not exist' do + it 'returns false' do + expect(subject.accessible?).to eq(false) + end + end + end + describe '#add_key' do context 'authorized_keys file exists' do before do diff --git a/spec/lib/system_check/app/authorized_keys_permission_check_spec.rb b/spec/lib/system_check/app/authorized_keys_permission_check_spec.rb new file mode 100644 index 00000000000..0aa3539e2bd --- /dev/null +++ b/spec/lib/system_check/app/authorized_keys_permission_check_spec.rb @@ -0,0 +1,50 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe SystemCheck::App::AuthorizedKeysPermissionCheck do + subject { described_class.new } + + describe '#skip?' do + context 'authorized keys enabled' do + it 'returns false' do + expect(subject.skip?).to eq(false) + end + end + + context 'authorized keys not enabled' do + before do + stub_application_setting(authorized_keys_enabled: false) + end + + it 'returns true' do + expect(subject.skip?).to eq(true) + end + end + end + + describe '#check?' do + let(:authorized_keys) { double } + + before do + allow(Gitlab::AuthorizedKeys).to receive(:new).and_return(authorized_keys) + allow(authorized_keys).to receive(:accessible?).and_return(accessible?) + end + + context 'authorized keys is accessible' do + let(:accessible?) { true } + + it 'returns true' do + expect(subject.check?).to eq(true) + end + end + + context 'authorized keys is not accessible' do + let(:accessible?) { false } + + it 'returns false' do + expect(subject.check?).to eq(false) + end + end + end +end |