multi_check

in ee/lib/system_check/geo/authorized_keys_check.rb [28:124]

• 73 lines of code
• 10 McCabe index (conditional complexity)

      def multi_check
        unless openssh_config_exists?
          print_failure("Cannot find OpenSSH configuration file at: #{openssh_config_path}")

          if in_docker?
            try_fixing_it(
              'If you are not using our official docker containers,',
              'make sure you have OpenSSH server installed and configured correctly on this system'
            )

            for_more_information(AUTHORIZED_KEYS_DOCS)
          else
            try_fixing_it(
              'Make sure you have OpenSSH server installed on this system'
            )
          end

          return
        end

        unless openssh_config_readable?
          print_skipped('Cannot access OpenSSH configuration file')

          try_fixing_it(
            'This is expected if you are using SELinux. You may want to check configuration manually'
          )

          for_more_information(AUTHORIZED_KEYS_DOCS)
          return
        end

        authorized_keys_command = extract_authorized_keys_command
        unless authorized_keys_command
          print_failure('OpenSSH configuration file does not contain a AuthorizedKeysCommand')

          try_fixing_it(
            'Change your OpenSSH configuration file pointing to the correct command'
          )

          for_more_information(AUTHORIZED_KEYS_DOCS)
          return
        end

        unless openssh_is_expected_command?(authorized_keys_command)
          print_warning('OpenSSH configuration file points to a different AuthorizedKeysCommand')

          try_fixing_it(
            "We were expecting AuthorizedKeysCommand to be: #{OPENSSH_EXPECTED_COMMAND}",
            "but instead it is: #{authorized_keys_command}",
            'If you made a custom command, make sure it behaves according to GitLab\'s Documentation'
          )

          for_more_information(AUTHORIZED_KEYS_DOCS)
          
        end

        authorized_keys_command_path = openssh_extract_command_path(authorized_keys_command)
        unless File.file?(authorized_keys_command_path)
          print_failure("Cannot find configured AuthorizedKeysCommand: #{authorized_keys_command_path}")

          try_fixing_it(
            'You need to create the file and add the correct content to it'
          )

          for_more_information(AUTHORIZED_KEYS_DOCS)
          return
        end

        authorized_keys_command_user = extract_authorized_keys_command_user
        unless authorized_keys_command_user
          print_failure('OpenSSH configuration file does not contain a AuthorizedKeysCommandUser')

          try_fixing_it(
            'Change your OpenSSH configuration file pointing to the correct user'
          )

          for_more_information(AUTHORIZED_KEYS_DOCS)
          return
        end

        unless authorized_keys_command_user == gitlab_user
          print_warning('OpenSSH configuration file points to a different AuthorizedKeysCommandUser')

          try_fixing_it(
            "We were expecting AuthorizedKeysCommandUser to be: #{gitlab_user}",
            "but instead it is: #{authorized_keys_command_user}",
            'Fix your OpenSSH configuration file pointing to the correct user'
          )

          for_more_information(AUTHORIZED_KEYS_DOCS)
          return
        end

        $stdout.puts 'yes'.color(:green)
        true
      end