tsuru / gandalf Goto Github PK

If the user has permission to read/write the repository, the code should execute the user's original command, this can be done using the SSH_ORIGINAL_COMMAND environment variable.

If not, the command should return an permission error.

It is important to notice that this command will be called only when the user tries to establish a ssh connection using the git user.

e.g.:

repository.BulkGrantAccess("username", []repository.Repository{...})

It should be something like:

bare-repositories:
    location: /var/repositories
    template: /home/git/tmpl

The command located at bin/gandalf.go expects to receive the user name as a cmd line argument, this depends on the key wrapping.

When a user is added, should write his/her key to the authorized_keys.

There's no need to a separate pkg exist.

Also, it is better if there is no exported actions in the pkg key, since the actions on it are applied only into authorized_keys file and do not reflect in gandalf's database.

Should delete the user and it's associations with projects.

$> curl -XDELETE ec2-54-242-108-5.compute-1.amazonaws.com:8080/repository/name
Could not remove repository: not found
Repository name successfuly removed(gandalf)

Now that we're using git daemon to serve public operations, we need git daemon to know whether a repository is public or not, for that, when Gandalf receives the isPublic field, instead of saving the information in the database, it should create the related file in order to make it public for git daemon

By it's name

The user should have a way to know how many keys he/she has, and what are their names.

e.g.:

repository.BulkRevokeAccess("username", []repository.Repository{...})

When removing a user via api, the user's key is not removed from authorized_keys file.

Gandalf currently executes the original command around quotes, e.g:

git-receive-pack '/var/repositories/myproj.git'

This gives an error when executed via golang, it is needed to remove the single quotes.

Today we're just repassing mongodb's error message, we should improve it

It should be possible to start git-daemon (via gandalf) exporting all repositories by default.

Gandalf shold have a configuration flag, e.g.:

git-daemon:
    export-all: true

We could support it using a template for bare repositories that already come with the hooks on it.

Or it could be a config flag pointing to a file, like

gandalf.conf

post-receive: path/to/executable

I'd rather the conf option.

Some informations are collected every time they're needed from SSH_ORIGINAL_COMMAND, we could store the processed informations in a struct, like:

type originalCmd struct {
    action string
    repositoryName
    ...
}

This method should add the user name in the repository's user list at mongodb

A key must have a name and it's content must be unique.

It just returns the error, for example, a not found is returned as "not found", while it should be "Could not remove user: not found"

Gandalf does not support scaling over more than one machine because of the authorized_keys file.

In order to have more than one server, Gandalf must share (?) the authorized_keys files over each server.

Maybe doozer is a great tool for that.

We could use only a map for the use we have.

For example, when a user pushes into an absent repository, the message returned by the server is:

fatal: The remote end hung up unexpectedly

This happens for all commands that executes with error in the server side.

This method should remove the username from the repository user's list in mongodb

It is impossible to debug this module right now, logs would help a lot

For example, a

$> git push

with the remote set as [email protected]:myproject.git will execute the following command at githost.com:

$> git-receive-pack 'myproject.git'

but our repository path is not the git user's home, so we should run git-receive-pack passing the absolute path to the repository, e.g.:

$> git-receive-pack '/var/repositories/myproject.git'

We must have a wrapper to manage database sections, we can copy tsuru's interface:

db.Session.Repository().Action()

A key is only a string, it should be a struct with a name and the key itself.

In the present moment, we do not log any kind of actions.

It would be nice if we started logging. It would be awesome if we also have log levels (error, warning, info and debug)

gandalf should need authentication to respond for actions via api.

It should be possible to append keys to existent users, e.g:

u.AddKey("ssh-rsa somekey...")

This method should add the key into the user document at mongodb and write it at authorized_keys file.

If gandalf is requested to created a repository, the bare should be called 'reponame.git', the '.git' part is missing.

It might be done on web server start up inside the main function, or by the install script, that already starts gandalf-webserver.

I'd rather the startup on main approach, mainly because we need to pass a --base-path config that resides on gandalf.conf file. Other good point for that approach is that if the user does not uses the install script to install/start gandalf he/she will not be forced to start git-daemon manually.

Simply using the syscall.O_EXLOCK should solve the issue.

Something like https://gist.github.com/4034318 should do the trick.

We should ensure that the user cannot write into repositories which he/she has no permission to do so.
We should also ensure that the user cannot freely login into the server using the git user, and not execute any command different from the binary that we're gonna create.

Something like:

no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command=
"/path/to/cmd or binary name (in PATH)" ssh-rsa AAAAB3NzaC1kc3MAAACBAOjv4TL4EbQ(...)

This issue depends on issue #12.