Remove the fallback path from gitlab-ce

c08191e0 · Patrick Bajao · 42484f55 · c08191e0 · c08191e0
Commit c08191e0 authored Aug 23, 2019 by Patrick Bajao
Hide whitespace changes
Inline Side-by-side

Showing with 89 additions and 482 deletions

lib/gitlab/shell.rb lib/gitlab/shell.rb +6 -80

spec/lib/gitlab/shell_spec.rb spec/lib/gitlab/shell_spec.rb +83 -402

No files found.
--- a/lib/gitlab/shell.rb
+++ b/lib/gitlab/shell.rb
@@ -165,16 +165,7 @@ module Gitlab
    def add_key(key_id, key_content)
      return unless self.authorized_keys_enabled?

-      if shell_out_for_gitlab_keys?
-        gitlab_shell_fast_execute([
-          gitlab_shell_keys_path,
-          'add-key',
-          key_id,
-          strip_key(key_content)
-        ])
-      else
-        gitlab_authorized_keys.add_key(key_id, key_content)
-      end
+      gitlab_authorized_keys.add_key(key_id, key_content)
    end

    # Batch-add keys to authorized_keys
@@ -184,19 +175,7 @@ module Gitlab
    def batch_add_keys(keys)
      return unless self.authorized_keys_enabled?

-      if shell_out_for_gitlab_keys?
-        begin
-          IO.popen("#{gitlab_shell_keys_path} batch-add-keys", 'w') do |io|
-            add_keys_to_io(keys, io)
-          end
-
-          $?.success?
-        rescue Error
-          false
-        end
-      else
-        gitlab_authorized_keys.batch_add_keys(keys)
-      end
+      gitlab_authorized_keys.batch_add_keys(keys)
    end

    # Remove ssh key from authorized_keys
@@ -207,11 +186,7 @@ module Gitlab
    def remove_key(id, _ = nil)
      return unless self.authorized_keys_enabled?

-      if shell_out_for_gitlab_keys?
-        gitlab_shell_fast_execute([gitlab_shell_keys_path, 'rm-key', id])
-      else
-        gitlab_authorized_keys.rm_key(id)
-      end
+      gitlab_authorized_keys.rm_key(id)
    end

    # Remove all ssh keys from gitlab shell
@@ -222,11 +197,7 @@ module Gitlab
    def remove_all_keys
      return unless self.authorized_keys_enabled?

-      if shell_out_for_gitlab_keys?
-        gitlab_shell_fast_execute([gitlab_shell_keys_path, 'clear'])
-      else
-        gitlab_authorized_keys.clear
-      end
+      gitlab_authorized_keys.clear
    end

    # Remove ssh keys from gitlab shell that are not in the DB
@@ -341,14 +312,6 @@ module Gitlab
      File.join(Gitlab.config.repositories.storages[storage].legacy_disk_path, dir_name)
    end

-    def gitlab_shell_projects_path
-      File.join(gitlab_shell_path, 'bin', 'gitlab-projects')
-    end
-
-    def gitlab_shell_keys_path
-      File.join(gitlab_shell_path, 'bin', 'gitlab-keys')
-    end
-
    def authorized_keys_enabled?
      # Return true if nil to ensure the authorized_keys methods work while
      # fixing the authorized_keys file during migration.
@@ -359,35 +322,6 @@ module Gitlab

    private

-    def shell_out_for_gitlab_keys?
-      Gitlab.config.gitlab_shell.authorized_keys_file.blank?
-    end
-
-    def gitlab_shell_fast_execute(cmd)
-      output, status = gitlab_shell_fast_execute_helper(cmd)
-
-      return true if status.zero?
-
-      Rails.logger.error("gitlab-shell failed with error #{status}: #{output}") # rubocop:disable Gitlab/RailsLogger
-      false
-    end
-
-    def gitlab_shell_fast_execute_raise_error(cmd, vars = {})
-      output, status = gitlab_shell_fast_execute_helper(cmd, vars)
-
-      raise Error, output unless status.zero?
-
-      true
-    end
-
-    def gitlab_shell_fast_execute_helper(cmd, vars = {})
-      vars.merge!(ENV.to_h.slice(*GITLAB_SHELL_ENV_VARS))
-
-      # Don't pass along the entire parent environment to prevent gitlab-shell
-      # from wasting I/O by searching through GEM_PATH
-      Bundler.with_original_env { Popen.popen(cmd, nil, vars) }
-    end
-
    def git_timeout
      Gitlab.config.gitlab_shell.git_timeout
    end
@@ -407,16 +341,8 @@ module Gitlab
    def batch_read_key_ids(batch_size: 100, &block)
      return unless self.authorized_keys_enabled?

-      if shell_out_for_gitlab_keys?
-        IO.popen("#{gitlab_shell_keys_path} list-key-ids") do |key_id_stream|
-          key_id_stream.lazy.each_slice(batch_size) do |lines|
-            yield(lines.map { |l| l.chomp.to_i })
-          end
-        end
-      else
-        gitlab_authorized_keys.list_key_ids.lazy.each_slice(batch_size) do |key_ids|
-          yield(key_ids)
-        end
+      gitlab_authorized_keys.list_key_ids.lazy.each_slice(batch_size) do |key_ids|
+        yield(key_ids)
      end
    end


--- a/spec/lib/gitlab/shell_spec.rb
+++ b/spec/lib/gitlab/shell_spec.rb
@@ -52,38 +52,14 @@ describe Gitlab::Shell do

  describe '#add_key' do
    context 'when authorized_keys_enabled is true' do
-      context 'authorized_keys_file not set' do
-        before do
-          stub_gitlab_shell_setting(authorized_keys_file: nil)
-          allow(gitlab_shell)
-            .to receive(:gitlab_shell_keys_path)
-            .and_return(:gitlab_shell_keys_path)
-        end
-
-        it 'calls #gitlab_shell_fast_execute with add-key command' do
-          expect(gitlab_shell)
-            .to receive(:gitlab_shell_fast_execute)
-            .with([
-              :gitlab_shell_keys_path,
-              'add-key',
-              'key-123',
-              'ssh-rsa foobar'
-            ])
-
-          gitlab_shell.add_key('key-123', 'ssh-rsa foobar trailing garbage')
-        end
-      end
-
-      context 'authorized_keys_file set' do
-        it 'calls Gitlab::AuthorizedKeys#add_key with id and key' do
-          expect(Gitlab::AuthorizedKeys).to receive(:new).and_return(gitlab_authorized_keys)
+      it 'calls Gitlab::AuthorizedKeys#add_key with id and key' do
+        expect(Gitlab::AuthorizedKeys).to receive(:new).and_return(gitlab_authorized_keys)

-          expect(gitlab_authorized_keys)
-            .to receive(:add_key)
-            .with('key-123', 'ssh-rsa foobar')
+        expect(gitlab_authorized_keys)
+          .to receive(:add_key)
+          .with('key-123', 'ssh-rsa foobar')

-          gitlab_shell.add_key('key-123', 'ssh-rsa foobar')
-        end
+        gitlab_shell.add_key('key-123', 'ssh-rsa foobar')
      end
    end

@@ -92,24 +68,10 @@ describe Gitlab::Shell do
        stub_application_setting(authorized_keys_enabled: false)
      end

-      context 'authorized_keys_file not set' do
-        before do
-          stub_gitlab_shell_setting(authorized_keys_file: nil)
-        end
+      it 'does nothing' do
+        expect(Gitlab::AuthorizedKeys).not_to receive(:new)

-        it 'does nothing' do
-          expect(gitlab_shell).not_to receive(:gitlab_shell_fast_execute)
-
-          gitlab_shell.add_key('key-123', 'ssh-rsa foobar trailing garbage')
-        end
-      end
-
-      context 'authorized_keys_file set' do
-        it 'does nothing' do
-          expect(Gitlab::AuthorizedKeys).not_to receive(:new)
-
-          gitlab_shell.add_key('key-123', 'ssh-rsa foobar trailing garbage')
-        end
+        gitlab_shell.add_key('key-123', 'ssh-rsa foobar trailing garbage')
      end
    end

@@ -118,38 +80,14 @@ describe Gitlab::Shell do
        stub_application_setting(authorized_keys_enabled: nil)
      end

-      context 'authorized_keys_file not set' do
-        before do
-          stub_gitlab_shell_setting(authorized_keys_file: nil)
-          allow(gitlab_shell)
-            .to receive(:gitlab_shell_keys_path)
-            .and_return(:gitlab_shell_keys_path)
-        end
-
-        it 'calls #gitlab_shell_fast_execute with add-key command' do
-          expect(gitlab_shell)
-            .to receive(:gitlab_shell_fast_execute)
-            .with([
-              :gitlab_shell_keys_path,
-              'add-key',
-              'key-123',
-              'ssh-rsa foobar'
-            ])
-
-          gitlab_shell.add_key('key-123', 'ssh-rsa foobar trailing garbage')
-        end
-      end
-
-      context 'authorized_keys_file set' do
-        it 'calls Gitlab::AuthorizedKeys#add_key with id and key' do
-          expect(Gitlab::AuthorizedKeys).to receive(:new).and_return(gitlab_authorized_keys)
+      it 'calls Gitlab::AuthorizedKeys#add_key with id and key' do
+        expect(Gitlab::AuthorizedKeys).to receive(:new).and_return(gitlab_authorized_keys)

-          expect(gitlab_authorized_keys)
-            .to receive(:add_key)
-            .with('key-123', 'ssh-rsa foobar')
+        expect(gitlab_authorized_keys)
+          .to receive(:add_key)
+          .with('key-123', 'ssh-rsa foobar')

-          gitlab_shell.add_key('key-123', 'ssh-rsa foobar')
-        end
+        gitlab_shell.add_key('key-123', 'ssh-rsa foobar')
      end
    end
  end
@@ -158,50 +96,14 @@ describe Gitlab::Shell do
    let(:keys) { [double(shell_id: 'key-123', key: 'ssh-rsa foobar')] }

    context 'when authorized_keys_enabled is true' do
-      context 'authorized_keys_file not set' do
-        let(:io) { double }
-
-        before do
-          stub_gitlab_shell_setting(authorized_keys_file: nil)
-        end
-
-        context 'valid keys' do
-          before do
-            allow(gitlab_shell)
-              .to receive(:gitlab_shell_keys_path)
-              .and_return(:gitlab_shell_keys_path)
-          end
-
-          it 'calls gitlab-keys with batch-add-keys command' do
-            expect(IO)
-              .to receive(:popen)
-              .with("gitlab_shell_keys_path batch-add-keys", 'w')
-              .and_yield(io)
-
-            expect(io).to receive(:puts).with("key-123\tssh-rsa foobar")
-            expect(gitlab_shell.batch_add_keys(keys)).to be_truthy
-          end
-        end
-
-        context 'invalid keys' do
-          let(:keys) { [double(shell_id: 'key-123', key: "ssh-rsa A\tSDFA\nSGADG")] }
-
-          it 'catches failure and returns false' do
-            expect(gitlab_shell.batch_add_keys(keys)).to be_falsey
-          end
-        end
-      end
+      it 'calls Gitlab::AuthorizedKeys#batch_add_keys with keys to be added' do
+        expect(Gitlab::AuthorizedKeys).to receive(:new).and_return(gitlab_authorized_keys)

-      context 'authorized_keys_file set' do
-        it 'calls Gitlab::AuthorizedKeys#batch_add_keys with keys to be added' do
-          expect(Gitlab::AuthorizedKeys).to receive(:new).and_return(gitlab_authorized_keys)
+        expect(gitlab_authorized_keys)
+          .to receive(:batch_add_keys)
+          .with(keys)

-          expect(gitlab_authorized_keys)
-            .to receive(:batch_add_keys)
-            .with(keys)
-
-          gitlab_shell.batch_add_keys(keys)
-        end
+        gitlab_shell.batch_add_keys(keys)
      end
    end

@@ -210,24 +112,10 @@ describe Gitlab::Shell do
        stub_application_setting(authorized_keys_enabled: false)
      end

-      context 'authorized_keys_file not set' do
-        before do
-          stub_gitlab_shell_setting(authorized_keys_file: nil)
-        end
-
-        it 'does nothing' do
-          expect(IO).not_to receive(:popen)
-
-          gitlab_shell.batch_add_keys(keys)
-        end
-      end
-
-      context 'authorized_keys_file set' do
-        it 'does nothing' do
-          expect(Gitlab::AuthorizedKeys).not_to receive(:new)
+      it 'does nothing' do
+        expect(Gitlab::AuthorizedKeys).not_to receive(:new)

-          gitlab_shell.batch_add_keys(keys)
-        end
+        gitlab_shell.batch_add_keys(keys)
      end
    end

@@ -236,72 +124,25 @@ describe Gitlab::Shell do
        stub_application_setting(authorized_keys_enabled: nil)
      end

-      context 'authorized_keys_file not set' do
-        let(:io) { double }
+      it 'calls Gitlab::AuthorizedKeys#batch_add_keys with keys to be added' do
+        expect(Gitlab::AuthorizedKeys).to receive(:new).and_return(gitlab_authorized_keys)

-        before do
-          stub_gitlab_shell_setting(authorized_keys_file: nil)
-          allow(gitlab_shell)
-            .to receive(:gitlab_shell_keys_path)
-            .and_return(:gitlab_shell_keys_path)
-        end
-
-        it 'calls gitlab-keys with batch-add-keys command' do
-          expect(IO)
-            .to receive(:popen)
-            .with("gitlab_shell_keys_path batch-add-keys", 'w')
-            .and_yield(io)
+        expect(gitlab_authorized_keys)
+          .to receive(:batch_add_keys)
+          .with(keys)

-          expect(io).to receive(:puts).with("key-123\tssh-rsa foobar")
-
-          gitlab_shell.batch_add_keys(keys)
-        end
-      end
-
-      context 'authorized_keys_file set' do
-        it 'calls Gitlab::AuthorizedKeys#batch_add_keys with keys to be added' do
-          expect(Gitlab::AuthorizedKeys).to receive(:new).and_return(gitlab_authorized_keys)
-
-          expect(gitlab_authorized_keys)
-            .to receive(:batch_add_keys)
-            .with(keys)
-
-          gitlab_shell.batch_add_keys(keys)
-        end
+        gitlab_shell.batch_add_keys(keys)
      end
    end
  end

  describe '#remove_key' do
    context 'when authorized_keys_enabled is true' do
-      context 'authorized_keys_file not set' do
-        before do
-          stub_gitlab_shell_setting(authorized_keys_file: nil)
-          allow(gitlab_shell)
-            .to receive(:gitlab_shell_keys_path)
-            .and_return(:gitlab_shell_keys_path)
-        end
-
-        it 'calls #gitlab_shell_fast_execute with rm-key command' do
-          expect(gitlab_shell)
-            .to receive(:gitlab_shell_fast_execute)
-            .with([
-              :gitlab_shell_keys_path,
-              'rm-key',
-              'key-123'
-            ])
-
-          gitlab_shell.remove_key('key-123')
-        end
-      end
+      it 'calls Gitlab::AuthorizedKeys#rm_key with the key to be removed' do
+        expect(Gitlab::AuthorizedKeys).to receive(:new).and_return(gitlab_authorized_keys)
+        expect(gitlab_authorized_keys).to receive(:rm_key).with('key-123')

-      context 'authorized_keys_file not set' do
-        it 'calls Gitlab::AuthorizedKeys#rm_key with the key to be removed' do
-          expect(Gitlab::AuthorizedKeys).to receive(:new).and_return(gitlab_authorized_keys)
-          expect(gitlab_authorized_keys).to receive(:rm_key).with('key-123')
-
-          gitlab_shell.remove_key('key-123')
-        end
+        gitlab_shell.remove_key('key-123')
      end
    end

@@ -310,24 +151,10 @@ describe Gitlab::Shell do
        stub_application_setting(authorized_keys_enabled: false)
      end

-      context 'authorized_keys_file not set' do
-        before do
-          stub_gitlab_shell_setting(authorized_keys_file: nil)
-        end
-
-        it 'does nothing' do
-          expect(gitlab_shell).not_to receive(:gitlab_shell_fast_execute)
+      it 'does nothing' do
+        expect(Gitlab::AuthorizedKeys).not_to receive(:new)

-          gitlab_shell.remove_key('key-123')
-        end
-      end
-
-      context 'authorized_keys_file set' do
-        it 'does nothing' do
-          expect(Gitlab::AuthorizedKeys).not_to receive(:new)
-
-          gitlab_shell.remove_key('key-123')
-        end
+        gitlab_shell.remove_key('key-123')
      end
    end

@@ -336,64 +163,22 @@ describe Gitlab::Shell do
        stub_application_setting(authorized_keys_enabled: nil)
      end

-      context 'authorized_keys_file not set' do
-        before do
-          stub_gitlab_shell_setting(authorized_keys_file: nil)
-          allow(gitlab_shell)
-            .to receive(:gitlab_shell_keys_path)
-            .and_return(:gitlab_shell_keys_path)
-        end
-
-        it 'calls #gitlab_shell_fast_execute with rm-key command' do
-          expect(gitlab_shell)
-            .to receive(:gitlab_shell_fast_execute)
-            .with([
-              :gitlab_shell_keys_path,
-              'rm-key',
-              'key-123'
-            ])
-
-          gitlab_shell.remove_key('key-123')
-        end
-      end
-
-      context 'authorized_keys_file not set' do
-        it 'calls Gitlab::AuthorizedKeys#rm_key with the key to be removed' do
-          expect(Gitlab::AuthorizedKeys).to receive(:new).and_return(gitlab_authorized_keys)
-          expect(gitlab_authorized_keys).to receive(:rm_key).with('key-123')
+      it 'calls Gitlab::AuthorizedKeys#rm_key with the key to be removed' do
+        expect(Gitlab::AuthorizedKeys).to receive(:new).and_return(gitlab_authorized_keys)
+        expect(gitlab_authorized_keys).to receive(:rm_key).with('key-123')

-          gitlab_shell.remove_key('key-123')
-        end
+        gitlab_shell.remove_key('key-123')
      end
    end
  end

  describe '#remove_all_keys' do
    context 'when authorized_keys_enabled is true' do
-      context 'authorized_keys_file not set' do
-        before do
-          stub_gitlab_shell_setting(authorized_keys_file: nil)
-          allow(gitlab_shell)
-            .to receive(:gitlab_shell_keys_path)
-            .and_return(:gitlab_shell_keys_path)
-        end
+      it 'calls Gitlab::AuthorizedKeys#clear' do
+        expect(Gitlab::AuthorizedKeys).to receive(:new).and_return(gitlab_authorized_keys)
+        expect(gitlab_authorized_keys).to receive(:clear)

-        it 'calls #gitlab_shell_fast_execute with clear command' do
-          expect(gitlab_shell)
-            .to receive(:gitlab_shell_fast_execute)
-            .with([:gitlab_shell_keys_path, 'clear'])
-
-          gitlab_shell.remove_all_keys
-        end
-      end
-
-      context 'authorized_keys_file set' do
-        it 'calls Gitlab::AuthorizedKeys#clear' do
-          expect(Gitlab::AuthorizedKeys).to receive(:new).and_return(gitlab_authorized_keys)
-          expect(gitlab_authorized_keys).to receive(:clear)
-
-          gitlab_shell.remove_all_keys
-        end
+        gitlab_shell.remove_all_keys
      end
    end

@@ -402,24 +187,10 @@ describe Gitlab::Shell do
        stub_application_setting(authorized_keys_enabled: false)
      end

-      context 'authorized_keys_file not set' do
-        before do
-          stub_gitlab_shell_setting(authorized_keys_file: nil)
-        end
-
-        it 'does nothing' do
-          expect(gitlab_shell).not_to receive(:gitlab_shell_fast_execute)
+      it 'does nothing' do
+        expect(Gitlab::AuthorizedKeys).not_to receive(:new)

-          gitlab_shell.remove_all_keys
-        end
-      end
-
-      context 'authorized_keys_file set' do
-        it 'does nothing' do
-          expect(Gitlab::AuthorizedKeys).not_to receive(:new)
-
-          gitlab_shell.remove_all_keys
-        end
+        gitlab_shell.remove_all_keys
      end
    end

@@ -428,163 +199,73 @@ describe Gitlab::Shell do
        stub_application_setting(authorized_keys_enabled: nil)
      end

-      context 'authorized_keys_file not set' do
-        before do
-          stub_gitlab_shell_setting(authorized_keys_file: nil)
-          allow(gitlab_shell)
-            .to receive(:gitlab_shell_keys_path)
-            .and_return(:gitlab_shell_keys_path)
-        end
-
-        it 'calls #gitlab_shell_fast_execute with clear command' do
-          expect(gitlab_shell)
-            .to receive(:gitlab_shell_fast_execute)
-            .with([:gitlab_shell_keys_path, 'clear'])
+      it 'calls Gitlab::AuthorizedKeys#clear' do
+        expect(Gitlab::AuthorizedKeys).to receive(:new).and_return(gitlab_authorized_keys)
+        expect(gitlab_authorized_keys).to receive(:clear)

-          gitlab_shell.remove_all_keys
-        end
-      end
-
-      context 'authorized_keys_file set' do
-        it 'calls Gitlab::AuthorizedKeys#clear' do
-          expect(Gitlab::AuthorizedKeys).to receive(:new).and_return(gitlab_authorized_keys)
-          expect(gitlab_authorized_keys).to receive(:clear)
-
-          gitlab_shell.remove_all_keys
-        end
+        gitlab_shell.remove_all_keys
      end
    end
  end

  describe '#remove_keys_not_found_in_db' do
    context 'when keys are in the file that are not in the DB' do
-      context 'authorized_keys_file not set' do
-        before do
-          stub_gitlab_shell_setting(authorized_keys_file: nil)
-          gitlab_shell.remove_all_keys
-          gitlab_shell.add_key('key-1234', 'ssh-rsa ASDFASDF')
-          gitlab_shell.add_key('key-9876', 'ssh-rsa ASDFASDF')
-          @another_key = create(:key) # this one IS in the DB
-        end
-
-        it 'removes the keys' do
-          expect(gitlab_shell).to receive(:remove_key).with('key-1234')
-          expect(gitlab_shell).to receive(:remove_key).with('key-9876')
-          expect(gitlab_shell).not_to receive(:remove_key).with("key-#{@another_key.id}")
-
-          gitlab_shell.remove_keys_not_found_in_db
-        end
+      before do
+        gitlab_shell.remove_all_keys
+        gitlab_shell.add_key('key-1234', 'ssh-rsa ASDFASDF')
+        gitlab_shell.add_key('key-9876', 'ssh-rsa ASDFASDF')
+        @another_key = create(:key) # this one IS in the DB
      end

-      context 'authorized_keys_file set' do
-        before do
-          gitlab_shell.remove_all_keys
-          gitlab_shell.add_key('key-1234', 'ssh-rsa ASDFASDF')
-          gitlab_shell.add_key('key-9876', 'ssh-rsa ASDFASDF')
-          @another_key = create(:key) # this one IS in the DB
-        end
-
-        it 'removes the keys' do
-          expect(gitlab_shell).to receive(:remove_key).with('key-1234')
-          expect(gitlab_shell).to receive(:remove_key).with('key-9876')
-          expect(gitlab_shell).not_to receive(:remove_key).with("key-#{@another_key.id}")
+      it 'removes the keys' do
+        expect(gitlab_shell).to receive(:remove_key).with('key-1234')
+        expect(gitlab_shell).to receive(:remove_key).with('key-9876')
+        expect(gitlab_shell).not_to receive(:remove_key).with("key-#{@another_key.id}")

-          gitlab_shell.remove_keys_not_found_in_db
-        end
+        gitlab_shell.remove_keys_not_found_in_db
      end
    end

    context 'when keys there are duplicate keys in the file that are not in the DB' do
-      context 'authorized_keys_file not set' do
-        before do
-          stub_gitlab_shell_setting(authorized_keys_file: nil)
-          gitlab_shell.remove_all_keys
-          gitlab_shell.add_key('key-1234', 'ssh-rsa ASDFASDF')
-          gitlab_shell.add_key('key-1234', 'ssh-rsa ASDFASDF')
-        end
-
-        it 'removes the keys' do
-          expect(gitlab_shell).to receive(:remove_key).with('key-1234')
-
-          gitlab_shell.remove_keys_not_found_in_db
-        end
+      before do
+        gitlab_shell.remove_all_keys
+        gitlab_shell.add_key('key-1234', 'ssh-rsa ASDFASDF')
+        gitlab_shell.add_key('key-1234', 'ssh-rsa ASDFASDF')
      end

-      context 'authorized_keys_file set' do
-        before do
-          gitlab_shell.remove_all_keys
-          gitlab_shell.add_key('key-1234', 'ssh-rsa ASDFASDF')
-          gitlab_shell.add_key('key-1234', 'ssh-rsa ASDFASDF')
-        end
-
-        it 'removes the keys' do
-          expect(gitlab_shell).to receive(:remove_key).with('key-1234')
+      it 'removes the keys' do
+        expect(gitlab_shell).to receive(:remove_key).with('key-1234')

-          gitlab_shell.remove_keys_not_found_in_db
-        end
+        gitlab_shell.remove_keys_not_found_in_db
      end
    end

    context 'when keys there are duplicate keys in the file that ARE in the DB' do
-      context 'authorized_keys_file not set' do
-        before do
-          stub_gitlab_shell_setting(authorized_keys_file: nil)
-          gitlab_shell.remove_all_keys
-          @key = create(:key)
-          gitlab_shell.add_key(@key.shell_id, @key.key)
-        end
-
-        it 'does not remove the key' do
-          expect(gitlab_shell).not_to receive(:remove_key).with("key-#{@key.id}")
-
-          gitlab_shell.remove_keys_not_found_in_db
-        end
+      before do
+        gitlab_shell.remove_all_keys
+        @key = create(:key)
+        gitlab_shell.add_key(@key.shell_id, @key.key)
      end

-      context 'authorized_keys_file set' do
-        before do
-          gitlab_shell.remove_all_keys
-          @key = create(:key)
-          gitlab_shell.add_key(@key.shell_id, @key.key)
-        end
-
-        it 'does not remove the key' do
-          expect(gitlab_shell).not_to receive(:remove_key).with("key-#{@key.id}")
+      it 'does not remove the key' do
+        expect(gitlab_shell).not_to receive(:remove_key).with("key-#{@key.id}")

-          gitlab_shell.remove_keys_not_found_in_db
-        end
+        gitlab_shell.remove_keys_not_found_in_db
      end
    end

    unless ENV['CI'] # Skip in CI, it takes 1 minute
      context 'when the first batch can be skipped, but the next batch has keys that are not in the DB' do
-        context 'authorized_keys_file not set' do
-          before do
-            stub_gitlab_shell_setting(authorized_keys_file: nil)
-            gitlab_shell.remove_all_keys
-            100.times { |i| create(:key) } # first batch is all in the DB
-            gitlab_shell.add_key('key-1234', 'ssh-rsa ASDFASDF')
-          end
-
-          it 'removes the keys not in the DB' do
-            expect(gitlab_shell).to receive(:remove_key).with('key-1234')
-
-            gitlab_shell.remove_keys_not_found_in_db
-          end
+        before do
+          gitlab_shell.remove_all_keys
+          100.times { |i| create(:key) } # first batch is all in the DB
+          gitlab_shell.add_key('key-1234', 'ssh-rsa ASDFASDF')
        end

-        context 'authorized_keys_file set' do
-          before do
-            gitlab_shell.remove_all_keys
-            100.times { |i| create(:key) } # first batch is all in the DB
-            gitlab_shell.add_key('key-1234', 'ssh-rsa ASDFASDF')
-          end
-
-          it 'removes the keys not in the DB' do
-            expect(gitlab_shell).to receive(:remove_key).with('key-1234')
+        it 'removes the keys not in the DB' do
+          expect(gitlab_shell).to receive(:remove_key).with('key-1234')

-            gitlab_shell.remove_keys_not_found_in_db
-          end
+          gitlab_shell.remove_keys_not_found_in_db
        end
      end
    end