From 3dcc821c6b5afaf919b6b97ac9ddde9bed0df9af Mon Sep 17 00:00:00 2001
From: Lukas Werner <lks.werner@fau.de>
Date: Tue, 24 Aug 2021 15:08:12 +0200
Subject: [PATCH] Namespaced authorized_keys

---
 runner_scripts/root/cleanup.sh | 6 +++++-
 runner_scripts/root/config.sh  | 5 +++++
 runner_scripts/root/run.sh     | 6 +++++-
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/runner_scripts/root/cleanup.sh b/runner_scripts/root/cleanup.sh
index 6ae5939..d7df286 100755
--- a/runner_scripts/root/cleanup.sh
+++ b/runner_scripts/root/cleanup.sh
@@ -36,7 +36,11 @@ id -u "$AUTH_USER" >/dev/null 2>&1 || error "User $AUTH_USER does not exist"
 
 ## Use a key pair to authenticate the user (private key has to be set as a GitLab CI/CD variable)
 AUTH_KEY=$CUSTOM_ENV_AUTH_KEY
-AUTH_PUB=/etc/gitlab-runner/authorized_keys
+AUTH_PUB="/etc/gitlab-runner/auth/${CI_SERVER_HOST}/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/authorized_keys"
+
+if [[ ! -f "$AUTH_PUB" ]]; then
+    error "Authentication for user $AUTH_USER not configured for this project."
+fi
 
 (
 while read -r PUB
diff --git a/runner_scripts/root/config.sh b/runner_scripts/root/config.sh
index 0145bde..c733da2 100755
--- a/runner_scripts/root/config.sh
+++ b/runner_scripts/root/config.sh
@@ -17,6 +17,11 @@ function error {
 [ -z "${CUSTOM_ENV_AUTH_USER:+x}" ] && error "AUTH_USER CI/CD variable has not been set."
 [ -z "${CUSTOM_ENV_AUTH_KEY:+x}" ] && error "AUTH_KEY secret CI/CD variable has not been set."
 
+AUTH_PUB="/etc/gitlab-runner/auth/${CI_SERVER_HOST}/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/authorized_keys"
+if [[ ! -f "$AUTH_PUB" ]]; then
+    error "Authentication for user $AUTH_USER not configured for this project."
+fi
+
 AUTH_USER=$CUSTOM_ENV_AUTH_USER
 
 AUTH_USER_WORK=$(runuser "$AUTH_USER" --login --command "echo \$WORK")
diff --git a/runner_scripts/root/run.sh b/runner_scripts/root/run.sh
index f527675..b720e27 100755
--- a/runner_scripts/root/run.sh
+++ b/runner_scripts/root/run.sh
@@ -41,7 +41,11 @@ id -u "$AUTH_USER" >/dev/null 2>&1 || error "User $AUTH_USER does not exist"
 
 ## Use a key pair to authenticate the user (private key has to be set as a GitLab CI/CD variable)
 AUTH_KEY=$CUSTOM_ENV_AUTH_KEY
-AUTH_PUB=/etc/gitlab-runner/authorized_keys
+AUTH_PUB="/etc/gitlab-runner/auth/${CI_SERVER_HOST}/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/authorized_keys"
+
+if [[ ! -f "$AUTH_PUB" ]]; then
+    error "Authentication for user $AUTH_USER not configured for this project."
+fi
 
 (
 while read -r PUB
-- 
GitLab