Namespaced authorized_keys

runner_scripts/root/cleanup.sh

@@ -36,7 +36,11 @@ id -u "$AUTH_USER" >/dev/null 2>&1 || error "User $AUTH_USER does not exist"
 
 ## Use a key pair to authenticate the user (private key has to be set as a GitLab CI/CD variable)
 AUTH_KEY=$CUSTOM_ENV_AUTH_KEY
-AUTH_PUB=/etc/gitlab-runner/authorized_keys
+AUTH_PUB="/etc/gitlab-runner/auth/${CI_SERVER_HOST}/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/authorized_keys"
+
+if [[ ! -f "$AUTH_PUB" ]]; then
+    error "Authentication for user $AUTH_USER not configured for this project."
+fi
 
 (
 while read -r PUB

runner_scripts/root/config.sh

@@ -17,6 +17,11 @@ function error {
 [ -z "${CUSTOM_ENV_AUTH_USER:+x}" ] && error "AUTH_USER CI/CD variable has not been set."
 [ -z "${CUSTOM_ENV_AUTH_KEY:+x}" ] && error "AUTH_KEY secret CI/CD variable has not been set."
 
+AUTH_PUB="/etc/gitlab-runner/auth/${CI_SERVER_HOST}/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/authorized_keys"
+if [[ ! -f "$AUTH_PUB" ]]; then
+    error "Authentication for user $AUTH_USER not configured for this project."
+fi
+
 AUTH_USER=$CUSTOM_ENV_AUTH_USER
 
 AUTH_USER_WORK=$(runuser "$AUTH_USER" --login --command "echo \$WORK")

runner_scripts/root/run.sh

@@ -41,7 +41,11 @@ id -u "$AUTH_USER" >/dev/null 2>&1 || error "User $AUTH_USER does not exist"
 
 ## Use a key pair to authenticate the user (private key has to be set as a GitLab CI/CD variable)
 AUTH_KEY=$CUSTOM_ENV_AUTH_KEY
-AUTH_PUB=/etc/gitlab-runner/authorized_keys
+AUTH_PUB="/etc/gitlab-runner/auth/${CI_SERVER_HOST}/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/authorized_keys"
+
+if [[ ! -f "$AUTH_PUB" ]]; then
+    error "Authentication for user $AUTH_USER not configured for this project."
+fi
 
 (
 while read -r PUB