From 15dd33366a91944e051bc49aab3666745a169b81 Mon Sep 17 00:00:00 2001
From: Jonathan Cobb <jonathan@kyuss.org>
Date: Sat, 12 Sep 2020 12:42:56 -0400
Subject: [PATCH] allow installation of a key on a sage if there are no keys
 defined

---
 .../main/java/bubble/dao/account/AccountSshKeyDAO.java   | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/bubble-server/src/main/java/bubble/dao/account/AccountSshKeyDAO.java b/bubble-server/src/main/java/bubble/dao/account/AccountSshKeyDAO.java
index d8e6af48..317c7416 100644
--- a/bubble-server/src/main/java/bubble/dao/account/AccountSshKeyDAO.java
+++ b/bubble-server/src/main/java/bubble/dao/account/AccountSshKeyDAO.java
@@ -48,8 +48,13 @@ public class AccountSshKeyDAO extends AccountOwnedEntityDAO<AccountSshKey> {
         final Account owner = accountDAO.findByUuid(key.getAccount());
         final BubbleNetwork thisNetwork = configuration.getThisNetwork();
         if (thisNetwork == null || thisNetwork.getInstallType() == AnsibleInstallType.sage) {
-            // never allow installation of a key on sage. must be manually set in the database.
-            key.setInstallSshKey(false);
+            // only allow installation of a key on a sage if the user is the first admin and has no keys
+            final Account firstAdmin = accountDAO.getFirstAdmin();
+            if (owner.getUuid().equals(firstAdmin.getUuid())) {
+                key.setInstallSshKey(findByAccount(owner.getUuid()).size() == 0);
+            } else {
+                key.setInstallSshKey(false);
+            }
 
         } else {
             // admin keys are always installed on a node