Merge branch '30248-fix-production-admin-fixture' into 'master'

Fix production admin fixture to use the new `Users::CreateService`

Closes #30248

See merge request !10326

3 files changed, 23 insertions, 4 deletions

diff --git a/app/services/users/create_service.rb b/app/services/users/create_service.rb
index f4f0b80f30a..193fcd85896 100644
--- a/app/services/users/create_service.rb
+++ b/app/services/users/create_service.rb
@@ -94,7 +94,7 @@ module Users
     def build_user_params
       if current_user&.is_admin?
         user_params = params.slice(*admin_create_params)
-        user_params[:created_by_id] = current_user.id
+        user_params[:created_by_id] = current_user&.id
 
         if params[:reset_password]
           user_params.merge!(force_random_password: true, password_expires_at: nil)
diff --git a/db/fixtures/production/001_admin.rb b/db/fixtures/production/001_admin.rb
index b37dc794015..1c7c89f7bbd 100644
--- a/db/fixtures/production/001_admin.rb
+++ b/db/fixtures/production/001_admin.rb
@@ -12,10 +12,12 @@ else
   user_args[:password] = ENV['GITLAB_ROOT_PASSWORD']
 end
 
-user = User.new(user_args)
-user.skip_confirmation!
+# Only admins can create other admin users in Users::CreateService so to solve
+# the chicken-and-egg problem, we pass a non-persisted admin user to the service.
+transient_admin = User.new(admin: true)
+user = Users::CreateService.new(transient_admin, user_args.merge!(skip_confirmation: true)).execute
 
-if user.save
+if user.persisted?
   puts "Administrator account created:".color(:green)
   puts
   puts "login:    root".color(:green)
diff --git a/spec/services/users/create_service_spec.rb b/spec/services/users/create_service_spec.rb
index 5f79203701a..66f68650f81 100644
--- a/spec/services/users/create_service_spec.rb
+++ b/spec/services/users/create_service_spec.rb
@@ -61,6 +61,23 @@ describe Users::CreateService, services: true do
           )
         end
 
+        context 'when the current_user is not persisted' do
+          let(:admin_user) { build(:admin) }
+
+          it 'persists the given attributes and sets created_by_id to nil' do
+            user = service.execute
+            user.reload
+
+            expect(user).to have_attributes(
+              name: params[:name],
+              username: params[:username],
+              email: params[:email],
+              password: params[:password],
+              created_by_id: nil
+            )
+          end
+        end
+
         it 'user is not confirmed if skip_confirmation param is not present' do
           expect(service.execute).not_to be_confirmed
         end