diff options
| author | Rémy Coutable <remy@rymai.me> | 2017-11-10 10:24:09 +0000 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2017-11-10 10:24:09 +0000 |
| commit | 2cfcb9be53f35f4f26755d615b821eb604b5aa31 (patch) | |
| tree | c74d643399c1b507657f81742d04926c9432a4b4 | |
| parent | e482a4d59dae6437a64ae4ccbe6976ffced7b9ba (diff) | |
| parent | 8efdf75bcb3621822523803b02bd308792bf84d5 (diff) | |
| download | gitlab-ce-2cfcb9be53f35f4f26755d615b821eb604b5aa31.tar.gz | |
Merge branch 'sh-use-non-superuser-db' into 'master'
Use a non-superuser user to access GitLab to ensure permissions are proper
Closes #39932
See merge request gitlab-org/gitlab-ce!15301
| -rw-r--r-- | .gitlab-ci.yml | 3 | ||||
| -rw-r--r-- | scripts/create_mysql_user.sh | 8 | ||||
| -rw-r--r-- | scripts/create_postgres_user.sh | 8 | ||||
| -rw-r--r-- | scripts/prepare_build.sh | 14 |
4 files changed, 32 insertions, 1 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6a5050b553f..5710effc39d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -453,6 +453,7 @@ db:migrate:reset-mysql: stage: test variables: SETUP_DB: "false" + CREATE_DB_USER: "true" script: - git fetch https://gitlab.com/gitlab-org/gitlab-ce.git v9.3.0 - git checkout -f FETCH_HEAD @@ -497,6 +498,7 @@ db:rollback-mysql: variables: SIZE: "1" SETUP_DB: "false" + CREATE_DB_USER: "true" script: - git clone https://gitlab.com/gitlab-org/gitlab-test.git /home/git/repositories/gitlab-org/gitlab-test.git @@ -532,7 +534,6 @@ gitlab:assets:compile: NODE_ENV: "production" RAILS_ENV: "production" SETUP_DB: "false" - USE_DB: "false" SKIP_STORAGE_VALIDATION: "true" WEBPACK_REPORT: "true" NO_COMPRESSION: "true" diff --git a/scripts/create_mysql_user.sh b/scripts/create_mysql_user.sh new file mode 100644 index 00000000000..28f6cfb50ae --- /dev/null +++ b/scripts/create_mysql_user.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +mysql --user=root --host=mysql <<EOF +CREATE DATABASE IF NOT EXISTS gitlabhq_test; +CREATE USER IF NOT EXISTS 'gitlab'@'%'; +GRANT ALL PRIVILEGES ON gitlabhq_test.* TO 'gitlab'@'%'; +FLUSH PRIVILEGES; +EOF diff --git a/scripts/create_postgres_user.sh b/scripts/create_postgres_user.sh new file mode 100644 index 00000000000..8a744df3226 --- /dev/null +++ b/scripts/create_postgres_user.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +psql -h postgres -U postgres postgres <<EOF +DROP DATABASE IF EXISTS gitlabhq_test; +CREATE DATABASE gitlabhq_test; +CREATE USER gitlab; +GRANT ALL PRIVILEGES ON DATABASE gitlabhq_test TO gitlab; +EOF diff --git a/scripts/prepare_build.sh b/scripts/prepare_build.sh index 7abadef5e89..36bcf087cd9 100644 --- a/scripts/prepare_build.sh +++ b/scripts/prepare_build.sh @@ -1,6 +1,7 @@ . scripts/utils.sh export SETUP_DB=${SETUP_DB:-true} +export CREATE_DB_USER=${CREATE_DB_USER:-$SETUP_DB} export USE_BUNDLE_INSTALL=${USE_BUNDLE_INSTALL:-true} export BUNDLE_INSTALL_FLAGS="--without production --jobs $(nproc) --path vendor --retry 3 --quiet" @@ -26,6 +27,9 @@ fi cp config/database.yml.$GITLAB_DATABASE config/database.yml +# Set user to a non-superuser to ensure we test permissions +sed -i 's/username: root/username: gitlab/g' config/database.yml + if [ "$GITLAB_DATABASE" = 'postgresql' ]; then sed -i 's/localhost/postgres/g' config/database.yml else # Assume it's mysql @@ -44,6 +48,16 @@ sed -i 's/localhost/redis/g' config/redis.queues.yml cp config/redis.shared_state.yml.example config/redis.shared_state.yml sed -i 's/localhost/redis/g' config/redis.shared_state.yml +# Some tasks (e.g. db:seed_fu) need to have a properly-configured database +# user but not necessarily a full schema loaded +if [ "$CREATE_DB_USER" != "false" ]; then + if [ "$GITLAB_DATABASE" = 'postgresql' ]; then + . scripts/create_postgres_user.sh + else + . scripts/create_mysql_user.sh + fi +fi + if [ "$SETUP_DB" != "false" ]; then bundle exec rake db:drop db:create db:schema:load db:migrate |