summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorStan Hu <stanhu@gmail.com>2017-11-09 12:18:26 -0800
committerStan Hu <stanhu@gmail.com>2017-11-09 22:14:03 -0800
commit8efdf75bcb3621822523803b02bd308792bf84d5 (patch)
treeb32a37e124f7f5ae1b329a30dac1caf8ea4d0a1d /scripts
parent304ceb144cca36dbcefcfb508b0dac220f76c9e1 (diff)
downloadgitlab-ce-8efdf75bcb3621822523803b02bd308792bf84d5.tar.gz
Use a non-superuser user to access GitLab to ensure permissions are propersh-use-non-superuser-db
We have run into permission issues with MySQL triggers in #36633 that would have been caught earlier either if our migration tests or GitLab QA tests had been testing against non-superuser users. This change creates a non-superuser that has access to the GitLab test database and uses that. Closes #39932
Diffstat (limited to 'scripts')
-rw-r--r--scripts/create_mysql_user.sh8
-rw-r--r--scripts/create_postgres_user.sh8
-rw-r--r--scripts/prepare_build.sh14
3 files changed, 30 insertions, 0 deletions
diff --git a/scripts/create_mysql_user.sh b/scripts/create_mysql_user.sh
new file mode 100644
index 00000000000..28f6cfb50ae
--- /dev/null
+++ b/scripts/create_mysql_user.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+mysql --user=root --host=mysql <<EOF
+CREATE DATABASE IF NOT EXISTS gitlabhq_test;
+CREATE USER IF NOT EXISTS 'gitlab'@'%';
+GRANT ALL PRIVILEGES ON gitlabhq_test.* TO 'gitlab'@'%';
+FLUSH PRIVILEGES;
+EOF
diff --git a/scripts/create_postgres_user.sh b/scripts/create_postgres_user.sh
new file mode 100644
index 00000000000..8a744df3226
--- /dev/null
+++ b/scripts/create_postgres_user.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+psql -h postgres -U postgres postgres <<EOF
+DROP DATABASE IF EXISTS gitlabhq_test;
+CREATE DATABASE gitlabhq_test;
+CREATE USER gitlab;
+GRANT ALL PRIVILEGES ON DATABASE gitlabhq_test TO gitlab;
+EOF
diff --git a/scripts/prepare_build.sh b/scripts/prepare_build.sh
index 7abadef5e89..36bcf087cd9 100644
--- a/scripts/prepare_build.sh
+++ b/scripts/prepare_build.sh
@@ -1,6 +1,7 @@
. scripts/utils.sh
export SETUP_DB=${SETUP_DB:-true}
+export CREATE_DB_USER=${CREATE_DB_USER:-$SETUP_DB}
export USE_BUNDLE_INSTALL=${USE_BUNDLE_INSTALL:-true}
export BUNDLE_INSTALL_FLAGS="--without production --jobs $(nproc) --path vendor --retry 3 --quiet"
@@ -26,6 +27,9 @@ fi
cp config/database.yml.$GITLAB_DATABASE config/database.yml
+# Set user to a non-superuser to ensure we test permissions
+sed -i 's/username: root/username: gitlab/g' config/database.yml
+
if [ "$GITLAB_DATABASE" = 'postgresql' ]; then
sed -i 's/localhost/postgres/g' config/database.yml
else # Assume it's mysql
@@ -44,6 +48,16 @@ sed -i 's/localhost/redis/g' config/redis.queues.yml
cp config/redis.shared_state.yml.example config/redis.shared_state.yml
sed -i 's/localhost/redis/g' config/redis.shared_state.yml
+# Some tasks (e.g. db:seed_fu) need to have a properly-configured database
+# user but not necessarily a full schema loaded
+if [ "$CREATE_DB_USER" != "false" ]; then
+ if [ "$GITLAB_DATABASE" = 'postgresql' ]; then
+ . scripts/create_postgres_user.sh
+ else
+ . scripts/create_mysql_user.sh
+ fi
+fi
+
if [ "$SETUP_DB" != "false" ]; then
bundle exec rake db:drop db:create db:schema:load db:migrate