Commit ca2744cc authored by Rémy Coutable's avatar Rémy Coutable Committed by Stan Hu

Merge branch 'sh-use-non-superuser-db' into 'master'

Use a non-superuser user to access GitLab to ensure permissions are proper

Closes #39932

See merge request gitlab-org/gitlab-ce!15301
parent 17547613
...@@ -478,6 +478,7 @@ db:migrate:reset-mysql: ...@@ -478,6 +478,7 @@ db:migrate:reset-mysql:
stage: test stage: test
variables: variables:
SETUP_DB: "false" SETUP_DB: "false"
CREATE_DB_USER: "true"
script: script:
- git fetch https://gitlab.com/gitlab-org/gitlab-ee.git v9.3.0-ee - git fetch https://gitlab.com/gitlab-org/gitlab-ee.git v9.3.0-ee
- git checkout -f FETCH_HEAD - git checkout -f FETCH_HEAD
...@@ -522,6 +523,7 @@ db:rollback-mysql: ...@@ -522,6 +523,7 @@ db:rollback-mysql:
variables: variables:
SIZE: "1" SIZE: "1"
SETUP_DB: "false" SETUP_DB: "false"
CREATE_DB_USER: "true"
script: script:
- git clone https://gitlab.com/gitlab-org/gitlab-test.git - git clone https://gitlab.com/gitlab-org/gitlab-test.git
/home/git/repositories/gitlab-org/gitlab-test.git /home/git/repositories/gitlab-org/gitlab-test.git
...@@ -557,7 +559,6 @@ gitlab:assets:compile: ...@@ -557,7 +559,6 @@ gitlab:assets:compile:
NODE_ENV: "production" NODE_ENV: "production"
RAILS_ENV: "production" RAILS_ENV: "production"
SETUP_DB: "false" SETUP_DB: "false"
USE_DB: "false"
SKIP_STORAGE_VALIDATION: "true" SKIP_STORAGE_VALIDATION: "true"
WEBPACK_REPORT: "true" WEBPACK_REPORT: "true"
NO_COMPRESSION: "true" NO_COMPRESSION: "true"
......
#!/bin/bash
mysql --user=root --host=mysql <<EOF
CREATE DATABASE IF NOT EXISTS gitlabhq_test;
CREATE USER IF NOT EXISTS 'gitlab'@'%';
GRANT ALL PRIVILEGES ON gitlabhq_test.* TO 'gitlab'@'%';
FLUSH PRIVILEGES;
EOF
#!/bin/bash
psql -h postgres -U postgres postgres <<EOF
DROP DATABASE IF EXISTS gitlabhq_test;
CREATE DATABASE gitlabhq_test;
CREATE USER gitlab;
GRANT ALL PRIVILEGES ON DATABASE gitlabhq_test TO gitlab;
EOF
. scripts/utils.sh . scripts/utils.sh
export SETUP_DB=${SETUP_DB:-true} export SETUP_DB=${SETUP_DB:-true}
export CREATE_DB_USER=${CREATE_DB_USER:-$SETUP_DB}
export USE_BUNDLE_INSTALL=${USE_BUNDLE_INSTALL:-true} export USE_BUNDLE_INSTALL=${USE_BUNDLE_INSTALL:-true}
export BUNDLE_INSTALL_FLAGS="--without production --jobs $(nproc) --path vendor --retry 3 --quiet" export BUNDLE_INSTALL_FLAGS="--without production --jobs $(nproc) --path vendor --retry 3 --quiet"
...@@ -29,6 +30,9 @@ cp config/database.yml.$GITLAB_DATABASE config/database.yml ...@@ -29,6 +30,9 @@ cp config/database.yml.$GITLAB_DATABASE config/database.yml
# EE-only # EE-only
cp config/database_geo.yml.$GITLAB_DATABASE config/database_geo.yml cp config/database_geo.yml.$GITLAB_DATABASE config/database_geo.yml
# Set user to a non-superuser to ensure we test permissions
sed -i 's/username: root/username: gitlab/g' config/database.yml
if [ "$GITLAB_DATABASE" = 'postgresql' ]; then if [ "$GITLAB_DATABASE" = 'postgresql' ]; then
sed -i 's/localhost/postgres/g' config/database.yml sed -i 's/localhost/postgres/g' config/database.yml
...@@ -53,6 +57,16 @@ sed -i 's/localhost/redis/g' config/redis.queues.yml ...@@ -53,6 +57,16 @@ sed -i 's/localhost/redis/g' config/redis.queues.yml
cp config/redis.shared_state.yml.example config/redis.shared_state.yml cp config/redis.shared_state.yml.example config/redis.shared_state.yml
sed -i 's/localhost/redis/g' config/redis.shared_state.yml sed -i 's/localhost/redis/g' config/redis.shared_state.yml
# Some tasks (e.g. db:seed_fu) need to have a properly-configured database
# user but not necessarily a full schema loaded
if [ "$CREATE_DB_USER" != "false" ]; then
if [ "$GITLAB_DATABASE" = 'postgresql' ]; then
. scripts/create_postgres_user.sh
else
. scripts/create_mysql_user.sh
fi
fi
if [ "$SETUP_DB" != "false" ]; then if [ "$SETUP_DB" != "false" ]; then
bundle exec rake db:drop db:create db:schema:load db:migrate bundle exec rake db:drop db:create db:schema:load db:migrate
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment