From 8efdf75bcb3621822523803b02bd308792bf84d5 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Thu, 9 Nov 2017 12:18:26 -0800 Subject: Use a non-superuser user to access GitLab to ensure permissions are proper We have run into permission issues with MySQL triggers in #36633 that would have been caught earlier either if our migration tests or GitLab QA tests had been testing against non-superuser users. This change creates a non-superuser that has access to the GitLab test database and uses that. Closes #39932 --- scripts/prepare_build.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'scripts/prepare_build.sh') diff --git a/scripts/prepare_build.sh b/scripts/prepare_build.sh index 7abadef5e89..36bcf087cd9 100644 --- a/scripts/prepare_build.sh +++ b/scripts/prepare_build.sh @@ -1,6 +1,7 @@ . scripts/utils.sh export SETUP_DB=${SETUP_DB:-true} +export CREATE_DB_USER=${CREATE_DB_USER:-$SETUP_DB} export USE_BUNDLE_INSTALL=${USE_BUNDLE_INSTALL:-true} export BUNDLE_INSTALL_FLAGS="--without production --jobs $(nproc) --path vendor --retry 3 --quiet" @@ -26,6 +27,9 @@ fi cp config/database.yml.$GITLAB_DATABASE config/database.yml +# Set user to a non-superuser to ensure we test permissions +sed -i 's/username: root/username: gitlab/g' config/database.yml + if [ "$GITLAB_DATABASE" = 'postgresql' ]; then sed -i 's/localhost/postgres/g' config/database.yml else # Assume it's mysql @@ -44,6 +48,16 @@ sed -i 's/localhost/redis/g' config/redis.queues.yml cp config/redis.shared_state.yml.example config/redis.shared_state.yml sed -i 's/localhost/redis/g' config/redis.shared_state.yml +# Some tasks (e.g. db:seed_fu) need to have a properly-configured database +# user but not necessarily a full schema loaded +if [ "$CREATE_DB_USER" != "false" ]; then + if [ "$GITLAB_DATABASE" = 'postgresql' ]; then + . scripts/create_postgres_user.sh + else + . scripts/create_mysql_user.sh + fi +fi + if [ "$SETUP_DB" != "false" ]; then bundle exec rake db:drop db:create db:schema:load db:migrate -- cgit v1.2.1