Fix integration tests with Docker image for PostgreSQL 10.5#1205
Merged
nickvergessen merged 1 commit intomasterfrom Sep 21, 2018
Merged
Conversation
The `postgres:10` tag is not fixed, but updated every time a new
`postgres:10.X` image is released. Thus, the integration tests run in
Drone always use the latest Docker image for PostgreSQL 10.
The parameters used for the Docker container of PostgreSQL relied on a
bug in both the Nextcloud installer and in the Docker image for
PostgreSQL; the bug in the image was fixed in "postgres:10.5", so the
tests started to fail due to not being able to install Nextcloud.
The database user created in the image did not have "create role"
privileges, so that user was the one used by the Nextcloud installer.
After the fix it does, so the Nextcloud installer creates and uses a new
user instead. However, if an existing database name is given to the
installer the installer does not grant privileges to that new user on
the existing database.
By default the container creates a new database with the same name as
the database user ("oc_autotest"), and that database was passed to the
installer. Thus, as the new user was not granted privileges on the
existing database it could not connect to it and the installation failed.
Now the container creates a dummy database with a different name to the
one passed to the installer, so now the "oc_autotest" database is
created by the installer and the new user is made owner of that new
database.
Note that this fix is backwards compatible with PostgreSQL images prior
to the fix, so no special handling is needed in `run-docker.sh` when
older images are used.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
nickvergessen
approved these changes
Sep 21, 2018
nickvergessen
deleted the
fix-integration-tests-with-docker-image-for-postgresql-10.5
branch
Member
|
Great, a TL,DR would be appreciated next time 😆 |
This was referenced Sep 25, 2018
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The parameters used for the Docker container of PostgreSQL relied on a bug in the Docker image that has been recently fixed: when the container was started a
postgresuser was always created as a superuser, and also with create role privileges. If--env POSTGRES_USER=XXXwas set in the container then, in addition to thepostgresuser, the given user was created too as a superuser; however, in this case, it had no explicit create role privilege (although as a superuser it would bypass the privilege checks and thus be able to create roles). Besides that, a database with the same name as the given user was also created.When Nextcloud is installed on PostgreSQL it is checked if the user has
create roleprivileges; if it does not then the given database user is the one that will be used by Nextcloud. Then a database with the given name is created, but if the given name already exists then all the privileges for the public role are revoked from the database instead.In the above scenario, when the Docker container of PostgreSQL was started for the integration tests
--env POSTGRES_USER=oc_autotestwas used, so a superuser namedoc_autotestand a database namedoc_autotestwere created. Then, in the installation of Nextcloud, it was checked if the useroc_autotesthad create role privileges; it did not (even if as a superuser it could create roles, but it is an implicit privilege, not an explicit one), so that user was the one used. As a database named like thePOSTGRES_USERwas automatically created when the container was started and it was the database name given to the installer too then the privileges for the public role were revoked from that database and the installation went on happily.All this started to fail when the bug was fixed in the Docker image. Note that the Docker image tag used is
postgres:10; this is not a fixed tag, but one that is updated every time a newpostgres:10.Ximage is released. Thus, the integration tests run in Drone always use the latest Docker image for PostgreSQL 10.After the fix, if
--env POSTGRES_USER=XXXis set in the container then thepostgresuser is not created and only the given user is created as a superuser, and now with create role privileges too; the database with the same name as the given user is still created.Due to this, when the Docker container of PostgreSQL was started with the latest image for the integration tests, in the installation of Nextcloud it was checked if the user
oc_autotesthad create role privileges; now it did, so a new user, which would be the one used by Nextcloud, was created based on the admin user name. However, as the given database also exists, then the privileges for the public role were revoked from the database, but the new user was not granted any privilege in the existing database. Thus, the installation failed withError while trying to create admin user: Failed to connect to the database: An exception occured in driver: SQLSTATE[08006] [7] FATAL: permission denied for database "nextcloud" DETAIL: User does not have CONNECT privilege..This is a bug in the Nextcloud installer reported in nextcloud/server#11311, but not fixed yet at the time of this writing.
However, the unit tests on PostgreSQL were fixed in the server without fixing the installer. How? By using a specific name for the database created when the Docker container starts.
If
--env POSTGRES_DB=YYYis set in the container then the database is created with the given name, instead of with the name of the user given inPOSTGRES_USER. Thus, as the databaseoc_autotest_dummyis created when the container starts, but the database name given to Nextcloud isoc_autotest, the installer creates the useroc_adminand then creates the databaseoc_autotestmakingoc_adminits owner, and now the installation can go on happily.This same approach is the one used in this pull request to fix the integration tests on PostgreSQL.