Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

acceptance: run python, psql containers as current uid #81460

Merged
merged 1 commit into from
May 19, 2022
Merged

acceptance: run python, psql containers as current uid #81460

merged 1 commit into from
May 19, 2022

Conversation

rickystewart
Copy link
Collaborator

postgres's permission checking for certificates has gotten more
rigorous since this commit.
This has broken a couple acceptance tests which do not pin to any
specific postgres version (see #81313, #81437).

Here we attempt to solve the problem "once and for all" by ensuring that
these containers run with a UID that is equal to the one that created
the certificates.

Release note: None

@rickystewart rickystewart requested a review from a team May 18, 2022 16:53
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@rickystewart rickystewart requested a review from knz May 18, 2022 17:59
@rickystewart
Copy link
Collaborator Author

@knz -- Looks like TestComposeGSS has some problems with this:

psql_1       | psql: local user with ID 1006 does not exist

Not sure what changes are necessary at this point.

@knz
Copy link
Contributor

knz commented May 18, 2022

it's amissing entry in /etc/passwd.
need to add https://github.com/benesch/autouseradd like in builder image.

@rickystewart rickystewart force-pushed the psqluid branch 4 times, most recently from 403c307 to 714b36f Compare May 18, 2022 22:56
@rickystewart
acceptance: run python, psql containers as current uid
3ef77d5 
`postgres`'s permission checking for certificates has gotten more
rigorous since [this commit](https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=a59c79564bdc209a5bc7b02d706f0d7352eb82fa).
This has broken a couple `acceptance` tests which do not pin to any
specific `postgres` version (see cockroachdb#81313, cockroachdb#81437).

Here we attempt to solve the problem "once and for all" by ensuring that
these containers run with a UID that is equal to the one that created
the certificates.

Release note: None
knz
knz approved these changes May 19, 2022
View reviewed changes
Copy link
Contributor

@knz knz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

awesome, thanks

Reviewed 6 of 6 files at r1, all commit messages.
Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @rickystewart)

@rickystewart
Copy link
Collaborator Author

TFTR!

bors r=knz

@otan
Copy link
Contributor

otan commented May 19, 2022

i assume we're backporting these, so i'm adding the tags!

@craig
Copy link
Contributor

craig bot commented May 19, 2022

This PR was included in a batch that was canceled, it will be automatically retried

@craig
Copy link
Contributor

craig bot commented May 19, 2022

Build succeeded:

@craig craig bot merged commit bb3f07b into cockroachdb:master May 19, 2022
@blathers-crl blathers-crl bot mentioned this pull request May 19, 2022
Merged
@blathers-crl
Copy link

blathers-crl bot commented May 19, 2022

Encountered an error creating backports. Some common things that can go wrong:

  1. The backport branch might have already existed.
  2. There was a merge conflict.
  3. The backport branch contained merge commits.

You might need to create your backport manually using the backport tool.

error creating merge commit from 3ef77d5 to blathers/backport-release-21.2-81460: POST https://api.github.com/repos/cockroachdb/cockroach/merges: 409 Merge conflict []

you may need to manually resolve merge conflicts with the backport tool.

Backport to branch 21.2.x failed. See errors above.

🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is otan.

@rickystewart rickystewart mentioned this pull request May 19, 2022
Merged
@rickystewart rickystewart mentioned this pull request May 23, 2022
Merged
rickystewart added a commit to rickystewart/cockroach that referenced this pull request May 24, 2022
@rickystewart
release-21.1: acceptance: run python, psql containers as current uid
b065031 
Manual cherry-pick from cockroachdb#81460.

`postgres`'s permission checking for certificates has gotten more
rigorous since [this commit](https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=a59c79564bdc209a5bc7b02d706f0d7352eb82fa).
This has broken a couple `acceptance` tests which do not pin to any
specific `postgres` version (see cockroachdb#81313, cockroachdb#81437).

Here we attempt to solve the problem "once and for all" by ensuring that
these containers run with a UID that is equal to the one that created
the certificates.

Release note: None
@rickystewart rickystewart mentioned this pull request May 26, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knz knz knz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rickystewart @cockroach-teamcity @knz @otan