Rake task `gitlab-rake gitlab:cleanup:list_orphan_job_artifact_final_objects` fails with permission denied
Summary
We recently added the new rake task gitlab:cleanup:list_orphan_job_artifact_final_objects here:
- Issue: Rake task to clean up orphaned
@finaljob artifact objects (GCP+AWS support). - MR: Add rake task to list orphan final artifact objects
A customer reported that they see a permission denied when trying to use it.
Steps to reproduce
Execute the rake task to reproduce:
root@ip-172-31-10-76:/home/ubuntu# gitlab-rake gitlab:cleanup:list_orphan_job_artifact_final_objects
I, [2024-03-26T03:15:25.544036 #115236] INFO -- : Looking for orphan job artifact objects under the `@final` directories
rake aborted!
Errno::EACCES: Permission denied @ rb_sysopen - orphan_job_artifact_final_objects.csv
/opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/cleanup/orphan_job_artifact_final_objects/generate_list.rb:51:in `initialize'What is the current bug behavior?
The line where it fails only takes two parameters, filename and mode.
Knowing this I logged into the rails console to see if I could reproduce it there:
> f = File.new('orphan_job_artifact_final_objects.csv',"w+")
(irb):18:in `initialize': Permission denied @ rb_sysopen - orphan_job_artifact_final_objects.csv (Errno:
from (irb):18:in `new'
....snipIf I add the /tmp/ folder to the filename it appears to work:
> f = File.new('/tmp/orphan_job_artifact_final_objects.csv',"w+")
=> #<File:/tmp/orphan_job_artifact_final_objects.csv>Thankfully it's possible to set the filename using an environment variable as shown here which led to the following working workaround:
FILENAME="/tmp/orphan_job_artifact_final_objects.csv" gitlab-rake gitlab:cleanup:list_orphan_job_artifact_final_objectsWhat is the expected correct behavior?
Maybe it should default to the shared path under /var/opt/gitlab/gitlab-rails/shared so as not to throw a permission denied error.