Geo: Fix how we set FDW password so it handles curly brackets/braces
Original error
From https://gitlab.zendesk.com/agent/tickets/109185:
There was an error running gitlab-ctl reconfigure:
postgresql_fdw_user_mapping[gitlab_secondary] (gitlab-ee::geo-postgresql line 181) had an error: Mixlib::ShellOut::ShellCommandFailed: postgresql_query[update mapping for gitlab_geo at gitlab_secondary] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab-ee/resources/postgresql_fdw_user_mapping.rb line 23) had an error: Mixlib::ShellOut::ShellCommandFailed: execute[update mapping for gitlab_geo at gitlab_secondary (geo-postgresql)] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/postgresql/resources/query.rb line 11) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
---- Begin output of /opt/gitlab/bin/gitlab-geo-psql -d gitlabhq_geo_production -c "ALTER USER MAPPING FOR gitlab_geo SERVER gitlab_secondary OPTIONS (SET user 'gitlab', ADD password 'foo}bar');" ----
STDOUT:
STDERR: ERROR: option "password" provided more than once
---- End output of /opt/gitlab/bin/gitlab-geo-psql -d gitlabhq_geo_production -c "ALTER USER MAPPING FOR gitlab_geo SERVER gitlab_secondary OPTIONS (SET user 'gitlab', ADD password 'foo}bar');" ----
Ran /opt/gitlab/bin/gitlab-geo-psql -d gitlabhq_geo_production -c "ALTER USER MAPPING FOR gitlab_geo SERVER gitlab_secondary OPTIONS (SET user 'gitlab', ADD password 'foo}bar');" returned 1
"Normal" passwords are handled fine
gitlabhq_geo_production=# SELECT umoptions FROM pg_user_mappings WHERE srvname='gitlab_secondary' AND usename='gitlab_geo';
umoptions
-------------------------------
{user=gitlab,password=foobar}
(1 row)
The result {user=gitlab,password=foobar}
is correctly parsed into a Ruby hash {:user=>"gitlab", :password=>"foobar"}
.
With curly bracket in password, umoptions returns with double quotes wrapping the key and value together
gitlabhq_geo_production=# ALTER USER MAPPING FOR gitlab_geo SERVER gitlab_secondary OPTIONS (SET user 'gitlab', SET password 'foo}bar');
ALTER USER MAPPING
gitlabhq_geo_production=# SELECT umoptions FROM pg_user_mappings WHERE srvname='gitlab_secondary' AND usename='gitlab_geo';
umoptions
----------------------------------
{user=gitlab,"password=foo}bar"}
(1 row)
The result {user=gitlab,"password=foo}bar"}
is not correctly parsed into a Ruby hash {:user=>"gitlab", :"\"password"=>"xxxxxxxxxx\""}
.
Area to fix
Workaround
Manually set your FDW user mapping password to something without a curly bracket.
SSH into a node where you can gitlab-geo-psql
, and then set the password like:
ALTER USER MAPPING FOR gitlab_geo SERVER gitlab_secondary OPTIONS (SET user 'gitlab', SET password 'foobar');
Internal Slack conversation: https://gitlab.slack.com/archives/C32LCGC1H/p1543507409207800
Edited by Michael Kozono