Quotes in db_password fails on reconfigure
Summary
When configuring Geo database replication, if a single, or double quote is used in the password when setting up the PostgreSQL database password( gitlab_rails['db_password']), an error will occur during the next reconfigure.
Steps to reproduce
Go through step 2 of Geo database replication configuration.
Set the password to one that includes a ' or " for gitlab_rails['db_password'].
Run sudo gitlab-ctl reconfigure.
Example Project
(If possible, please create an example project here on GitLab.com that exhibits the problematic behavior, and link to it here in the bug report)
(If you are using an older version of GitLab, this will also determine whether the bug is fixed in a more recent version)
What is the current bug behavior?
sudo gitlab-ctl reconfigure fails to execute. Failing on [execute] sh: 1: Syntax error: Unterminated quoted string
What is the expected correct behavior?
sudo gitlab-ctl reconfigure should be successful in setting the DB password.
Relevant logs and/or screenshots
ESC[0m * postgresql_fdw_user_mapping[gitlab_secondary] action create
* postgresql_query[create mapping for gitlab_geo at gitlab_secondary] action run
* execute[create mapping for gitlab_geo at gitlab_secondary (geo-postgresql)] action run
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
[execute] sh: 1: Syntax error: Unterminated quoted string
ESC[0m
================================================================================ESC[0m
ESC[31mError executing action `run` on resource 'execute[create mapping for gitlab_geo at gitlab_secondary (geo-postgresql)]'ESC[0m
================================================================================ESC[0m
ESC[0m Mixlib::ShellOut::ShellCommandFailedESC[0m
------------------------------------ESC[0m
Expected process to exit with [0], but received '2'
ESC[0m ---- Begin output of /opt/gitlab/bin/gitlab-geo-psql -d gitlabhq_geo_production -c "CREATE USER MAPPING FOR gitlab_geo SERVER gitlab_secondary OPTIONS (user 'gitlab', password 'test"password');" ----
ESC[0m STDOUT:
ESC[0m STDERR: sh: 1: Syntax error: Unterminated quoted string
ESC[0m ---- End output of /opt/gitlab/bin/gitlab-geo-psql -d gitlabhq_geo_production -c "CREATE USER MAPPING FOR gitlab_geo SERVER gitlab_secondary OPTIONS (user 'gitlab', password 'test"password');" ----
ESC[0m Ran /opt/gitlab/bin/gitlab-geo-psql -d gitlabhq_geo_production -c "CREATE USER MAPPING FOR gitlab_geo SERVER gitlab_secondary OPTIONS (user 'gitlab', password 'test"password');" returned 2ESC[0m
ESC[0m Resource Declaration:ESC[0m
---------------------ESC[0m
# In /opt/gitlab/embedded/cookbooks/cache/cookbooks/postgresql/resources/query.rb
ESC[0m
ESC[0m 11: execute "#{new_resource.description} (#{new_resource.helper.service_name})" do
ESC[0m 12: command %(/opt/gitlab/bin/#{new_resource.helper.service_cmd} -d #{new_resource.db_name} -c "#{new_resource.query}")
ESC[0m 13: user account_helper.postgresql_user
ESC[0m 14: retries 20
ESC[0m 15: not_if { new_resource.helper.is_offline_or_readonly? }
ESC[0m 16: end
ESC[0m 17: end
ESC[0m
ESC[0m Compiled Resource:ESC[0m
------------------ESC[0m
# Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/postgresql/resources/query.rb:11:in `block in class_from_file'
ESC[0m
ESC[0m execute("create mapping for gitlab_geo at gitlab_secondary (geo-postgresql)") do
ESC[0m action [:run]
ESC[0m default_guard_interpreter :execute
ESC[0m command "/opt/gitlab/bin/gitlab-geo-psql -d gitlabhq_geo_production -c \"CREATE USER MAPPING FOR gitlab_geo SERVER gitlab_secondary OPTIONS (user 'gitlab', password 'test\"password');\""
ESC[0m backup 5
ESC[0m declared_type :execute
ESC[0m cookbook_name "gitlab-ee"
ESC[0m domain nil
ESC[0m user "gitlab-psql"
ESC[0m retries 20
ESC[0m not_if { #code block }
ESC[0m end
ESC[0m
ESC[0m System Info:ESC[0m
------------ESC[0m
chef_version=15.9.17
ESC[0m platform=ubuntu
ESC[0m platform_version=18.04
ESC[0m ruby=ruby 2.6.6p146 (2020-03-31 revision 67876) [x86_64-linux]
ESC[0m program_name=/opt/gitlab/embedded/bin/chef-client
ESC[0m executable=/opt/gitlab/embedded/bin/chef-clientESC[0m
ESC[0m ESC[0mOutput of checks
(If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com)
Results of GitLab environment info
Expand for output related to GitLab environment info
```bash root@ubuntu-bionic:~# gitlab-rake gitlab:env:info System information System: Ubuntu 18.04 Proxy: no Current User: git Using RVM: no Ruby Version: 2.6.6p146 Gem Version: 2.7.10 Bundler Version:1.17.3 Rake Version: 12.3.3 Redis Version: 5.0.9 Git Version: 2.27.0 Sidekiq Version:5.2.9 Go Version: unknown GitLab information Version: 13.2.4-ee Revision: 5f3e8be35c3 Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 11.7 URL: http://127.0.0.1 HTTP Clone URL: http://127.0.0.1/some-group/some-project.git SSH Clone URL: git@127.0.0.1:some-group/some-project.git Elasticsearch: no Geo: no Using LDAP: no Using Omniauth: yes Omniauth Providers: GitLab Shell Version: 13.3.0 Repository storage paths: - default: /var/opt/gitlab/git-data/repositories GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell Git: /opt/gitlab/embedded/bin/git ```
Results of GitLab application Check
Expand for output related to the GitLab application check
root@ubuntu-bionic:~# sudo gitlab-rake gitlab:check SANITIZE=true Checking GitLab subtasks ... Checking GitLab Shell ... GitLab Shell: ... GitLab Shell version >= 13.3.0 ? ... OK (13.3.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful Checking GitLab Shell ... Finished Checking Gitaly ... Gitaly: ... default ... OK Checking Gitaly ... Finished Checking Sidekiq ... Sidekiq: ... Running? ... yes Number of Sidekiq processes ... 1 Checking Sidekiq ... Finished Checking Incoming Email ... Incoming Email: ... Reply by email is disabled in config/gitlab.yml Checking Incoming Email ... Finished Checking LDAP ... LDAP: ... LDAP is disabled in config/gitlab.yml Checking LDAP ... Finished Checking GitLab App ... Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... skipped (no tmp uploads folder yet) Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... can't check, you have no projects Redis version >= 4.0.0? ... yes Ruby version >= 2.5.3 ? ... yes (2.6.6) Git version >= 2.22.0 ? ... yes (2.27.0) Git user has default SSH configuration? ... yes Active users: ... 1 Is authorized keys file accessible? ... yes GitLab configured to store new projects in hashed storage? ... yes All projects are in hashed storage? ... yes Elasticsearch version 6.x - 7.x? ... skipped (elasticsearch is disabled) Checking GitLab App ... Finished Checking GitLab subtasks ... Finished
Possible fixes
(If you can, link to the line of code that might be responsible for the problem)
Escape ' and " characters from passwords.