Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

fix: Add password based auth for postgres (#37068)

Browse Source
This commit is contained in:
Abhijeet 2024-12-06 10:49:27 +05:30 committed by GitHub
parent a9471f06d4
commit ba7c1588ae
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 454 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
deploy/docker/fs/opt/appsmith/entrypoint.sh
View File

@ -1,5 +1,8 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Source the helper script
source pg-utils.sh
set -e set -e
tlog "Running as: $(id)" tlog "Running as: $(id)"
@ -440,6 +443,12 @@ init_postgres() {
tlog "Initializing local Postgres data folder" tlog "Initializing local Postgres data folder"
su postgres -c "env PATH='$PATH' initdb -D $POSTGRES_DB_PATH" su postgres -c "env PATH='$PATH' initdb -D $POSTGRES_DB_PATH"
fi fi
cp /opt/appsmith/postgres/appsmith_hba.conf "$POSTGRES_DB_PATH/pg_hba.conf"
# PostgreSQL requires strict file permissions for the pg_hba.conf file. Add file permission settings after copying the configuration file.
# 600 is the recommended permission for pg_hba.conf file for read and write access to the owner only.
chown postgres:postgres "$POSTGRES_DB_PATH/pg_hba.conf"
chmod 600 "$POSTGRES_DB_PATH/pg_hba.conf"
create_appsmith_pg_db "$POSTGRES_DB_PATH" create_appsmith_pg_db "$POSTGRES_DB_PATH"
else else
runEmbeddedPostgres=0 runEmbeddedPostgres=0
@ -477,7 +486,9 @@ create_appsmith_pg_db() {
local max_attempts=300 local max_attempts=300
local attempt=0 local attempt=0
until su postgres -c "env PATH='$PATH' pg_isready -h 127.0.0.1"; do local unix_socket_directory=$(get_unix_socket_directory "$POSTGRES_DB_PATH")
echo "Unix socket directory is $unix_socket_directory"
until su postgres -c "env PATH='$PATH' pg_isready -h $unix_socket_directory"; do
if (( attempt >= max_attempts )); then if (( attempt >= max_attempts )); then
echo "Postgres failed to start within 300 seconds." echo "Postgres failed to start within 300 seconds."
return 1 return 1

52
deploy/docker/fs/opt/appsmith/pg-utils.sh
View File

@ -6,7 +6,8 @@ DB_HOST="127.0.0.1"
DB_PORT="5432" DB_PORT="5432"
DB_SCHEMA="appsmith" DB_SCHEMA="appsmith"
DB_NAME="appsmith" DB_NAME="appsmith"
postgres_admin_user="postgres" POSTGRES_ADMIN_USER="postgres"
POSTGRES_DB_PATH="/appsmith-stacks/data/postgres/main"
waitForPostgresAvailability() { waitForPostgresAvailability() {
if [ -z "$PG_DB_HOST" ]; then if [ -z "$PG_DB_HOST" ]; then
@ -17,8 +18,9 @@ waitForPostgresAvailability() {
MAX_RETRIES=50 MAX_RETRIES=50
RETRYSECONDS=10 RETRYSECONDS=10
retry_count=0 retry_count=0
local unix_socket_directory=$(get_unix_socket_directory "$POSTGRES_DB_PATH")
while true; do while true; do
su postgres -c "pg_isready -h '${PG_DB_HOST}' -p '${PG_DB_PORT}'" su postgres -c "pg_isready -h $unix_socket_directory -p '${PG_DB_PORT}'"
status=$? status=$?
case $status in case $status in
@ -106,31 +108,34 @@ init_pg_db() {
# Check if the DB_HOST is local (localhost or 127.0.0.1) # Check if the DB_HOST is local (localhost or 127.0.0.1)
if [[ "$PG_DB_HOST" == "localhost" || "$PG_DB_HOST" == "127.0.0.1" ]]; then if [[ "$PG_DB_HOST" == "localhost" || "$PG_DB_HOST" == "127.0.0.1" ]]; then
local unix_socket_directory=$(get_unix_socket_directory "$POSTGRES_DB_PATH")
# Check if the database exists # Check if the database exists
DB_CHECK=$(psql -h "$PG_DB_HOST" -p "$PG_DB_PORT" -U postgres -d "postgres" -tAc "SELECT 1 FROM pg_database WHERE datname='$PG_DB_NAME'") DB_CHECK=$(psql -h "$unix_socket_directory" -p "$PG_DB_PORT" -U "$POSTGRES_ADMIN_USER" -tAc "SELECT 1 FROM pg_database WHERE datname='$PG_DB_NAME'")
if [ "$DB_CHECK" != "1" ]; then if [ "$DB_CHECK" != "1" ]; then
echo "Database $PG_DB_NAME does not exist. Creating database..." echo "Database $PG_DB_NAME does not exist. Creating database..."
psql -h "$PG_DB_HOST" -p "$PG_DB_PORT" -U postgres -d "postgres" -c "CREATE DATABASE $PG_DB_NAME;" psql -h "$unix_socket_directory" -p "$PG_DB_PORT" -U "$POSTGRES_ADMIN_USER" -c "CREATE DATABASE $PG_DB_NAME;"
else else
echo "Database $PG_DB_NAME already exists." echo "Database $PG_DB_NAME already exists."
fi fi
# Check if the schema exists # Check if the schema exists
SCHEMA_CHECK=$(psql -h "$PG_DB_HOST" -p "$PG_DB_PORT" -U postgres -d "$PG_DB_NAME" -tAc "SELECT 1 FROM information_schema.schemata WHERE schema_name='appsmith'") SCHEMA_CHECK=$(psql -h "$unix_socket_directory" -p "$PG_DB_PORT" -U "$POSTGRES_ADMIN_USER" -d "$PG_DB_NAME" -tAc "SELECT 1 FROM information_schema.schemata WHERE schema_name='appsmith'")
# Create schema and user if not exists # Create schema and user if not exists
if [ "$SCHEMA_CHECK" != "1" ]; then if [ "$SCHEMA_CHECK" != "1" ]; then
echo "Creating user '$PG_DB_USER' with password " echo "Creating user '$PG_DB_USER' with password "
psql -h "$PG_DB_HOST" -p "$PG_DB_PORT" -U postgres -d "$PG_DB_NAME" -c "CREATE USER \"$PG_DB_USER\" WITH PASSWORD '$PG_DB_PASSWORD';" psql -h "$unix_socket_directory" -p "$PG_DB_PORT" -U "$POSTGRES_ADMIN_USER" -d "$PG_DB_NAME" -c "CREATE USER \"$PG_DB_USER\" WITH PASSWORD '$PG_DB_PASSWORD';"
echo "Schema 'appsmith' does not exist. Creating schema..." echo "Schema 'appsmith' does not exist. Creating schema..."
psql -h "$PG_DB_HOST" -p "$PG_DB_PORT" -U postgres -d "$PG_DB_NAME" -c "CREATE SCHEMA appsmith;" psql -h "$unix_socket_directory" -p "$PG_DB_PORT" -U "$POSTGRES_ADMIN_USER" -d "$PG_DB_NAME" -c "CREATE SCHEMA appsmith;"
fi fi
USER=$PG_DB_USER SCHEMA="appsmith" DB=$PG_DB_NAME HOST=$PG_DB_HOST PORT=$PG_DB_PORT grant_permissions_for_schema
echo "Creating pg_trgm extension..." echo "Creating pg_trgm extension..."
psql -h "$PG_DB_HOST" -p "$PG_DB_PORT" -U postgres -d "$PG_DB_NAME" -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;" psql -h "$unix_socket_directory" -p "$PG_DB_PORT" -U "$POSTGRES_ADMIN_USER" -d "$PG_DB_NAME" -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
# Grant permissions to the user on the schema
USER=$PG_DB_USER SCHEMA="appsmith" DB=$PG_DB_NAME HOST=$PG_DB_HOST PORT=$PG_DB_PORT grant_permissions_for_local_db_schema
else else
echo "Remote PostgreSQL detected, running as current user." echo "Remote PostgreSQL detected, running as current user."
PGPASSWORD=$PG_DB_PASSWORD psql -h "$PG_DB_HOST" -p "$PG_DB_PORT" -U "$PG_DB_USER" -d "$PG_DB_NAME" -c "CREATE SCHEMA IF NOT EXISTS appsmith;" PGPASSWORD=$PG_DB_PASSWORD psql -h "$PG_DB_HOST" -p "$PG_DB_PORT" -U "$PG_DB_USER" -d "$PG_DB_NAME" -c "CREATE SCHEMA IF NOT EXISTS appsmith;"
@ -160,18 +165,31 @@ init_pg_db() {
# Returns: # Returns:
# None # None
# Example: # Example:
# USER="user" SCHEMA="schema" DB="db" HOST="host" PORT="port" grant_permissions_for_schema # USER="user" SCHEMA="schema" DB="db" HOST="host" PORT="port" grant_permissions_for_local_db_schema
grant_permissions_for_schema() { grant_permissions_for_local_db_schema() {
local user=${USER-$DB_USER} schema=${SCHEMA-$DB_SCHEMA} db=${DB-$DB_NAME} host=${HOST-$DB_HOST} port=${PORT-$DB_PORT} local user=${USER-$DB_USER} schema=${SCHEMA-$DB_SCHEMA} db=${DB-$DB_NAME} host=${HOST-$DB_HOST} port=${PORT-$DB_PORT}
local unix_socket_directory=$(get_unix_socket_directory "$POSTGRES_DB_PATH")
tlog "Granting permissions to user '${user}' on schema '$schema' in database '$db' on host '$host' and port '$port'..." tlog "Granting permissions to user '${user}' on schema '$schema' in database '$db' on host '$host' and port '$port'..."
psql -h ${host} -p ${port} -U ${postgres_admin_user} -d ${db} -c "GRANT ALL PRIVILEGES ON SCHEMA ${schema} TO ${user};" psql -h "$unix_socket_directory" -p "$port" -U "$POSTGRES_ADMIN_USER" -d "$db" -c "GRANT ALL PRIVILEGES ON SCHEMA ${schema} TO ${user};"
psql -h ${host} -p ${port} -U ${postgres_admin_user} -d ${db} -c "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA ${schema} TO ${user};" psql -h "$unix_socket_directory" -p "$port" -U "$POSTGRES_ADMIN_USER" -d "$db" -c "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA ${schema} TO ${user};"
psql -h ${host} -p ${port} -U ${postgres_admin_user} -d ${db} -c "ALTER DEFAULT PRIVILEGES IN SCHEMA ${schema} GRANT ALL PRIVILEGES ON TABLES TO ${user};" psql -h "$unix_socket_directory" -p "$port" -U "$POSTGRES_ADMIN_USER" -d "$db" -c "ALTER DEFAULT PRIVILEGES IN SCHEMA ${schema} GRANT ALL PRIVILEGES ON TABLES TO ${user};"
psql -h ${host} -p ${port} -U ${postgres_admin_user} -d ${db} -c "GRANT CONNECT ON DATABASE ${db} TO ${user};" psql -h "$unix_socket_directory" -p "$port" -U "$POSTGRES_ADMIN_USER" -d "$db" -c "GRANT CONNECT ON DATABASE ${db} TO ${user};"
}
get_unix_socket_directory() {
local postgres_db_path=${1:-"$POSTGRES_DB_PATH"}
local unix_socket_directory
unix_socket_directory=$(grep -E "^unix_socket_directories" "$postgres_db_path/postgresql.conf" | sed -E "s/.*= (.*).*/\1/" | cut -d',' -f1)
# If unix_socket_directory is empty, default to /var/run/postgresql
if [ -z "$unix_socket_directory" ]; then
unix_socket_directory="/var/run/postgresql"
fi
echo "$unix_socket_directory"
} }
# Example usage of the functions # Example usage of the functions
# waitForPostgresAvailability # waitForPostgresAvailability
# extract_postgres_db_params "postgresql://user:password@localhost:5432/dbname" # extract_postgres_db_params "postgresql://user:password@localhost:5432/dbname"
# init_pg_db # init_pg_db
# USER="user" SCHEMA="schema" DB="db" HOST="host" PORT="port" grant_permissions_for_schema # USER="user" SCHEMA="schema" DB="db" HOST="host" PORT="port" grant_permissions_for_local_db_schema
# get_unix_socket_directory "/var/lib/postgresql/12/main"

24
deploy/docker/fs/opt/appsmith/postgres/appsmith_hba.conf Normal file
View File

@ -0,0 +1,24 @@
# This is a custom configuration for Embedded PostgreSQL for Appsmith.
# This file will be used to override the default pg_hba.conf file on restart.
# What is the meaning of this configuration?
# This configuration changes how PostgreSQL authenticates users
# connecting to the database. For user "postgres", we are allowing
# all connections from all addresses without any password on the unix
# socket. For all other users, we are allowing connections from IPv4
# and IPv6 with a password.
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all postgres trust
# IPv4 local connections:
host appsmith appsmith 127.0.0.1/32 scram-sha-256
host postgres appsmith 127.0.0.1/32 scram-sha-256
# IPv6 local connections:
host appsmith appsmith ::1/128 scram-sha-256
host postgres appsmith ::1/128 scram-sha-256
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all scram-sha-256
host replication all 127.0.0.1/32 scram-sha-256
host replication all ::1/128 scram-sha-256

1
deploy/docker/tests/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
docker-compose.yml

81
deploy/docker/tests/composes.sh Normal file
View File

@ -0,0 +1,81 @@
#!/bin/bash
# set -o errexit
# set -x
generate_compose_file() {
local version=$1
check_appsmith_edition
cat <<EOF >${docker_compose_path}
services:
appsmith:
image: index.docker.io/appsmith/appsmith-$edition:$version
container_name: $container_name
ports:
- "80:80"
- "443:443"
volumes:
- ${stacks_path}:/appsmith-stacks
environment:
- APPSMITH_CLOUD_SERVICES_BASE_URL=https://release-cs.appsmith.com
restart: unless-stopped
EOF
}
compose_appsmith_version() {
local version=$1
generate_compose_file $version
docker compose up -d
}
compose_appsmith_latest() {
local version=latest
check_appsmith_edition
generate_compose_file $version
docker compose pull &&
docker compose up -d
}
compose_appsmith_local() {
local version=latest
check_appsmith_edition
cat <<EOF >${docker_compose_path}
services:
appsmith:
image: appsmith/appsmith-local-$edition:$version
container_name: $container_name
ports:
- "80:80"
- "443:443"
volumes:
- ${stacks_path}:/appsmith-stacks
environment:
- APPSMITH_CLOUD_SERVICES_BASE_URL=https://release-cs.appsmith.com
restart: unless-stopped
EOF
docker compose up -d
# return container name
echo "$container_name"
}
cleanup() {
echo "Starting fresh. Cleaning up the environment."
docker rm -f $container_name || true
sudo rm -rf ${stacks_path} || true
}
check_appsmith_edition() {
export edition=ce
if [[ "$(git remote get-url origin)" == *appsmithorg/appsmith-ee* ]]; then
export edition=ee
fi
echo "Edition: $edition"
}
container_name="appsmith-docker-test"
# mkdir -p /tmp/$container_name
stacks_path="/tmp/$container_name-stacks"
docker_compose_path="docker-compose.yml"

279
deploy/docker/tests/test-pg-auth.sh Executable file
View File

@ -0,0 +1,279 @@
#!/bin/bash
set -o errexit
# set -x
source ./composes.sh
# Function to update the APPSMITH_DB_URL in docker.env
# Once postgres is the default db, the APPSMITH_POSTGRES_DB_URL will be removed and this step won't be required anymore
# Check run-java.sh for more details why we need to update the APPSMITH_DB_URL to point to postgres
update_db_url() {
docker exec "${container_name}" bash -c "sed -i 's|^APPSMITH_DB_URL=mongodb|# &|' /appsmith-stacks/configuration/docker.env"
docker exec "${container_name}" bash -c "sed -i 's|^APPSMITH_POSTGRES_DB_URL=|APPSMITH_DB_URL=|' /appsmith-stacks/configuration/docker.env"
}
# Function to check if the Appsmith instance is up
is_appsmith_instance_ready() {
local max_retries=200
local retry_count=0
local response_code
while [ $retry_count -lt $max_retries ]; do
response_code=$(curl -s -o /dev/null -w "%{http_code}" http://localhost/health)
if [[ $response_code -eq 200 ]]; then
echo "Appsmith instance is ready."
return 0
fi
echo "Waiting for Appsmith instance to be ready... (Attempt: $((retry_count + 1)))"
retry_count=$((retry_count + 1))
sleep 2
done
return 1
}
# Function to wait until the postgres is ready
wait_for_postgres() {
local max_retries=200
local retry_count=0
while [ $retry_count -lt $max_retries ]; do
if docker exec "${container_name}" pg_isready; then
echo "Postgres is ready."
return 0
fi
echo "Waiting for Postgres to be ready... (Attempt: $((retry_count + 1)))"
retry_count=$((retry_count + 1))
sleep 2
done
}
# Function to read the password from the PostgreSQL URL in docker.env.sh
get_appsmith_password() {
local password
password=$(docker exec "${container_name}" bash -c "grep -i 'APPSMITH_DB_URL' /appsmith-stacks/configuration/docker.env | sed -n 's/^.*\/\/appsmith:\([^@]*\)@.*$/\1/p'")
printf "%s" "$password"
}
# Function to check the read access to databases
check_user_datasource_access_with_auth() {
local password
local appsmith_user_local_access
local appsmith_user_remote_access
password=$(get_appsmith_password)
docker exec -i "${container_name}" bash -c "psql -h 127.0.0.1 -p 5432 -U appsmith -c '\l'" <<EOF
$password
EOF
appsmith_user_remote_access=$?
docker exec -i "${container_name}" bash -c "psql -p 5432 -U appsmith -c '\l'"
appsmith_user_local_access=$?
# Check if the Appsmith user does not have read access with local unix socket but has read access with local tcp socket
if [[ $appsmith_user_local_access -ne 0 && $appsmith_user_remote_access -eq 0 ]]; then
echo "appsmith user does not have read access to databases with local unix socket: ✅"
echo "appsmith user has read access to databases with local tcp socket: ✅"
local pg_user_local_access
local pg_user_remote_access
# Check if the postgres user has read access to databases with local unix socket
docker exec -i "${container_name}" bash -c "psql -p 5432 -U postgres -d appsmith -c '\l'"
pg_user_local_access=$?
# Check if the postgres user does not have read access to databases with local tcp socket
docker exec -i "${container_name}" bash -c "psql -h 127.0.0.1 -p 5432 -U postgres -d appsmith -c '\l'"
pg_user_remote_access=$?
if [[ $pg_user_local_access -eq 0 && $pg_user_remote_access -ne 0 ]]; then
echo "postgres user has read access to databases with local unix socket: ✅"
echo "postgres user does not have read access to databases with local tcp socket: ✅"
return 0
elif [[ $pg_user_local_access -ne 0 ]]; then
echo "postgres user does not have read access to databases with local unix socket: ❌"
elif [[ $pg_user_remote_access -eq 0 ]]; then
echo "postgres user has read access to databases with local tcp socket: ❌"
fi
elif [[ $appsmith_user_local_access -eq 0 ]]; then
echo "appsmith user has read access to databases with local unix socket: ❌"
elif [[ $appsmith_user_remote_access -ne 0 ]]; then
echo "appsmith user does not have read access to databases with local tcp socket: ❌"
fi
return 1
}
# Function to check if the Appsmith user has read access to databases
check_user_datasource_access_with_host_port_wo_auth() {
docker exec "${container_name}" bash -c "psql -h 127.0.0.1 -p 5432 -U postgres -c '\l'"
return $?
}
# Function to check if the Appsmith user has read access to databases
check_user_datasource_access_with_local_port_wo_auth() {
docker exec "${container_name}" bash -c "psql -p 5432 -U postgres -c '\l'"
return $?
}
# Test to check if the postgres auth is enabled after upgrading from 1.50 to local image
# Expectation:
# 1. Appsmith instance should be able to upgrade from v1.50 to local image
# 2. Postgres user should have read access to databases with local unix socket
# 3. Postgres user should not have read access to databases with tcp socket
# 4. Appsmith user should not have read access to databases with local unix socket
# 5. Appsmith user should have read access to databases with tcp socket
test_postgres_auth_enabled_upgrade_from_150tolocal() {
# Steps:
# 1. Start the Appsmith 1.50 instance
# 2. Check if the Appsmith instance is up
# 3. Check if the postgres user has read access to databases
# 4. Update the APPSMITH_DB_URL in docker.env to point to postgres
# 5. Start the Appsmith local image
# 6. Check if the Appsmith instance is up
# 7. Check if the Appsmith user has read access to databases
# 8. Check if the postgres user has read access to databases
echo "############################################################"
echo "Starting ${FUNCNAME[0]}"
cleanup
# appsmith v1.50 does not have postgres auth enabled
echo "Starting Appsmith 150"
compose_appsmith_version v1.50
# Wait until postgres to come up
wait_for_postgres
# Check if the Appsmith instance is up
if is_appsmith_instance_ready; then
# Check if the postgres user has read access to databases
if check_user_datasource_access_with_host_port_wo_auth; then
echo "postgres user has read access to databases: ✅"
else
# We don't expect the postgres user to not have read access as the auth level is set to trust hence failing the test after this step immediately
echo "postgres user does not have read access to databases: ❌"
exit 1
fi
else
echo "Appsmith instance failed to start."
exit 1
fi
# Update the APPSMITH_DB_URL in docker.env to point to postgres to initialise appsmith user and schema when the container with local image is started
update_db_url
echo "Remove container to reuse the same volume for local image"
docker compose down --timeout 30 # wait upto timeout for graceful shutdown.
# ensure the container exists before trying to remove it
docker compose ps -q "${container_name}" && \
docker compose rm -fsv "${container_name}" || \
echo "Container "${container_name}" does not exist."
echo "Starting Appsmith local to check the auth"
compose_appsmith_local
MAX_RETRIES=10
RETRYSECONDS=5
retry_count=0
while true; do
retry_count=$((retry_count + 1))
if docker exec "${container_name}" pg_isready &&
[ "$(docker exec "${container_name}" bash -c 'cat /appsmith-stacks/data/postgres/main/PG_VERSION')" = "14" ]; then
break
fi
if [ $retry_count -le $MAX_RETRIES ]; then
echo "Waiting for postgres to be up..."
sleep $RETRYSECONDS
else
echo "Test ${FUNCNAME[0]} Failed"
exit 1
fi
done
# Check if the Appsmith instance is up
if is_appsmith_instance_ready; then
# Check if the Appsmith user has read access to databases
if check_user_datasource_access_with_auth; then
echo "Test ${FUNCNAME[0]} Passed ✅"
else
echo "Test ${FUNCNAME[0]} Failed ❌"
exit 1
fi
else
echo "Appsmith instance failed to start."
echo "Test ${FUNCNAME[0]} Failed ❌"
exit 1
fi
}
# Test to check if the postgres auth is enabled after restarting local image
# Expectation:
# 1. Appsmith instance should be able to start to local image with mongodb default uri
# 2. Appsmith instance should be able to restart to local image with postgres uri
# 3. Postgres user should have read access to databases with local unix socket
# 4. Postgres user should not have read access to databases with tcp socket
# 5. Appsmith user should not have read access to databases with local unix socket
# 6. Appsmith user should have read access to databases with tcp socket
test_postgres_auth_enabled_restart_localtolocal() {
# Steps:
# 1. Start the Appsmith local instance with mongodb default uri
# 2. Check if the Appsmith instance is up
# 3. Check if the postgres user has read access to databases
# 4. Update the APPSMITH_DB_URL in docker.env to point to postgres
# 5. Start the Appsmith local image
# 6. Check if the Appsmith instance is up
# 7. Check if the Appsmith user has read access to databases
# 8. Check if the postgres user has read access to databases
echo "############################################################"
echo "Starting ${FUNCNAME[0]}"
cleanup
echo "Starting Appsmith local with mongodb default uri"
compose_appsmith_local
# Wait until postgres to come up
wait_for_postgres
# Check if the Appsmith instance is up
if is_appsmith_instance_ready; then
# Check if the postgres user has read access to databases
if check_user_datasource_access_with_local_port_wo_auth; then
echo "postgres user has read access to databases: ✅"
else
# We don't expect the postgres user to not have read access as the auth level is set to trust hence failing the test after this step immediately
echo "postgres user does not have read access to databases: ❌"
exit 1
fi
else
echo "Appsmith instance failed to start."
exit 1
fi
# Update the APPSMITH_DB_URL in docker.env to point to postgres to initialise appsmith user and schema when the container with local image is started
update_db_url
echo "Remove container to reuse the same volume for local image"
docker compose down --timeout 30 # wait upto timeout for graceful shutdown.
# ensure the container exists before trying to remove it
docker compose ps -q "${container_name}" && \
docker compose rm -fsv "${container_name}" || \
echo "Container "${container_name}" does not exist."
echo "Starting Appsmith local to check the auth"
compose_appsmith_local
wait_for_postgres
# Check if the Appsmith instance is up
if is_appsmith_instance_ready; then
# Check if the Appsmith user has read access to databases
if check_user_datasource_access_with_auth; then
echo "Test ${FUNCNAME[0]} Passed ✅"
else
echo "Test ${FUNCNAME[0]} Failed ❌"
exit 1
fi
else
echo "Appsmith instance failed to start."
echo "Test ${FUNCNAME[0]} Failed ❌"
exit 1
fi
}
container_name="appsmith-docker-test"
test_postgres_auth_enabled_upgrade_from_150tolocal
test_postgres_auth_enabled_restart_localtolocal

13
deploy/docker/tests/test-pg-utils.sh
View File

@ -23,7 +23,7 @@ test_extract_postgres_db_params_valid_db_string() {
exit 1 exit 1
fi fi
echo "Test passed: test_extract_postgres_db_params_valid_db_string" echo "Test passed: ${FUNCNAME[0]}"
} }
test_extract_postgres_db_params_empty_dbname() { test_extract_postgres_db_params_empty_dbname() {
@ -36,7 +36,7 @@ test_extract_postgres_db_params_empty_dbname() {
exit 1 exit 1
fi fi
echo "Test passed: test_extract_postgres_db_params_empty_dbname" echo "Test passed: ${FUNCNAME[0]}"
} }
test_extract_postgres_db_params_with_spaces() { test_extract_postgres_db_params_with_spaces() {
@ -49,7 +49,13 @@ test_extract_postgres_db_params_with_spaces() {
exit 1 exit 1
fi fi
echo "Test passed: test_extract_postgres_db_params_with_spaces" echo "Test passed: ${FUNCNAME[0]}"
}
test_get_unix_socket_directory() {
local unix_socket_directory=$(get_unix_socket_directory)
assert_equals $unix_socket_directory "/var/run/postgresql"
echo "Test passed: ${FUNCNAME[0]}"
} }
echo_params() { echo_params() {
@ -64,5 +70,6 @@ echo_params() {
test_extract_postgres_db_params_valid_db_string test_extract_postgres_db_params_valid_db_string
test_extract_postgres_db_params_empty_dbname test_extract_postgres_db_params_empty_dbname
test_extract_postgres_db_params_with_spaces test_extract_postgres_db_params_with_spaces
test_get_unix_socket_directory
echo "All Tests Pass!" echo "All Tests Pass!"

17
scripts/local_testing.sh
View File

@ -10,7 +10,7 @@ display_help()
echo "If --local or -l is passed, it will build with local changes" echo "If --local or -l is passed, it will build with local changes"
echo "---------------------------------------------------------------------------------------" echo "---------------------------------------------------------------------------------------"
echo echo
echo "Syntax: $0 [-h] [-l] [-r [remote_url]] [branch_name] [cs_url]" echo "Syntax: $0 [-h] [-l] [-r [remote_url]] [branch_name] [tag] [cs_url]"
echo "options:" echo "options:"
echo "-h Print this help" echo "-h Print this help"
echo "-l or --local Use the local codebase and not git" echo "-l or --local Use the local codebase and not git"
@ -50,12 +50,14 @@ if [[ ($LOCAL == true) ]]
then then
pretty_print "Setting up instance with local changes" pretty_print "Setting up instance with local changes"
BRANCH=release BRANCH=release
cs_url=$2 tag=$2
cs_url=$3
elif [[ ($REMOTE == true) ]] elif [[ ($REMOTE == true) ]]
then then
pretty_print "Setting up instance with remote repository branch ..." pretty_print "Setting up instance with remote repository branch ..."
REMOTE_REPOSITORY_URL=$2 REMOTE_REPOSITORY_URL=$2
REMOTE_BRANCH=$3 REMOTE_BRANCH=$3
tag=$4
pretty_print "Please ignore if the following error occurs: remote remote_origin_for_local_test already exists." pretty_print "Please ignore if the following error occurs: remote remote_origin_for_local_test already exists."
git remote add remote_origin_for_local_test $REMOTE_REPOSITORY_URL || git remote set-url remote_origin_for_local_test $REMOTE_REPOSITORY_URL git remote add remote_origin_for_local_test $REMOTE_REPOSITORY_URL || git remote set-url remote_origin_for_local_test $REMOTE_REPOSITORY_URL
git fetch remote_origin_for_local_test git fetch remote_origin_for_local_test
@ -63,7 +65,8 @@ then
git pull remote_origin_for_local_test $REMOTE_BRANCH git pull remote_origin_for_local_test $REMOTE_BRANCH
else else
BRANCH=$1 BRANCH=$1
cs_url=$2 tag=$2
cs_url=$3
pretty_print "Setting up instance to run on branch: $BRANCH" pretty_print "Setting up instance to run on branch: $BRANCH"
cd "$(dirname "$0")"/.. cd "$(dirname "$0")"/..
git fetch origin $BRANCH git fetch origin $BRANCH
@ -72,6 +75,10 @@ else
pretty_print "Local branch is now up to date. Starting server build ..." pretty_print "Local branch is now up to date. Starting server build ..."
fi fi
if [[ -z "$tag" ]]; then
tag=latest
fi
pretty_print "Building Appsmith with tag: $tag"
edition=ce edition=ce
if [[ "$(git remote get-url origin)" == *"/appsmith-ee"* ]]; then if [[ "$(git remote get-url origin)" == *"/appsmith-ee"* ]]; then
edition=ee edition=ee
@ -106,7 +113,7 @@ pretty_print "RTS build successful. Starting Docker build ..."
popd popd
bash "$(dirname "$0")/generate_info_json.sh" bash "$(dirname "$0")/generate_info_json.sh"
docker build -t appsmith/appsmith-ce:local-testing \ docker build -t appsmith/appsmith-local-$edition:$tag \
--build-arg BASE="appsmith/base-$edition:release" \ --build-arg BASE="appsmith/base-$edition:release" \
--build-arg APPSMITH_CLOUD_SERVICES_BASE_URL="${cs_url:-https://release-cs.appsmith.com}" \ --build-arg APPSMITH_CLOUD_SERVICES_BASE_URL="${cs_url:-https://release-cs.appsmith.com}" \
. \ . \
@ -114,4 +121,4 @@ docker build -t appsmith/appsmith-ce:local-testing \
pretty_print "Docker image build successful. Triggering run now ..." pretty_print "Docker image build successful. Triggering run now ..."
(docker stop appsmith || true) && (docker rm appsmith || true) (docker stop appsmith || true) && (docker rm appsmith || true)
docker run -d --name appsmith -p 80:80 -v "$PWD/stacks:/appsmith-stacks" appsmith/appsmith-ce:local-testing && sleep 15 && pretty_print "Local instance is up! Open Appsmith at http://localhost! " docker run -d --name appsmith -p 80:80 -v "$PWD/stacks:/appsmith-stacks" appsmith/appsmith-local-$edition:$tag && sleep 15 && pretty_print "Local instance is up! Open Appsmith at http://localhost! "