Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(dev-tools): grant privileges to MySQL users properly #659

Merged
merged 1 commit into from
Feb 14, 2024
Merged

fix(dev-tools): grant privileges to MySQL users properly #659

merged 1 commit into from
Feb 14, 2024

Conversation

sjinks
Copy link
Member

@sjinks sjinks commented Feb 14, 2024

The issue was that docker-compose.yml instructed MySQL to create the user: https://github.com/Automattic/vip-cli/blob/trunk/assets/dev-env.lando.template.yml.ejs#L99-L101

As a consequence, if ! mysql -h "$db_host" -u wordpress -pwordpress wordpress -e "SELECT 'testing_db'" >/dev/null 2>&1; then was always false, and we did not grant the user the SET_ANY_DEFINER privilege.

Moreover, the GRANT ALL ON *.* TO 'netapp'@'%'; caused issues later because MySQL grants all privileges to the user only on the specific database. We grant netapp all privileges on all databases, and MySQL was unhappy about it on import: "Access denied; you need (at least one of) the SYSTEM_USER privilege(s) for this operation".

What has changed now:

  • We do not try to create ...@localhost users anymore: MySQL did not do that, and we probably should not either;
  • We grant all privileges to users only on the wordpress database; this corresponds to what MySQL does;
  • We do not check anymore if the user exists. It does (except for very outdated versions of vip-cli), but it does not have the SET_ANY_DEFINER privilege by default. IF NOT EXISTS clauses guard against errors if the user or the database already exists. Duplicate GRANT statements are harmless.

@sjinks sjinks self-assigned this Feb 14, 2024
@sjinks sjinks requested a review from a team as a code owner February 14, 2024 02:19
@github-actions GitHub Actions
Copy link

Trivy Scan Report

ghcr.io/automattic/vip-container-images/dev-tools:0.9 (alpine 3.19.1)

No vulnerabilities found.

@sjinks
Copy link
Member Author

sjinks commented Feb 14, 2024 

$ vip dev-env create --phpmyadmin < /dev/null
Running validation steps...
✓ Check for Docker installation 
✓ Check for docker-compose installation 
✓ Check Docker connectivity 
✓ Check DNS resolution 
This is a wizard to help you set up your local dev environment.

Sensible default values were pre-selected for convenience. You may also choose to create multiple environments with different settings using the --slug option.


 SLUG              vip-local                                                                                          
 LOCATION          /home/volodymyr/.local/share/vip/dev-environment/vip-local                                         
 SERVICES          devtools, nginx, php, database, memcached, phpmyadmin, wordpress, vip-mu-plugins, demo-app-code    
 NGINX URLS        http://vip-local.vipdev.lndo.site/                                                                 
                   https://vip-local.vipdev.lndo.site/                                                                
 PHPMYADMIN URLS   http://vip-local-pma.vipdev.lndo.site/                                                             
 STATUS            DOWN                                                                                               
 LOGIN URL         http://vip-local.vipdev.lndo.site/wp-admin/?vip-dev-autologin=64d35cc3-ad40-4882-af79-38a2aa726187 
 DEFAULT USERNAME  vipgo                                                                                              
 DEFAULT PASSWORD  password                                                                                           
 DOCUMENTATION     https://docs.wpvip.com/technical-references/vip-local-development-environment/                     

✓ environment created.

To start it please run:

vip dev-env start --slug vip-local

$ vip dev-env start
Running validation steps...
✓ Check for Docker installation 
✓ Check for docker-compose installation 
✓ Check Docker connectivity 
✓ Check DNS resolution 
The most recent WordPress version available is: 6.5
Environment WordPress version is: 6.5  ... 😎 nice! 
Current local environment version is: 2.0.2
no container to killNo stopped containers
[+] Building 0.0s (0/0)                                                                                                                                                                                                                                                                                                     
[+] Building 0.0s (0/0)                                                                                                                                                                                                                                                                                                     
[+] Running 1/0
 ✔ Container vip-dev-env-proxy-proxy-1  Running                                                                                                                                                                                                                                                                        0.0s 
[+] Building 0.0s (0/0)                                                                                                                                                                                                                                                                                                     
[+] Running 30/30
 ✔ Network viplocal_default                      Created                                                                                                                                                                                                                                                               0.1s 
 ✔ Volume "viplocal_home_devtools"               Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_home_database"               Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_clientcode_images"           Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_home_php"                    Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_devtools"                    Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_home_demo-app-code"          Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_scripts"                     Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_home_memcached"              Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_clientcode_vipconfig"        Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_home_vip-mu-plugins"         Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_home_nginx"                  Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_database_data"               Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_home_phpmyadmin"             Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_clientcode_plugins"          Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_clientcode_private"          Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_mu-plugins"                  Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_home_wordpress"              Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_clientcode_clientmuPlugins"  Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_clientcode_languages"        Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Volume "viplocal_clientcode_themes"           Created                                                                                                                                                                                                                                                               0.0s 
 ✔ Container viplocal-wordpress-1                Started                                                                                                                                                                                                                                                               2.1s 
 ✔ Container viplocal-database-1                 Started                                                                                                                                                                                                                                                               1.3s 
 ✔ Container viplocal-demo-app-code-1            Started                                                                                                                                                                                                                                                               2.0s 
 ✔ Container viplocal-memcached-1                Started                                                                                                                                                                                                                                                               2.0s 
 ✔ Container viplocal-php-1                      Started                                                                                                                                                                                                                                                               1.2s 
 ✔ Container viplocal-nginx-1                    Started                                                                                                                                                                                                                                                               1.5s 
 ✔ Container viplocal-phpmyadmin-1               Started                                                                                                                                                                                                                                                               2.1s 
 ✔ Container viplocal-devtools-1                 Started                                                                                                                                                                                                                                                               1.3s 
 ✔ Container viplocal-vip-mu-plugins-1           Started                                                                                                                                                                                                                                                               1.6s 
Scanning to determine which services are ready... Please stand by...
Waiting for core files to be copied
Waiting for mu-plugins...
Waiting for MySQL to come online.....
Copying dev-env-plugin.php to mu-plugins
Checking for WordPress installation...
Error: The site you have requested is not installed.
Run `wp core install` to create database tables.
No installation found, installing WordPress...
Success: WordPress installed successfully.
[14-Feb-2024 02:03:58 UTC] VIP Support Role: Added VIP Support role 
[14-Feb-2024 02:03:58 UTC] VIP Support Role: Done upgrade, now at version 2
Success: Added 'view_query_monitor' capability for vipgo (1).
 SLUG              vip-local                                                                                          
 LOCATION          /home/volodymyr/.local/share/vip/dev-environment/vip-local                                         
 SERVICES          devtools, nginx, php, database, memcached, phpmyadmin, wordpress, vip-mu-plugins, demo-app-code    
 NGINX URLS        http://vip-local.vipdev.lndo.site/                                                                 
                   https://vip-local.vipdev.lndo.site/                                                                
 PHPMYADMIN URLS   http://localhost:32791                                                                             
                   http://vip-local-pma.vipdev.lndo.site/                                                             
 DATABASE          127.0.0.1:32789                                                                                    
 STATUS            UP                                                                                                 
 LOGIN URL         http://vip-local.vipdev.lndo.site/wp-admin/?vip-dev-autologin=64d35cc3-ad40-4882-af79-38a2aa726187 
 DEFAULT USERNAME  vipgo                                                                                              
 DEFAULT PASSWORD  password                                                                                           
 DOCUMENTATION     https://docs.wpvip.com/technical-references/vip-local-development-environment/                     

$ vip dev-env import sql db-backup.sql 
Running validation steps...
Finished processing 7274 lines.

Warning: Siteurl/home options not pointing to lando domain on line 308.

Warning: Siteurl/home options not pointing to lando domain on line 1415.

Warning: Siteurl/home options not pointing to lando domain on line 3587.

Warning: Siteurl/home options not pointing to lando domain on line 5922.

Warning: Siteurl/home options not pointing to lando domain on line 6792.

Warning: Siteurl/home options not pointing to lando domain on line 7012.


✅ SET @@SESSION.sql_log_bin statement was found 0 times.
✅ TRIGGER statement was found 0 times.
✅ DROP DATABASE statement was found 0 times.
✅ USE <DATABASE_NAME> statement was found 0 times.
✅ ALTER USER statement was found 0 times.
✅ DROP TABLE was found 223 times.
✅ CREATE TABLE was found 219 times.
 - wp_ prefix tables found: 21 
 - wp_n_ prefix tables found: 198 
✅ ALTER TABLE statement was found 0 times.
✅ SET UNIQUE_CHECKS = 0 was found 0 times.
✅ ENGINE != InnoDB was found 0 times.

mysql: [Warning] Using a password on the command line interface can be insecure.
Success: Database imported.
Success: The cache was flushed.
Success: Created user 311.
Success: User "vipgo" created.

@sjinks sjinks mentioned this pull request Feb 14, 2024
Merged
@sjinks sjinks merged commit 52570bf into master Feb 14, 2024
2 checks passed
@sjinks sjinks deleted the fix/import branch February 14, 2024 04:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rinatkhaziev rinatkhaziev rinatkhaziev approved these changes

Assignees

@sjinks sjinks

Labels
[Status] Needs Review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sjinks @rinatkhaziev