Fix restoring the password pepper for already configured instances #683
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We normally skip settings restore when restoring into an already configured instance. This is to not overwrite / reset settings unexpectedly. This is fine for all settings, except for the password pepper. The password pepper is associated with the MySQL data and GitHub passwords used there, so it needs to be restored always together with the MySQL restore. This moves the pepper restore to always be done together with the MySQL restore. We always here update the variable used here since the `restore-secret` function expects $GHE_RESTORE_SNAPSHOT_PATH to be set. We had a differently named variable in the MySQL restore with the same value, so that variable was renamed to match the `restore-secret` expectation so it can find the backed up password pepper.
ryansimmen
approved these changes
Jan 18, 2021
|
nice, is there a backport for this coming soon @dbussink? |
@amulyaraja I don't think a backport is needed here? 3.0.0 will afaik be tagged from |
|
no backport is needed. We will release from master. |
Merged
timreimherr
added a commit
that referenced
this pull request
Oct 24, 2023
…imherr/build-and-release-edit Backport 679 for 3.7: Remove file rename step in build-and-release workflow
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We normally skip settings restore when restoring into an already configured instance. This is to not overwrite / reset settings
unexpectedly. This is fine for all settings, except for the password pepper.
The password pepper is associated with the MySQL data and GitHub passwords used there, so it needs to be restored always together with the MySQL restore.
This moves the pepper restore to always be done together with the MySQL restore. We always here update the variable used here since the
restore-secretfunction expects $GHE_RESTORE_SNAPSHOT_PATH to be set. We had a differently named variable in the MySQL restore with the same value, so that variable was renamed to match therestore-secretexpectation so it can find the backed up password pepper.