fix: user creation during gitlab bootstrap

New user creation is failing during the user-data script when using GitLab 16.8. Error did not occur during 16.7 release. This fix adds a Namespace creation to the script to workaround the error. See: https://gitlab.com/gitlab-org/gitlab/-/issues/439166
awslabs · Jan 25, 2024 · 7ea5952 · 7ea5952
1 parent 58c8648
commit 7ea5952
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/iac/roots/opa-platform/src/scripts/user-data.sh b/iac/roots/opa-platform/src/scripts/user-data.sh
@@ -64,7 +64,8 @@ do
     aws secretsmanager put-secret-value --secret-id opa-admin-gitlab-secrets --secret-string '{"apiToken":"'"$ADMIN_TOKEN"'", "password":"'"$ADMIN_GITLAB_PASSWORD"'", "username":"'"$ADMIN_USERNAME"'", "runnerRegistrationToken":"", "runnerId":""}'
 
     echo "Updating GitLab admin user name, password and token"
-    gitlab-rails runner "u = User.new(username: '$ADMIN_USERNAME', email: 'example@amazon.com', name: '$ADMIN_USERNAME', password: '$ADMIN_GITLAB_PASSWORD', password_confirmation: '$ADMIN_GITLAB_PASSWORD'); u.skip_confirmation!; u.admin = true; u.save!; token = User.find_by_username('$ADMIN_USERNAME').personal_access_tokens.create(scopes: [:read_user, :read_repository, :api, :read_api, :write_repository], name: '$ADMIN_USERNAME-token', expires_at: 365.days.from_now); token.set_token('$ADMIN_TOKEN'); token.save!;"
+    # Explicit namespace created to avoid validation errors.  See GitLab issue: https://gitlab.com/gitlab-org/gitlab/-/issues/439166
+    gitlab-rails runner "n = Namespace.new(name: '$ADMIN_USERNAME', description: '$ADMIN_USERNAME namespace'); u = User.new(username: '$ADMIN_USERNAME', email: '$ADMIN_USERNAME@amazon.com', name: '$ADMIN_USERNAME', password: '$ADMIN_GITLAB_PASSWORD', password_confirmation: '$ADMIN_GITLAB_PASSWORD', admin: true, namespace: n); u.skip_confirmation!; u.save!; token = User.find_by_username('$ADMIN_USERNAME').personal_access_tokens.create(scopes: [:read_user, :read_repository, :api, :read_api, :write_repository], name: '$ADMIN_USERNAME-token', expires_at: 365.days.from_now); token.set_token('$ADMIN_TOKEN'); token.save!;"
 
     GROUP_ID=$(curl --location --request POST 'localhost/api/v4/groups/' --header "PRIVATE-TOKEN: $ADMIN_TOKEN" --header 'Content-Type: application/json' --data-raw '{ "path": "aws-app", "name": "aws-app", "visibility": "internal" }' | jq .id)
     ENV_GROUP_ID=$(curl --location --request POST 'localhost/api/v4/groups/' --header "PRIVATE-TOKEN: $ADMIN_TOKEN" --header 'Content-Type: application/json' --data-raw '{ "path": "aws-environments", "name": "aws-environments", "visibility": "internal" }' | jq .id)