Implements proper permissions on airship2 generated files
*This commit sets default permissions for .airship directory & config file. *It allows operators to override default permissions in config file Closes: #188 Change-Id: I5713662ecc71b71c0d0bd0f61691d326c7727b0f
This commit is contained in:
parent
1c6427248b
commit
315ed5994b
@ -52,6 +52,9 @@ type Config struct {
|
||||
// AuthInfos is a map of referenceable names to user configs
|
||||
AuthInfos map[string]*AuthInfo `json:"users"`
|
||||
|
||||
// Permissions is a struct of permissions for file and directory
|
||||
Permissions Permissions `json:"permissions,omitempty"`
|
||||
|
||||
// Contexts is a map of referenceable names to context configs
|
||||
Contexts map[string]*Context `json:"contexts"`
|
||||
|
||||
@ -81,6 +84,12 @@ type Config struct {
|
||||
kubeConfig *clientcmdapi.Config
|
||||
}
|
||||
|
||||
// Permissions has the permissions for file and directory
|
||||
type Permissions struct {
|
||||
DirectoryPermission uint32
|
||||
FilePermission uint32
|
||||
}
|
||||
|
||||
// LoadConfig populates the Config object using the files found at
|
||||
// airshipConfigPath and kubeConfigPath
|
||||
func (c *Config) LoadConfig(airshipConfigPath, kubeConfigPath string, create bool) error {
|
||||
@ -418,13 +427,25 @@ func (c *Config) PersistConfig() error {
|
||||
|
||||
// WriteFile doesn't create the directory, create it if needed
|
||||
configDir := filepath.Dir(c.loadedConfigPath)
|
||||
err = os.MkdirAll(configDir, 0755)
|
||||
err = os.MkdirAll(configDir, os.FileMode(c.Permissions.DirectoryPermission))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Write the Airship Config file
|
||||
err = ioutil.WriteFile(c.loadedConfigPath, airshipConfigYaml, 0600)
|
||||
err = ioutil.WriteFile(c.loadedConfigPath, airshipConfigYaml, os.FileMode(c.Permissions.FilePermission))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Change the permission of directory
|
||||
err = os.Chmod(configDir, os.FileMode(c.Permissions.DirectoryPermission))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Change the permission of config file
|
||||
err = os.Chmod(c.loadedConfigPath, os.FileMode(c.Permissions.FilePermission))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -45,6 +45,8 @@ const (
|
||||
AirshipConfigVersion = "v1alpha1"
|
||||
AirshipDefaultBootstrapInfo = "default"
|
||||
AirshipDefaultContext = "default"
|
||||
AirshipDefaultDirectoryPermission = 0750
|
||||
AirshipDefaultFilePermission = 0640
|
||||
AirshipDefaultManagementConfiguration = "default"
|
||||
AirshipDefaultManifest = "default"
|
||||
AirshipDefaultManifestRepo = "treasuremap"
|
||||
|
3
pkg/config/testdata/config-string.yaml
vendored
3
pkg/config/testdata/config-string.yaml
vendored
@ -47,5 +47,8 @@ manifests:
|
||||
url: http://dummy.url.com/manifests.git
|
||||
subPath: manifests/site/test-site
|
||||
targetPath: /var/tmp/
|
||||
permissions:
|
||||
DirectoryPermission: 488
|
||||
FilePermission: 416
|
||||
users:
|
||||
dummy_user: {}
|
||||
|
@ -42,7 +42,11 @@ func NewConfig() *Config {
|
||||
},
|
||||
},
|
||||
},
|
||||
Clusters: make(map[string]*ClusterPurpose),
|
||||
Clusters: make(map[string]*ClusterPurpose),
|
||||
Permissions: Permissions{
|
||||
DirectoryPermission: AirshipDefaultDirectoryPermission,
|
||||
FilePermission: AirshipDefaultFilePermission,
|
||||
},
|
||||
AuthInfos: make(map[string]*AuthInfo),
|
||||
Contexts: map[string]*Context{
|
||||
AirshipDefaultContext: {
|
||||
|
@ -42,6 +42,10 @@ func DummyConfig() *config.Config {
|
||||
AuthInfos: map[string]*config.AuthInfo{
|
||||
"dummy_user": DummyAuthInfo(),
|
||||
},
|
||||
Permissions: config.Permissions{
|
||||
DirectoryPermission: config.AirshipDefaultDirectoryPermission,
|
||||
FilePermission: config.AirshipDefaultFilePermission,
|
||||
},
|
||||
BootstrapInfo: map[string]*config.Bootstrap{
|
||||
"dummy_bootstrap_config": DummyBootstrapInfo(),
|
||||
},
|
||||
|
Loading…
x
Reference in New Issue
Block a user