Implements proper permissions on airship2 generated files

*This commit sets default permissions for .airship directory & config file. *It allows operators to override default permissions in config file Closes: #188 Change-Id: I5713662ecc71b71c0d0bd0f61691d326c7727b0f
2020-07-17 02:49:34 +05:30 · 2020-07-17 02:49:34 +05:30 · 315ed5994b
commit 315ed5994b
parent 1c6427248b
5 changed files with 37 additions and 3 deletions
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@ -52,6 +52,9 @@ type Config struct {
 	// AuthInfos is a map of referenceable names to user configs
 	AuthInfos map[string]*AuthInfo `json:"users"`

+	// Permissions is a struct of permissions for file and directory
+	Permissions Permissions `json:"permissions,omitempty"`
+
 	// Contexts is a map of referenceable names to context configs
 	Contexts map[string]*Context `json:"contexts"`

@ -81,6 +84,12 @@ type Config struct {
 	kubeConfig *clientcmdapi.Config
 }

+// Permissions has the permissions for file and directory
+type Permissions struct {
+	DirectoryPermission uint32
+	FilePermission      uint32
+}
+
 // LoadConfig populates the Config object using the files found at
 // airshipConfigPath and kubeConfigPath
 func (c *Config) LoadConfig(airshipConfigPath, kubeConfigPath string, create bool) error {
@ -418,13 +427,25 @@ func (c *Config) PersistConfig() error {

 	// WriteFile doesn't create the directory, create it if needed
 	configDir := filepath.Dir(c.loadedConfigPath)
-	err = os.MkdirAll(configDir, 0755)
+	err = os.MkdirAll(configDir, os.FileMode(c.Permissions.DirectoryPermission))
 	if err != nil {
 		return err
 	}

 	// Write the Airship Config file
-	err = ioutil.WriteFile(c.loadedConfigPath, airshipConfigYaml, 0600)
+	err = ioutil.WriteFile(c.loadedConfigPath, airshipConfigYaml, os.FileMode(c.Permissions.FilePermission))
+	if err != nil {
+		return err
+	}
+
+	// Change the permission of directory
+	err = os.Chmod(configDir, os.FileMode(c.Permissions.DirectoryPermission))
+	if err != nil {
+		return err
+	}
+
+	// Change the permission of config file
+	err = os.Chmod(c.loadedConfigPath, os.FileMode(c.Permissions.FilePermission))
 	if err != nil {
 		return err
 	}
--- a/pkg/config/constants.go
+++ b/pkg/config/constants.go
@ -45,6 +45,8 @@ const (
 	AirshipConfigVersion                  = "v1alpha1"
 	AirshipDefaultBootstrapInfo           = "default"
 	AirshipDefaultContext                 = "default"
+	AirshipDefaultDirectoryPermission     = 0750
+	AirshipDefaultFilePermission          = 0640
 	AirshipDefaultManagementConfiguration = "default"
 	AirshipDefaultManifest                = "default"
 	AirshipDefaultManifestRepo            = "treasuremap"
--- a/pkg/config/testdata/config-string.yaml
+++ b/pkg/config/testdata/config-string.yaml
@ -47,5 +47,8 @@ manifests:
        url: http://dummy.url.com/manifests.git
    subPath: manifests/site/test-site
    targetPath: /var/tmp/
+permissions:
+  DirectoryPermission: 488
+  FilePermission: 416
 users:
  dummy_user: {}
--- a/pkg/config/utils.go
+++ b/pkg/config/utils.go
@ -42,7 +42,11 @@ func NewConfig() *Config {
 				},
 			},
 		},
-		Clusters:  make(map[string]*ClusterPurpose),
+		Clusters: make(map[string]*ClusterPurpose),
+		Permissions: Permissions{
+			DirectoryPermission: AirshipDefaultDirectoryPermission,
+			FilePermission:      AirshipDefaultFilePermission,
+		},
 		AuthInfos: make(map[string]*AuthInfo),
 		Contexts: map[string]*Context{
 			AirshipDefaultContext: {
--- a/testutil/testconfig.go
+++ b/testutil/testconfig.go
@ -42,6 +42,10 @@ func DummyConfig() *config.Config {
 		AuthInfos: map[string]*config.AuthInfo{
 			"dummy_user": DummyAuthInfo(),
 		},
+		Permissions: config.Permissions{
+			DirectoryPermission: config.AirshipDefaultDirectoryPermission,
+			FilePermission:      config.AirshipDefaultFilePermission,
+		},
 		BootstrapInfo: map[string]*config.Bootstrap{
 			"dummy_bootstrap_config": DummyBootstrapInfo(),
 		},