Skip to content

util: set r/x permissions for bundle dirs #3129

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 28, 2020
Merged

util: set r/x permissions for bundle dirs #3129

merged 1 commit into from
May 28, 2020

Conversation

estroz
Copy link
Member

@estroz estroz commented May 28, 2020
edited
Loading

Description of the change: permissions for generated bundle directories now have r/x permissions for all users (0755).

Motivation for the change: automation tooling should be able to read bundle files.

/cc @camilamacedo86 @hasbro17 @jmrodri

/kind bug

@openshift-ci-robot openshift-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label May 28, 2020
hasbro17
hasbro17 approved these changes May 28, 2020
View reviewed changes
Copy link
Contributor

@hasbro17 hasbro17 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
I thought we had a const defined for file permissions.

@estroz estroz force-pushed the bugfix/dir-perms branch from b744450 to f020925 Compare May 28, 2020 08:17
@estroz
Copy link
Member Author

estroz commented May 28, 2020

@hasbro17 we do. I actually switched the perms to os.ModePerm which is what operator-registry does for metadata/.

camilamacedo86
camilamacedo86 reviewed May 28, 2020
View reviewed changes
camilamacedo86
camilamacedo86 approved these changes May 28, 2020
View reviewed changes
Copy link
Contributor

@camilamacedo86 camilamacedo86 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label May 28, 2020
camilamacedo86
camilamacedo86 reviewed May 28, 2020
View reviewed changes
@jmccormick2001
Copy link
Contributor

this is failing still for me, I'm seeing the following permissions on the manifests directory being created which cause the permission error to surface:

jeffmc@breve:~/projects/memcached-operator/deploy/olm-catalog/memcached-operator$ ls -l
total 0
drwxr-x--- 2 jeffmc jeffmc 104 May 28 10:29 manifests
drwxrwxr-x 2 jeffmc jeffmc 30 May 28 10:29 metadata
drwxrwxr-x 3 jeffmc jeffmc 23 May 28 10:29 tests

if I update the permissions of the manifest directory as follows then the test works as normal:

jeffmc@breve:/projects/memcached-operator/deploy/olm-catalog/memcached-operator$ chmod +rx manifests/
jeffmc@breve:/projects/memcached-operator/deploy/olm-catalog/memcached-operator$ ls -l
total 0
drwxr-xr-x 2 jeffmc jeffmc 104 May 28 10:29 manifests
drwxrwxr-x 2 jeffmc jeffmc 30 May 28 10:29 metadata
drwxrwxr-x 3 jeffmc jeffmc 23 May 28 10:29 tests

@jmrodri
Copy link
Member

jmrodri commented May 28, 2020

@estroz @jmccormick2001 seems to me the perm should be 0755 (drwxr-xr-x). Readable and executable by everyone but only writeable by the owner. The previous 0700 (drwx------) is too restrictive and 0777 is wide open. But based on @jmccormick2001 comment seems like even the 777 didn't take.

@estroz
Copy link
Member Author

estroz commented May 28, 2020
edited
Loading

@jmrodri I chose 0777 to match what operator-registry does. I have a feeling they chose these perms because being able to write arbitrary files to a directory isn't a security risk AFAIK. This may actually be a requirement in pipeline scenarios. Thoughts?

Edit: on second thought lets go with 0755. We can update later if we get complaints.

@estroz estroz force-pushed the bugfix/dir-perms branch from f020925 to cdecfb8 Compare May 28, 2020 16:20
@openshift-ci-robot openshift-ci-robot removed the lgtm Indicates that a PR is ready to be merged. label May 28, 2020
@estroz estroz force-pushed the bugfix/dir-perms branch from cdecfb8 to c907102 Compare May 28, 2020 16:24
@estroz estroz changed the title util: set r/w permissions for bundle dirs util: set r/x permissions for bundle dirs May 28, 2020
@estroz estroz force-pushed the bugfix/dir-perms branch from c907102 to baccf29 Compare May 28, 2020 16:28
@jmccormick2001
Copy link
Contributor

perator/
total 0
drwxr-xr-x 2 jeffmc jeffmc 104 May 28 11:47 manifests
drwxrwxr-x 2 jeffmc jeffmc 30 May 28 11:48 metadata
drwxrwxr-x 3 jeffmc jeffmc 23 May 28 11:48 tests
jeffmc@breve:~/projects/memcached-operator$ operator-sdk alpha scorecard ./deploy/olm-catalog/memcached-operator/ --selector=suite=basic
basic-check-spec : pass
CR:
Labels:

bueno.

jmrodri
jmrodri approved these changes May 28, 2020
View reviewed changes
Copy link
Member

@jmrodri jmrodri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label May 28, 2020
@estroz estroz merged commit 90c796c into operator-framework:master May 28, 2020
@estroz estroz deleted the bugfix/dir-perms branch May 28, 2020 17:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@camilamacedo86 camilamacedo86 camilamacedo86 approved these changes

@jmrodri jmrodri jmrodri approved these changes

@hasbro17 hasbro17 hasbro17 approved these changes

Assignees

@jmrodri jmrodri

@camilamacedo86 camilamacedo86

Labels
kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@estroz @jmccormick2001 @jmrodri @hasbro17 @camilamacedo86 @openshift-ci-robot