Skip to content

Commit

Permalink
storage: change default file permissions
Browse files Browse the repository at this point in the history
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
  • Loading branch information
hiddeco committed Nov 3, 2023
1 parent a8a8196 commit 1a27148
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 19 deletions.
12 changes: 6 additions & 6 deletions internal/controller/gitrepository_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"

"github.com/fluxcd/pkg/apis/meta"
"github.com/fluxcd/pkg/git"
"github.com/fluxcd/pkg/gittestserver"
"github.com/fluxcd/pkg/runtime/conditions"
conditionscheck "github.com/fluxcd/pkg/runtime/conditions/check"
Expand All @@ -56,7 +57,6 @@ import (
"github.com/fluxcd/pkg/ssh"
"github.com/fluxcd/pkg/testserver"

"github.com/fluxcd/pkg/git"
sourcev1 "github.com/fluxcd/source-controller/api/v1"
serror "github.com/fluxcd/source-controller/internal/error"
"github.com/fluxcd/source-controller/internal/features"
Expand Down Expand Up @@ -970,7 +970,7 @@ func TestGitRepositoryReconciler_reconcileArtifact(t *testing.T) {
},
afterFunc: func(t *WithT, obj *sourcev1.GitRepository) {
t.Expect(obj.GetArtifact()).ToNot(BeNil())
t.Expect(obj.GetArtifact().Digest).To(Equal("sha256:60a3bf69f337cb5ec9ebd00abefbb6e7f2a2cf27158ecf438d52b2035b184172"))
t.Expect(obj.GetArtifact().Digest).To(Equal("sha256:34d9af1a2fcfaef3ee9487d67dc2d642bc7babdb9444a5f60d1f32df32e4de7d"))
t.Expect(obj.Status.IncludedArtifacts).ToNot(BeEmpty())
},
want: sreconcile.ResultSuccess,
Expand Down Expand Up @@ -1005,7 +1005,7 @@ func TestGitRepositoryReconciler_reconcileArtifact(t *testing.T) {
},
afterFunc: func(t *WithT, obj *sourcev1.GitRepository) {
t.Expect(obj.GetArtifact()).ToNot(BeNil())
t.Expect(obj.GetArtifact().Digest).To(Equal("sha256:11f7f007dce5619bd79e6c57688261058d09f5271e802463ac39f2b9ead7cabd"))
t.Expect(obj.GetArtifact().Digest).To(Equal("sha256:a17037f96f541a47bdadcd12ab40b943c50a9ffd25dc8a30a5e9af52971fd94f"))
},
want: sreconcile.ResultSuccess,
assertConditions: []metav1.Condition{
Expand All @@ -1020,7 +1020,7 @@ func TestGitRepositoryReconciler_reconcileArtifact(t *testing.T) {
},
afterFunc: func(t *WithT, obj *sourcev1.GitRepository) {
t.Expect(obj.GetArtifact()).ToNot(BeNil())
t.Expect(obj.GetArtifact().Digest).To(Equal("sha256:29186e024dde5a414cfc990829c6b2e85f6b3bd2d950f50ca9f418f5d2261d79"))
t.Expect(obj.GetArtifact().Digest).To(Equal("sha256:ad9943d761b30e943e2a770ea9083a40fc03f09846efd61f6c442cc48fefad11"))
},
want: sreconcile.ResultSuccess,
assertConditions: []metav1.Condition{
Expand All @@ -1036,7 +1036,7 @@ func TestGitRepositoryReconciler_reconcileArtifact(t *testing.T) {
},
afterFunc: func(t *WithT, obj *sourcev1.GitRepository) {
t.Expect(obj.GetArtifact()).ToNot(BeNil())
t.Expect(obj.GetArtifact().Digest).To(Equal("sha256:60a3bf69f337cb5ec9ebd00abefbb6e7f2a2cf27158ecf438d52b2035b184172"))
t.Expect(obj.GetArtifact().Digest).To(Equal("sha256:34d9af1a2fcfaef3ee9487d67dc2d642bc7babdb9444a5f60d1f32df32e4de7d"))
},
want: sreconcile.ResultSuccess,
assertConditions: []metav1.Condition{
Expand Down Expand Up @@ -1075,7 +1075,7 @@ func TestGitRepositoryReconciler_reconcileArtifact(t *testing.T) {
t.Run(tt.name, func(t *testing.T) {
g := NewWithT(t)

resetChmod(tt.dir, 0o755, 0o644)
resetChmod(tt.dir, 0o750, 0o600)

r := &GitRepositoryReconciler{
EventRecorder: record.NewFakeRecorder(32),
Expand Down
10 changes: 5 additions & 5 deletions internal/controller/ocirepository_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1810,7 +1810,7 @@ func TestOCIRepository_reconcileArtifact(t *testing.T) {
"latest.tar.gz",
},
afterFunc: func(g *WithT, obj *ociv1.OCIRepository) {
g.Expect(obj.Status.Artifact.Digest).To(Equal("sha256:de37cb640bfe6c789f2b131416d259747d5757f7fe5e1d9d48f32d8c30af5934"))
g.Expect(obj.Status.Artifact.Digest).To(Equal("sha256:6a5bd135a816ec0ad246c41cfdd87629e40ef6520001aeb2d0118a703abe9e7a"))
},
assertConditions: []metav1.Condition{
*conditions.TrueCondition(sourcev1.ArtifactInStorageCondition, meta.SucceededReason, "stored artifact for digest"),
Expand All @@ -1828,7 +1828,7 @@ func TestOCIRepository_reconcileArtifact(t *testing.T) {
"latest.tar.gz",
},
afterFunc: func(g *WithT, obj *ociv1.OCIRepository) {
g.Expect(obj.Status.Artifact.Digest).To(Equal("sha256:05aada03e3e3e96f5f85a8f31548d833974ce862be14942fb3313eef2df861ec"))
g.Expect(obj.Status.Artifact.Digest).To(Equal("sha256:9102e9c8626e48821a91a4963436f1673cd85f8fb3deb843c992f85b995c38ea"))
},
assertConditions: []metav1.Condition{
*conditions.TrueCondition(sourcev1.ArtifactInStorageCondition, meta.SucceededReason, "stored artifact for digest"),
Expand Down Expand Up @@ -2019,10 +2019,10 @@ func TestOCIRepository_reconcileArtifact(t *testing.T) {
tt.afterFunc(g, obj)
}

for _, path := range tt.assertPaths {
for _, p := range tt.assertPaths {
localPath := testStorage.LocalPath(*obj.GetArtifact())
path = filepath.Join(filepath.Dir(localPath), path)
_, err := os.Lstat(path)
p = filepath.Join(filepath.Dir(localPath), p)
_, err := os.Lstat(p)
g.Expect(err).ToNot(HaveOccurred())
}
})
Expand Down
6 changes: 3 additions & 3 deletions internal/controller/storage.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,11 +49,11 @@ const GarbageCountLimit = 1000

const (
// defaultFileMode is the permission mode applied to files inside an artifact archive.
defaultFileMode int64 = 0o644
defaultFileMode int64 = 0o600
// defaultDirMode is the permission mode applied to all directories inside an artifact archive.
defaultDirMode int64 = 0o755
defaultDirMode int64 = 0o750
// defaultExeFileMode is the permission mode applied to executable files inside an artifact archive.
defaultExeFileMode int64 = 0o744
defaultExeFileMode int64 = 0o700
)

// Storage manages artifacts
Expand Down
10 changes: 5 additions & 5 deletions internal/helm/repository/chart_repository_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -456,7 +456,7 @@ func TestChartRepository_StrategicallyLoadIndex(t *testing.T) {
g := NewWithT(t)

i := filepath.Join(t.TempDir(), "index.yaml")
g.Expect(os.WriteFile(i, []byte(`apiVersion: v1`), 0o644)).To(Succeed())
g.Expect(os.WriteFile(i, []byte(`apiVersion: v1`), 0o600)).To(Succeed())

r := newChartRepository()
r.Path = i
Expand Down Expand Up @@ -498,7 +498,7 @@ func TestChartRepository_LoadFromPath(t *testing.T) {
g := NewWithT(t)

i := filepath.Join(t.TempDir(), "index.yaml")
g.Expect(os.WriteFile(i, []byte(`apiVersion: v1`), 0o644)).To(Succeed())
g.Expect(os.WriteFile(i, []byte(`apiVersion: v1`), 0o600)).To(Succeed())

r := newChartRepository()
r.Path = i
Expand Down Expand Up @@ -532,7 +532,7 @@ func TestChartRepository_Digest(t *testing.T) {
g := NewWithT(t)

p := filepath.Join(t.TempDir(), "index.yaml")
g.Expect(repo.NewIndexFile().WriteFile(p, 0o644)).To(Succeed())
g.Expect(repo.NewIndexFile().WriteFile(p, 0o600)).To(Succeed())

r := newChartRepository()
r.Path = p
Expand Down Expand Up @@ -563,7 +563,7 @@ func TestChartRepository_Digest(t *testing.T) {
expect := digest.Digest("sha256:fake")

i := filepath.Join(t.TempDir(), "index.yaml")
g.Expect(os.WriteFile(i, []byte(`apiVersion: v1`), 0o644)).To(Succeed())
g.Expect(os.WriteFile(i, []byte(`apiVersion: v1`), 0o600)).To(Succeed())

r := newChartRepository()
r.Path = i
Expand All @@ -589,7 +589,7 @@ func TestChartRepository_HasFile(t *testing.T) {
g.Expect(r.HasFile()).To(BeFalse())

i := filepath.Join(t.TempDir(), "index.yaml")
g.Expect(os.WriteFile(i, []byte(`apiVersion: v1`), 0o644)).To(Succeed())
g.Expect(os.WriteFile(i, []byte(`apiVersion: v1`), 0o600)).To(Succeed())
r.Path = i
g.Expect(r.HasFile()).To(BeTrue())
}
Expand Down

0 comments on commit 1a27148

Please sign in to comment.