MAAS

Merge ~r00ta/maas:lp-2026802 into maas:master

  1. Git
  2. lp:~r00ta/maas
  3. lp-2026802
  4. Merge into master
Proposed by Jacopo Rota
Status: Merged
Approved by: Jacopo Rota
Approved revision: 06e64fcd915665ae9e3127787f5eee3b48d875ca
Merge reported by: MAAS Lander
Merged at revision: not available
Proposed branch: ~r00ta/maas:lp-2026802
Merge into: maas:master
Diff against target: 26 lines (+6/-1)
2 files modified
src/provisioningserver/utils/env.py (+1/-1)
src/tests/provisioningserver/utils/test_env.py (+5/-0)
Reviewer Review Type Date Requested Status
MAAS Lander Approve
Adam Collard (community) Approve
Review via email: mp+446480@code.launchpad.net

Commit message

Fix rack secret permissions

Description of the change

This MP aims to fix https://bugs.launchpad.net/maas/+bug/2026802 .

In particular, with 44ff8e0feca45b2c67f9e9fc9dd932c683011831 we refactored the way we store secrets on the filesystems and we started using the function `atomic_write` from `utils/fs.py`. But by default that function creates the file with `0o600` permissions, while for the secrets we need `0o640`.

To post a comment you must log in.
Revision history for this message
Adam Collard (adam-collard) :
review: Approve
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b lp-2026802 lp:~r00ta/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: 06e64fcd915665ae9e3127787f5eee3b48d875ca

review: Approve
Revision history for this message
MAAS Lander (maas-lander) wrote :

LANDING
-b lp-2026802 lp:~r00ta/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: FAILED BUILD
LOG: http://maas-ci.internal:8080/job/maas-tester/2951/console

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/src/provisioningserver/utils/env.py b/src/provisioningserver/utils/env.py
index 4ea40f8..f0c32a0 100644
--- a/src/provisioningserver/utils/env.py
+++ b/src/provisioningserver/utils/env.py
@@ -80,7 +80,7 @@ class FileBackedValue:
80 else:80 else:
81 # ensure the parent dirs exist81 # ensure the parent dirs exist
82 self.path.parent.mkdir(exist_ok=True)82 self.path.parent.mkdir(exist_ok=True)
83 atomic_write(value.encode("ascii"), self.path)83 atomic_write(value.encode("ascii"), self.path, mode=0o640)
84 self._value = value84 self._value = value
8585
86 def _normalise_value(self, value: Optional[str]) -> Optional[str]:86 def _normalise_value(self, value: Optional[str]) -> Optional[str]:
diff --git a/src/tests/provisioningserver/utils/test_env.py b/src/tests/provisioningserver/utils/test_env.py
index dba8b77..f123f4a 100644
--- a/src/tests/provisioningserver/utils/test_env.py
+++ b/src/tests/provisioningserver/utils/test_env.py
@@ -198,3 +198,8 @@ class TestFileBackedValue:
198 file_value.path.write_text("new content")198 file_value.path.write_text("new content")
199 # the file is read again199 # the file is read again
200 assert file_value.get() == "new content"200 assert file_value.get() == "new content"
201
202 def test_set_default_permission(self, factory, file_value):
203 factory.make_name("contents")
204 file_value.set("content")
205 assert (file_value.path.stat().st_mode & 0o777) == 0o640

Subscribers

People subscribed via source and target branches