tarmak icon indicating copy to clipboard operation
tarmak copied to clipboard

Published 20 hours ago verified publisher icon jetstack

File permissions validations

Open JoshVanL opened this issue 7 years ago • 10 comments

What this PR does / why we need it: Adds validations to ensure 600 permissions on id_rsa, ssh_config and vault_root_token

fixes #170

/assign @charlieegan3

NONE

JoshVanL avatar Jun 29 '18 11:06 JoshVanL

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: To fully approve this pull request, please assign additional approvers. We suggest the following additional approver: mattbates

Assign the PR to them by writing /assign @mattbates in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

jetstack-bot avatar Jun 29 '18 11:06 jetstack-bot

I've looked over this and the code changes look fine.

When I have the incorrect permissions set now I get the following error:

FATA[0005] Tarmak exited with an error: failed to validate tarmak: 2 errors occurred:

* vault root token file '/home/charlieegan3/.tarmak/charlie/vault_root_token' does not match permissions (0600): -r--------
* '/home/charlieegan3/.tarmak/charlie/id_rsa' does not match permissions (0600): -r--------  error="failed to validate tarmak: 2 errors occurred:\n\n* vault root token file '/home/charlieegan3/.tarmak/charlie/vault_root_token' does not match permissions (0600): -r--------\n* '/home/charlieegan3/.tarmak/charlie/id_rsa' does not match permissions (0600): -r--------"

Clearly a huge improvement on the output in #170.

charlieegan3 avatar Jul 02 '18 10:07 charlieegan3

/lgtm

charlieegan3 avatar Jul 02 '18 10:07 charlieegan3

/unassign /assign @simonswine

charlieegan3 avatar Jul 02 '18 10:07 charlieegan3

New changes are detected. LGTM label has been removed.

jetstack-bot avatar Jul 09 '18 14:07 jetstack-bot

@simonswine

JoshVanL avatar Jul 23 '18 15:07 JoshVanL

/assign @simonswine

JoshVanL avatar Jul 30 '18 09:07 JoshVanL

/unassign

JoshVanL avatar Jul 30 '18 09:07 JoshVanL

@JoshVanL: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

jetstack-bot avatar Nov 09 '18 13:11 jetstack-bot

@JoshVanL: The following test failed, say /retest to rerun them all:

Test name Commit Details Rerun command
tarmak-puppet-module-tarmak-acceptance-1-14-centos d5caa32996247afa01a65d4c8c00ce70df6e75dc link /test puppet-tarmak-acceptance-centos v1.14

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

jetstack-bot avatar Apr 11 '19 14:04 jetstack-bot