Create file permission constants

2018-06-12 08:40:40 -04:00 · 2018-06-12 08:40:40 -04:00 · 7ded31d7a8
commit 7ded31d7a8
parent 79199dd84c
7 changed files with 29 additions and 32 deletions
--- a/internal/file/filesystem.go
+++ b/internal/file/filesystem.go
@ -25,6 +25,12 @@ import (
 	"k8s.io/kubernetes/pkg/util/filesystem"
 )
 // ReadWriteByUser defines linux permission to read and write files for the owner user
 const ReadWriteByUser = 0660
 // ReadByUserGroup defines linux permission to read files by the user and group owner/s
 const ReadByUserGroup = 0640
 // Filesystem is an interface that we can use to mock various filesystem operations
 type Filesystem interface {
 	filesystem.Filesystem
@ -35,7 +41,7 @@ func NewLocalFS() (Filesystem, error) {
 	fs := filesystem.DefaultFs{}
 	for _, directory := range directories {
-		err := fs.MkdirAll(directory, 0777)
+		err := fs.MkdirAll(directory, ReadWriteByUser)
 		if err != nil {
 			return nil, err
 		}
--- a/internal/ingress/annotations/auth/main.go
+++ b/internal/ingress/annotations/auth/main.go
@ -19,8 +19,6 @@ package auth
 import (
 	"fmt"
 	"io/ioutil"
 	"os"
 	"path"
 	"regexp"
 	"github.com/pkg/errors"
@ -86,17 +84,6 @@ type auth struct {
 // NewParser creates a new authentication annotation parser
 func NewParser(authDirectory string, r resolver.Resolver) parser.IngressAnnotation {
 	os.MkdirAll(authDirectory, 0755)
 	currPath := authDirectory
 	for currPath != "/" {
 		currPath = path.Dir(currPath)
 		err := os.Chmod(currPath, 0755)
 		if err != nil {
 			break
 		}
 	}
 	return auth{r, authDirectory}
 }
@ -157,8 +144,7 @@ func dumpSecret(filename string, secret *api.Secret) error {
 		}
 	}
-	// TODO: check permissions required
+	err := ioutil.WriteFile(filename, val, file.ReadWriteByUser)
 	err := ioutil.WriteFile(filename, val, 0777)
 	if err != nil {
 		return ing_errors.LocationDenied{
 			Reason: errors.Wrap(err, "unexpected error creating password file"),
--- a/internal/ingress/controller/checker_test.go
+++ b/internal/ingress/controller/checker_test.go
@ -27,6 +27,7 @@ import (
 	"k8s.io/apiserver/pkg/server/healthz"
 	"k8s.io/kubernetes/pkg/util/filesystem"
 	"k8s.io/ingress-nginx/internal/file"
 	ngx_config "k8s.io/ingress-nginx/internal/ingress/controller/config"
 )
@ -60,7 +61,7 @@ func TestNginxCheck(t *testing.T) {
 	})
 	// create pid file
-	fs.MkdirAll("/tmp", 0655)
+	fs.MkdirAll("/tmp", file.ReadWriteByUser)
 	pidFile, err := fs.Create(nginxPID)
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
--- a/internal/ingress/controller/nginx.go
+++ b/internal/ingress/controller/nginx.go
@ -423,7 +423,7 @@ func (n NGINXController) testTemplate(cfg []byte) error {
 		return err
 	}
 	defer tmpfile.Close()
-	err = ioutil.WriteFile(tmpfile.Name(), cfg, 0644)
+	err = ioutil.WriteFile(tmpfile.Name(), cfg, file.ReadWriteByUser)
 	if err != nil {
 		return err
 	}
@ -647,7 +647,7 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error {
 				return err
 			}
 			defer tmpfile.Close()
-			err = ioutil.WriteFile(tmpfile.Name(), content, 0644)
+			err = ioutil.WriteFile(tmpfile.Name(), content, file.ReadWriteByUser)
 			if err != nil {
 				return err
 			}
@ -666,7 +666,7 @@ func (n *NGINXController) OnUpdate(ingressCfg ingress.Configuration) error {
 		}
 	}
-	err = ioutil.WriteFile(cfgPath, content, 0644)
+	err = ioutil.WriteFile(cfgPath, content, file.ReadWriteByUser)
 	if err != nil {
 		return err
 	}
--- a/internal/ingress/controller/store/store.go
+++ b/internal/ingress/controller/store/store.go
@ -699,7 +699,7 @@ func (s *k8sStore) setConfig(cmap *corev1.ConfigMap) {
 			glog.Warningf("unexpected error decoding key ssl-session-ticket-key: %v", err)
 			s.backendConfig.SSLSessionTicketKey = ""
 		}
-		ioutil.WriteFile("/etc/nginx/tickets.key", d, 0644)
+		ioutil.WriteFile("/etc/nginx/tickets.key", d, file.ReadWriteByUser)
 	}
 }
--- a/internal/net/dns/dns_test.go
+++ b/internal/net/dns/dns_test.go
@ -21,6 +21,8 @@ import (
 	"net"
 	"os"
 	"testing"
 	"k8s.io/ingress-nginx/internal/file"
 )
 func TestGetDNSServers(t *testing.T) {
@ -32,22 +34,22 @@ func TestGetDNSServers(t *testing.T) {
 		t.Error("expected at least 1 nameserver in /etc/resolv.conf")
 	}
-	file, err := ioutil.TempFile("", "fw")
+	f, err := ioutil.TempFile("", "fw")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	defer file.Close()
+	defer f.Close()
-	defer os.Remove(file.Name())
+	defer os.Remove(f.Name())
-	ioutil.WriteFile(file.Name(), []byte(`
+	ioutil.WriteFile(f.Name(), []byte(`
 	# comment
 	; comment
 	nameserver 2001:4860:4860::8844
 	nameserver 2001:4860:4860::8888
 	nameserver 8.8.8.8
-	`), 0644)
+	`), file.ReadWriteByUser)
-	defResolvConf = file.Name()
+	defResolvConf = f.Name()
 	s, err = GetSystemNameServers()
 	if err != nil {
 		t.Fatalf("unexpected error reading /etc/resolv.conf file: %v", err)
--- a/internal/watch/file_watcher_test.go
+++ b/internal/watch/file_watcher_test.go
@ -21,6 +21,8 @@ import (
 	"os"
 	"testing"
 	"time"
 	"k8s.io/ingress-nginx/internal/file"
 )
 func prepareTimeout() chan bool {
@ -33,15 +35,15 @@ func prepareTimeout() chan bool {
 }
 func TestFileWatcher(t *testing.T) {
-	file, err := ioutil.TempFile("", "fw")
+	f, err := ioutil.TempFile("", "fw")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
-	defer file.Close()
+	defer f.Close()
-	defer os.Remove(file.Name())
+	defer os.Remove(f.Name())
 	count := 0
 	events := make(chan bool, 10)
-	fw, err := NewFileWatcher(file.Name(), func() {
+	fw, err := NewFileWatcher(f.Name(), func() {
 		count++
 		if count != 1 {
 			t.Fatalf("expected 1 but returned %v", count)
@ -58,7 +60,7 @@ func TestFileWatcher(t *testing.T) {
 		t.Fatalf("expected no events before writing a file")
 	case <-timeoutChan:
 	}
-	ioutil.WriteFile(file.Name(), []byte{}, 0644)
+	ioutil.WriteFile(f.Name(), []byte{}, file.ReadWriteByUser)
 	select {
 	case <-events:
 	case <-timeoutChan: