From ec934f9dc4d3aff6eaa237e9793aa0a73635d0fd Mon Sep 17 00:00:00 2001 From: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Date: Thu, 6 Jul 2023 23:05:52 +0300 Subject: [PATCH] chore(autoperms): add an `enabled` flag (#482) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit **Description** ⚒️ Fixes # **⚙️ Type of change** - [ ] ⚙️ Feature/App addition - [ ] 🪛 Bugfix - [ ] ⚠️ Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] 🔃 Refactor of current code **🧪 How Has This Been Tested?** **📃 Notes:** **✔️ Checklist:** - [ ] ⚖️ My code follows the style guidelines of this project - [ ] 👀 I have performed a self-review of my own code - [ ] #️⃣ I have commented my code, particularly in hard-to-understand areas - [ ] 📄 I have made corresponding changes to the documentation - [ ] ⚠️ My changes generate no new warnings - [ ] 🧪 I have added tests to this description that prove my fix is effective or that my feature works - [ ] ⬆️ I increased versions for any altered app according to semantic versioning **➕ App addition** If this PR is an app addition please make sure you have done the following. - [ ] 🪞 I have opened a PR on [truecharts/containers](https://github.com/truecharts/containers) adding the container to TrueCharts mirror repo. - [ ] 🖼️ I have added an icon in the Chart's root directory called `icon.png` --- _Please don't blindly check all the boxes. Read them and only check those that apply. Those checkboxes are there for the reviewer to see what is this all about and the status of this PR with a quick glance._ --- .../ci/autopermissions-values.yaml | 5 ++- .../tests/addons/autoperms_test.yaml | 34 +++++++++++++++++++ library/common/Chart.yaml | 2 +- .../common/templates/addons/vpn/_volume.tpl | 2 ++ .../templates/lib/container/_volumeMounts.tpl | 4 +-- library/common/templates/lib/pod/_volumes.tpl | 2 +- .../common/templates/lib/util/_autoperms.tpl | 28 ++++++++------- 7 files changed, 59 insertions(+), 18 deletions(-) diff --git a/library/common-test/ci/autopermissions-values.yaml b/library/common-test/ci/autopermissions-values.yaml index f154dd8d..bc35ca93 100644 --- a/library/common-test/ci/autopermissions-values.yaml +++ b/library/common-test/ci/autopermissions-values.yaml @@ -44,7 +44,10 @@ persistence: autopermissions: enabled: true type: hostPath - setPermissions: true + autoPermissions: + enabled: true + chown: true + chmod: 775 hostPath: /usr mountPath: /hptest hostPathType: "" diff --git a/library/common-test/tests/addons/autoperms_test.yaml b/library/common-test/tests/addons/autoperms_test.yaml index f0cf93d0..b965b752 100644 --- a/library/common-test/tests/addons/autoperms_test.yaml +++ b/library/common-test/tests/addons/autoperms_test.yaml @@ -15,6 +15,7 @@ tests: enabled: true type: hostPath autoPermissions: + enabled: true chown: true chmod: 770 recursive: true @@ -24,6 +25,7 @@ tests: enabled: true type: hostPath autoPermissions: + enabled: true chown: true chmod: 770 recursive: false @@ -33,6 +35,7 @@ tests: enabled: true type: hostPath autoPermissions: + enabled: true chmod: 770 mountPath: /test3 hostPath: /testhost3 @@ -40,6 +43,7 @@ tests: enabled: true type: hostPath autoPermissions: + enabled: true chown: true mountPath: /test4 hostPath: /testhost4 @@ -56,6 +60,7 @@ tests: mountPath: /test6 hostPath: /testhost6 autoPermissions: + enabled: true chown: true chmod: 770 recursive: true @@ -65,6 +70,7 @@ tests: enabled: true type: emptyDir autoPermissions: + enabled: true chown: true chmod: 770 recursive: true @@ -75,8 +81,18 @@ tests: server: 1.1.1.1 path: /share autoPermissions: + enabled: true chown: true mountPath: /test9 + # Should not show up, without enabled true + test10: + type: hostPath + hostPath: /testhost10 + autoPermissions: + enabled: true + chown: true + mountPath: /test10 + asserts: - documentIndex: &jobDoc 0 isKind: @@ -317,6 +333,7 @@ tests: enabled: true type: hostPath autoPermissions: + enabled: true chown: true chmod: 770 recursive: true @@ -326,6 +343,7 @@ tests: enabled: true type: hostPath autoPermissions: + enabled: true chown: true chmod: 770 recursive: false @@ -335,6 +353,7 @@ tests: enabled: true type: hostPath autoPermissions: + enabled: true chmod: 770 mountPath: /test3 hostPath: /testhost3 @@ -342,6 +361,7 @@ tests: enabled: true type: hostPath autoPermissions: + enabled: true chown: true mountPath: /test4 hostPath: /testhost4 @@ -358,6 +378,7 @@ tests: mountPath: /test6 hostPath: /testhost6 autoPermissions: + enabled: true chown: true chmod: 770 recursive: true @@ -367,6 +388,7 @@ tests: enabled: true type: emptyDir autoPermissions: + enabled: true chown: true chmod: 770 recursive: true @@ -376,6 +398,7 @@ tests: type: ixVolume datasetName: test autoPermissions: + enabled: true chown: true chmod: 770 recursive: true @@ -386,8 +409,16 @@ tests: server: 1.1.1.1 path: /share autoPermissions: + enabled: true chown: true mountPath: /test9 + # Should not show up, without enabled true + test10: + type: ixVolume + datasetName: test + autoPermissions: + chown: true + mountPath: /test10 asserts: - documentIndex: *jobDoc isKind: @@ -662,6 +693,7 @@ tests: enabled: true type: hostPath autoPermissions: + enabled: true chown: true chmod: 770 recursive: true @@ -710,6 +742,7 @@ tests: type: device hostPath: /test autoPermissions: + enabled: true chown: true asserts: - failedTemplate: @@ -730,6 +763,7 @@ tests: hostPath: /test readOnly: true autoPermissions: + enabled: true chmod: 770 asserts: - failedTemplate: diff --git a/library/common/Chart.yaml b/library/common/Chart.yaml index f4c809af..6b65ceea 100644 --- a/library/common/Chart.yaml +++ b/library/common/Chart.yaml @@ -15,4 +15,4 @@ maintainers: name: common sources: null type: library -version: 12.14.6 +version: 12.14.7 diff --git a/library/common/templates/addons/vpn/_volume.tpl b/library/common/templates/addons/vpn/_volume.tpl index 956608f2..b6a8f1ac 100644 --- a/library/common/templates/addons/vpn/_volume.tpl +++ b/library/common/templates/addons/vpn/_volume.tpl @@ -52,6 +52,7 @@ type: hostPath hostPath: {{ .Values.addons.vpn.configFile | default "/vpn" }} hostPathType: "File" autoPermissions: + enabled: true chown: true user: 568 group: 568 @@ -73,6 +74,7 @@ enabled: true type: hostPath hostPath: {{ .Values.addons.vpn.configFolder | quote }} autoPermissions: + enabled: true chown: true user: 568 group: 568 diff --git a/library/common/templates/lib/container/_volumeMounts.tpl b/library/common/templates/lib/container/_volumeMounts.tpl index b19aa46d..027cdc4f 100644 --- a/library/common/templates/lib/container/_volumeMounts.tpl +++ b/library/common/templates/lib/container/_volumeMounts.tpl @@ -90,7 +90,7 @@ objectData: The object data to be used to render the container. {{- $return = true -}} {{/* Set custom path on autopermissions container */}} {{- if and (eq $objectData.shortName "autopermissions") $persistenceValues.autoPermissions -}} - {{- if or $persistenceValues.autoPermissions.chown $persistenceValues.autoPermissions.chmod -}} + {{- if $persistenceValues.autoPermissions.enabled -}} {{- $return = true -}} {{- $_ := set $volMount "mountPath" (printf "/mounts/%v" $persistenceName) -}} {{- end -}} @@ -99,7 +99,7 @@ objectData: The object data to be used to render the container. {{/* If the container is the autopermission */}} {{- else if (eq $objectData.shortName "autopermissions") -}} {{- if $persistenceValues.autoPermissions -}} - {{- if or $persistenceValues.autoPermissions.chown $persistenceValues.autoPermissions.chmod -}} + {{- if $persistenceValues.autoPermissions.enabled -}} {{- $return = true -}} {{- $_ := set $volMount "mountPath" (printf "/mounts/%v" $persistenceName) -}} {{- end -}} diff --git a/library/common/templates/lib/pod/_volumes.tpl b/library/common/templates/lib/pod/_volumes.tpl index bcd4cfc6..d054c2d0 100644 --- a/library/common/templates/lib/pod/_volumes.tpl +++ b/library/common/templates/lib/pod/_volumes.tpl @@ -22,7 +22,7 @@ objectData: The object data to be used to render the Pod. {{/* If the pod is the autopermission */}} {{- else if eq $objectData.shortName "autopermissions" -}} {{- if $persistence.autoPermissions -}} - {{- if or $persistence.autoPermissions.chown $persistence.autoPermissions.chmod -}} + {{- if $persistence.autoPermissions.enabled -}} {{- $selected = true -}} {{- end -}} {{- end -}} diff --git a/library/common/templates/lib/util/_autoperms.tpl b/library/common/templates/lib/util/_autoperms.tpl index 69261db8..3c46fe85 100644 --- a/library/common/templates/lib/util/_autoperms.tpl +++ b/library/common/templates/lib/util/_autoperms.tpl @@ -12,22 +12,24 @@ {{- range $name, $mount := .Values.persistence -}} {{- if and $mount.enabled $mount.autoPermissions -}} {{/* If autoPermissions is enabled...*/}} - {{- if or $mount.autoPermissions.chown $mount.autoPermissions.chmod -}} - {{- $type := $.Values.fallbackDefaults.persistenceType -}} - {{- if $mount.type -}} - {{- $type = $mount.type -}} - {{- end -}} + {{- if $mount.autoPermissions.enabled -}} + {{- if or $mount.autoPermissions.chown $mount.autoPermissions.chmod -}} + {{- $type := $.Values.fallbackDefaults.persistenceType -}} + {{- if $mount.type -}} + {{- $type = $mount.type -}} + {{- end -}} - {{- if not (mustHas $type $permAllowedTypes) -}} - {{- fail (printf "Auto Permissions - Allowed persistent types for auto permissions are [%v], but got [%v] on [%v]" (join ", " $permAllowedTypes) $type $name) -}} - {{- end -}} + {{- if not (mustHas $type $permAllowedTypes) -}} + {{- fail (printf "Auto Permissions - Allowed persistent types for auto permissions are [%v], but got [%v] on [%v]" (join ", " $permAllowedTypes) $type $name) -}} + {{- end -}} - {{- if $mount.readOnly -}} - {{- fail (printf "Auto Permissions - You cannot change permissions/ownership automatically on [%v] with readOnly enabled" $name) -}} - {{- end -}} + {{- if $mount.readOnly -}} + {{- fail (printf "Auto Permissions - You cannot change permissions/ownership automatically on [%v] with readOnly enabled" $name) -}} + {{- end -}} - {{/* Add some data regarding what actions to perform */}} - {{- $_ := set $mounts $name $mount.autoPermissions -}} + {{/* Add some data regarding what actions to perform */}} + {{- $_ := set $mounts $name $mount.autoPermissions -}} + {{- end -}} {{- end -}} {{- end -}} {{- end -}}