From f80a75d1b17d32e3debaa916a6c971e7228a89a1 Mon Sep 17 00:00:00 2001 From: Cedric Lamoriniere Date: Thu, 17 Sep 2020 12:20:00 +0200 Subject: [PATCH] Apply suggestions from code review Co-authored-by: Olivier Vielpeau --- pkg/secrets/check_rights_nix.go | 4 ++-- pkg/secrets/check_rights_nix_test.go | 2 +- ...c-perm-for-the-SecretBackend-command-a7fbe1ece1fad50b.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/secrets/check_rights_nix.go b/pkg/secrets/check_rights_nix.go index 74add04db8f44..87bdcc269bf79 100644 --- a/pkg/secrets/check_rights_nix.go +++ b/pkg/secrets/check_rights_nix.go @@ -61,7 +61,7 @@ func checkGroupPermission(stat *syscall.Stat_t, usr *user.User, userGroups []str if fmt.Sprintf("%d", stat.Uid) == usr.Uid { isUserFile = true } - // If the file is not own by the user, lets check for on of his groups + // If the file is not owned by the user, let's check for one of his groups if !isUserFile { var isGroupFile bool for _, userGroup := range userGroups { @@ -76,7 +76,7 @@ func checkGroupPermission(stat *syscall.Stat_t, usr *user.User, userGroups []str // Check that *group* can at least exec. if stat.Mode&(syscall.S_IXGRP) == 0 { - return fmt.Errorf("invalid executable: '%s' is not readable or executable by group", path) + return fmt.Errorf("invalid executable: '%s' is not executable by group", path) } } diff --git a/pkg/secrets/check_rights_nix_test.go b/pkg/secrets/check_rights_nix_test.go index e63d86d993eaf..34537d85fe1ca 100644 --- a/pkg/secrets/check_rights_nix_test.go +++ b/pkg/secrets/check_rights_nix_test.go @@ -56,7 +56,7 @@ func TestGroupOtherRights(t *testing.T) { allowGroupExec = true - // event if allowGroupExec=true, group may have no permission + // even if allowGroupExec=true, group may have no permission require.Nil(t, os.Chmod(tmpfile.Name(), 0700)) require.Nil(t, checkRights(tmpfile.Name(), allowGroupExec)) diff --git a/releasenotes-dca/Add-Group-exec-perm-for-the-SecretBackend-command-a7fbe1ece1fad50b.yaml b/releasenotes-dca/Add-Group-exec-perm-for-the-SecretBackend-command-a7fbe1ece1fad50b.yaml index 9277ad48b515b..9a7a7759b3f88 100644 --- a/releasenotes-dca/Add-Group-exec-perm-for-the-SecretBackend-command-a7fbe1ece1fad50b.yaml +++ b/releasenotes-dca/Add-Group-exec-perm-for-the-SecretBackend-command-a7fbe1ece1fad50b.yaml @@ -2,7 +2,7 @@ enhancements: - | Add new configuration parameter to allow 'GroupExec' permission on the secret-backend command. - Set to 'true' the new parameter 'secret_backend_command_allow_group_exec_perm' to activate it. + The new parameter ('secret_backend_command_allow_group_exec_perm') is now enabled by default in the cluster-agent image. fixes: - | Fix 'readsecret.sh' permission in Cluster-Agent dockerfiles that removes `other` permission.