Fix stanley_rsa permissions via postStart pod lifecycle hook by cognifloyd · Pull Request #219 · StackStorm/stackstorm-k8s
Navigation Menu
{{ message }}
StackStorm / stackstorm-k8s Public
- Notifications You must be signed in to change notification settings
- Fork 119
Merged
arm4b merged 7 commits intoStackStorm:masterfrom
Jul 10, 2021Merged
Fix stanley_rsa permissions via postStart pod lifecycle hook#219
arm4b merged 7 commits intoStackStorm:masterfrom
Fix stanley_rsa permissions via postStart pod lifecycle hook#219
arm4b merged 7 commits intoStackStorm:masterfrom
Conversation
Copy link Copy Markdown
Member
I extracted this change from #206.
Use the postStart lifecycle event in st2actionrunner and st2client pods to correct file permissions on the stanley ssh private key.
Includes a test to ensure the key permissions are correct.
see:
https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
- Fix stanley_rsa file permissions with postStart lifecycle hook script for st2actionrunner and st2client
- bash needs to run the script directly not with -c
- make the ssh key writable so we can change permissions at runtime
- mount ssh-key to separate directory, cp, and fix permissions
- add test for stanley_rsa file ownership
- use st2 as test intermediary
- add changelog entry
Fixes #84
pull-request-size
bot
added
the
size/M
label
Jul 8, 2021
cognifloyd
force-pushed
the
stanley_rsa-permissions
branch
from
7ddca4a to
0a87e8a
Compare
cognifloyd
mentioned this pull request
cognifloyd added 7 commits
July 7, 2021 20:30Add chown command to postStart lifecycle hook for actionrunner and st2client pods
cognifloyd
force-pushed
the
stanley_rsa-permissions
branch
from
0a87e8a to
a6e4ab1
Compare
This was referenced
Jul 8, 2021
cognifloyd
requested a review
from arm4b
arm4b reviewed Jul 10, 2021
| assert_line --partial 'succeeded: true' | ||
| } | ||
|
|
||
| @test 'stanley_rsa file has correct permissions and ownership' { |
Copy link Copy Markdown
Member
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 Thanks for the tests!
arm4b approved these changes Jul 10, 2021
Copy link Copy Markdown
Member
arm4b
left a comment
arm4b
left a comment
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's an elegant solution, thanks for contributing this fix 👍
arm4b
merged commit
b2d31f3
into
StackStorm:master
cognifloyd
removed
the
RFR
label
cognifloyd
deleted the
stanley_rsa-permissions
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
2 participants