mirror of
https://github.com/kubernetes/client-go.git
synced 2026-07-01 22:48:09 +00:00
Migrate: use source file permission when writing destination file (#138142)
* Migrate: use source file permission when writing destination file * Mask migrated config file with 0666 to ensure the created file is never executable. Kubernetes-commit: d7091ac255734d59a494ed8c93209a467156f238
This commit is contained in:
committed by
Kubernetes Publisher
parent
ab0d3bd81d
commit
48ec1022ee
2
go.mod
2
go.mod
@@ -23,7 +23,7 @@ require (
|
||||
golang.org/x/time v0.15.0
|
||||
google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af
|
||||
gopkg.in/evanphx/json-patch.v4 v4.13.0
|
||||
k8s.io/api v0.0.0-20260626173204-0669b8f44d17
|
||||
k8s.io/api v0.0.0-20260626213116-2b6c2012d75f
|
||||
k8s.io/apimachinery v0.0.0-20260626172716-6fa8dff7b19f
|
||||
k8s.io/klog/v2 v2.140.0
|
||||
k8s.io/kube-openapi v0.0.0-20260618221249-bc653b64f974
|
||||
|
||||
4
go.sum
4
go.sum
@@ -118,8 +118,8 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
|
||||
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
|
||||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
||||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
k8s.io/api v0.0.0-20260626173204-0669b8f44d17 h1:ugKw3OKEv7LEx9Qy1DyqAZ8coG+a97DrX9yghW7Ert4=
|
||||
k8s.io/api v0.0.0-20260626173204-0669b8f44d17/go.mod h1:7NNJfcrPo0BNrOSUudMNZpLxWf/OYIRNbwS+/yAaJwg=
|
||||
k8s.io/api v0.0.0-20260626213116-2b6c2012d75f h1:WfCuhwj5sO/oWkTS3MovBWuwL7vBXPWn2ROuQf26qok=
|
||||
k8s.io/api v0.0.0-20260626213116-2b6c2012d75f/go.mod h1:7NNJfcrPo0BNrOSUudMNZpLxWf/OYIRNbwS+/yAaJwg=
|
||||
k8s.io/apimachinery v0.0.0-20260626172716-6fa8dff7b19f h1:WAFkshKyNvj5avlHoK0nhd0B0G+O+YUH3ntvUkUmDsE=
|
||||
k8s.io/apimachinery v0.0.0-20260626172716-6fa8dff7b19f/go.mod h1:T9tvL1Yxf+TRVyTz+Q7KtLAncCr9xxxx1zrF6g/QuR0=
|
||||
k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc=
|
||||
|
||||
@@ -300,7 +300,8 @@ func (rules *ClientConfigLoadingRules) Migrate() error {
|
||||
return err
|
||||
}
|
||||
|
||||
if sourceInfo, err := os.Stat(source); err != nil {
|
||||
sourceInfo, err := os.Stat(source)
|
||||
if err != nil {
|
||||
if os.IsNotExist(err) || os.IsPermission(err) {
|
||||
// if the source file doesn't exist or we can't access it, there's no work to do.
|
||||
continue
|
||||
@@ -316,8 +317,8 @@ func (rules *ClientConfigLoadingRules) Migrate() error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// destination is created with mode 0666 before umask
|
||||
err = os.WriteFile(destination, data, 0666)
|
||||
// destination created with source perm, but never executable, and subject to umask
|
||||
err = os.WriteFile(destination, data, sourceInfo.Mode().Perm()&0666)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -656,6 +656,19 @@ func TestMigratingFile(t *testing.T) {
|
||||
if !reflect.DeepEqual(sourceContent, destinationContent) {
|
||||
t.Errorf("source and destination do not match")
|
||||
}
|
||||
|
||||
// destination file permissions should be the same as the source file permissions
|
||||
sourceInfo, err := os.Stat(sourceFile.Name())
|
||||
if err != nil {
|
||||
t.Errorf("unexpected error %v", err)
|
||||
}
|
||||
destinationInfo, err := os.Stat(destinationFile.Name())
|
||||
if err != nil {
|
||||
t.Errorf("unexpected error %v", err)
|
||||
}
|
||||
if destinationInfo.Mode().Perm() != sourceInfo.Mode().Perm() {
|
||||
t.Errorf("expected permissions %v, got %v", sourceInfo.Mode().Perm(), destinationInfo.Mode().Perm())
|
||||
}
|
||||
}
|
||||
|
||||
func TestMigratingFileLeaveExistingFileAlone(t *testing.T) {
|
||||
|
||||
Reference in New Issue
Block a user