fix(executor): change script file permissions to 0o644 and add test for non-root user creating a script #6905
Conversation
|
You'll also need to update one of the e2e Golang files. |
bobh66
force-pushed
the
fix-stage-files-for-nonroot
branch
from
6316b17 to
c8e5ba9
Compare
|
@alexec Is anything more required to get approval to run the test? |
bobh66
force-pushed
the
fix-stage-files-for-nonroot
branch
from
c8e5ba9 to
757c0be
Compare
|
@alexec I fixed a bug in the test file name - please re-run the tests. Thanks |
|
Hi All, Just circling back to see if this issue has been fixed yet. I would love to be able to use scripts! Also, I do not want to be a sap on the community and would love to help, but I am really new to Go. If you have a suggestion on how I a novice can start helping, please let me know! |
|
@wdna - this is broken in master and in v3.2.0 but not in v3.1.13, so if you use the v3.1.13 release for your work you should be able to use scripts, until this fix can get released |
|
@bobh66 Thank you, I will try 3.1.13 |
Codecov Report
@@ Coverage Diff @@
## master #6905 +/- ##
==========================================
+ Coverage 48.53% 48.54% +0.01%
==========================================
Files 265 265
Lines 19259 19263 +4
==========================================
+ Hits 9348 9352 +4
+ Misses 8860 8859 -1
- Partials 1051 1052 +1
Continue to review full report at Codecov.
|
bobh66
force-pushed
the
fix-stage-files-for-nonroot
branch
from
757c0be to
9db206b
Compare
| @@ -251,7 +251,7 @@ func (we *WorkflowExecutor) StageFiles() error { | |||
| default: | |||
| return nil | |||
| } | |||
| err := ioutil.WriteFile(filePath, body, 0o600) | |||
| err := ioutil.WriteFile(filePath, body, 0o644) | |||
There was a problem hiding this comment.
We could probably get this fix out to v3.1 and v3.2 soon. @sarabala1979
bobh66
force-pushed
the
fix-stage-files-for-nonroot
branch
from
9db206b to
f3f07aa
Compare
bobh66
changed the title
bobh66
force-pushed
the
fix-stage-files-for-nonroot
branch
from
f3f07aa to
33b181d
Compare
|
@alexec I don't know enough about golang to know what this lint error is trying to tell me. |
|
Running “make lint” will fix the lint |
Signed-off-by: Bob Haddleton <bob.haddleton@nokia.com>
bobh66
force-pushed
the
fix-stage-files-for-nonroot
branch
from
33b181d to
9b000a9
Compare
…#6905) Signed-off-by: Bob Haddleton <bob.haddleton@nokia.com> Signed-off-by: kriti-sc <kathuriakriti1@gmail.com>
|
@sarabala1979 can this make the next patch release please? |
|
@AlexC or @sarabala1979 Can you tell me if the below error is related to this thread? I am trying to implement a script. Argo seems to compress and write as expected, but produces an error immediately after. In trying to read through the error, it appears that either the writing failed or Argo cannot speak to the sourcecode. I am guessing that the writing failed, but I have no way to test and debug this. Suggestions would be greatly appreciated. |
Signed-off-by: Bob Haddleton <bob.haddleton@nokia.com>
Fixes #6643
This change adds a test to catch the case where the WorkflowExecutor.StageFiles() method creates a script file that is not readable by group/other, so execution of the script by the main container fails when there is a securityContext that specifies runAsNonRoot.
I'm pushing this first to make sure that the E2E test fails as expected before I push the fix, which is to revert a change in StageFiles() that changed the file permissions to 600 from 644.