diff --git a/internal/dataplane/util/ansible_execution.go b/internal/dataplane/util/ansible_execution.go index a5addc974..0a50ed875 100644 --- a/internal/dataplane/util/ansible_execution.go +++ b/internal/dataplane/util/ansible_execution.go @@ -30,6 +30,7 @@ import ( corev1 "k8s.io/api/core/v1" k8serrors "k8s.io/apimachinery/pkg/api/errors" apimachineryvalidation "k8s.io/apimachinery/pkg/util/validation" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" networkv1 "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1" @@ -324,7 +325,7 @@ func SetAeeSSHMounts( sshKeyMountSubPath = fmt.Sprintf("ssh_key_%s", sshKeyNodeName) sshKeyMountPath = fmt.Sprintf("/runner/env/ssh_key/%s", sshKeyMountSubPath) - CreateVolume(ansibleEEMounts, sshKeyName, sshKeyMountSubPath, sshKeySecret, "ssh-privatekey") + CreateVolume(ansibleEEMounts, sshKeyName, sshKeyMountSubPath, sshKeySecret, "ssh-privatekey", ptr.To(int32(0600))) CreateVolumeMount(ansibleEEMounts, sshKeyName, sshKeyMountPath, sshKeyMountSubPath) } } @@ -361,18 +362,20 @@ func SetAeeInvMounts( inventoryMountPath = "/runner/inventory/hosts" } - CreateVolume(ansibleEEMounts, inventoryName, inventoryName, inventorySecrets[nodeName], "inventory") + CreateVolume(ansibleEEMounts, inventoryName, inventoryName, inventorySecrets[nodeName], "inventory", nil) CreateVolumeMount(ansibleEEMounts, inventoryName, inventoryMountPath, inventoryName) } } // CreateVolume creates a volume configuration for Ansible Execution Environment mounts -func CreateVolume(ansibleEEMounts *storage.VolMounts, volumeName string, volumeMountPath string, secretName string, keyToPathKey string) { +// If defaultMode is nil, Kubernetes default (0644) is used +func CreateVolume(ansibleEEMounts *storage.VolMounts, volumeName string, volumeMountPath string, secretName string, keyToPathKey string, defaultMode *int32) { volume := storage.Volume{ Name: volumeName, VolumeSource: storage.VolumeSource{ Secret: &corev1.SecretVolumeSource{ - SecretName: secretName, + SecretName: secretName, + DefaultMode: defaultMode, Items: []corev1.KeyToPath{ { Key: keyToPathKey, diff --git a/test/kuttl/tests/dataplane-deploy-global-service-test/01-assert.yaml b/test/kuttl/tests/dataplane-deploy-global-service-test/01-assert.yaml index b92baff25..a4f302632 100644 --- a/test/kuttl/tests/dataplane-deploy-global-service-test/01-assert.yaml +++ b/test/kuttl/tests/dataplane-deploy-global-service-test/01-assert.yaml @@ -162,7 +162,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-global secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-global @@ -258,7 +258,7 @@ spec: volumes: - name: ssh-key-edpm-compute-global secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-global @@ -362,7 +362,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-global secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-global @@ -460,7 +460,7 @@ spec: volumes: - name: ssh-key-edpm-compute-global secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-global @@ -558,7 +558,7 @@ spec: volumes: - name: ssh-key-edpm-compute-global secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-global @@ -656,7 +656,7 @@ spec: volumes: - name: ssh-key-edpm-compute-global secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-global @@ -808,7 +808,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-global secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-global @@ -917,7 +917,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-global secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-global @@ -1056,7 +1056,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-global secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-global @@ -1165,7 +1165,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-global secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-global @@ -1274,7 +1274,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-global secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-global @@ -1383,7 +1383,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-global secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-global @@ -1492,7 +1492,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-global secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-global @@ -1631,7 +1631,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-global secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-global diff --git a/test/kuttl/tests/dataplane-deploy-global-service-test/02-assert.yaml b/test/kuttl/tests/dataplane-deploy-global-service-test/02-assert.yaml index b1f78f83a..bc67e74f6 100644 --- a/test/kuttl/tests/dataplane-deploy-global-service-test/02-assert.yaml +++ b/test/kuttl/tests/dataplane-deploy-global-service-test/02-assert.yaml @@ -151,7 +151,7 @@ spec: volumes: - name: ssh-key-edpm-compute-beta-nodeset secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-beta-nodeset @@ -254,7 +254,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-beta-nodeset secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-beta-nodeset diff --git a/test/kuttl/tests/dataplane-deploy-multiple-secrets/02-assert.yaml b/test/kuttl/tests/dataplane-deploy-multiple-secrets/02-assert.yaml index 554345c71..3e8b9e8c4 100644 --- a/test/kuttl/tests/dataplane-deploy-multiple-secrets/02-assert.yaml +++ b/test/kuttl/tests/dataplane-deploy-multiple-secrets/02-assert.yaml @@ -212,7 +212,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-openstack-edpm-tls secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_openstack-edpm-tls @@ -319,7 +319,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-openstack-edpm-tls secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_openstack-edpm-tls diff --git a/test/kuttl/tests/dataplane-deploy-no-nodes-test/01-assert.yaml b/test/kuttl/tests/dataplane-deploy-no-nodes-test/01-assert.yaml index 2bda8af19..3b7fafb8b 100644 --- a/test/kuttl/tests/dataplane-deploy-no-nodes-test/01-assert.yaml +++ b/test/kuttl/tests/dataplane-deploy-no-nodes-test/01-assert.yaml @@ -147,7 +147,7 @@ spec: volumes: - name: ssh-key-edpm-compute-no-nodes secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-no-nodes @@ -252,7 +252,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-no-nodes secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-no-nodes @@ -352,7 +352,7 @@ spec: volumes: - name: ssh-key-edpm-compute-no-nodes secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-no-nodes @@ -452,7 +452,7 @@ spec: volumes: - name: ssh-key-edpm-compute-no-nodes secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-no-nodes @@ -552,7 +552,7 @@ spec: volumes: - name: ssh-key-edpm-compute-no-nodes secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-no-nodes @@ -700,7 +700,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-no-nodes secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-no-nodes @@ -810,7 +810,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-no-nodes secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-no-nodes @@ -950,7 +950,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-no-nodes secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-no-nodes @@ -1060,7 +1060,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-no-nodes secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-no-nodes @@ -1170,7 +1170,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-no-nodes secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-no-nodes @@ -1280,7 +1280,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-no-nodes secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-no-nodes @@ -1390,7 +1390,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-no-nodes secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-no-nodes @@ -1530,7 +1530,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-no-nodes secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-no-nodes diff --git a/test/kuttl/tests/dataplane-deploy-no-nodes-test/02-assert.yaml b/test/kuttl/tests/dataplane-deploy-no-nodes-test/02-assert.yaml index 88cb2d32f..16b3c18b0 100644 --- a/test/kuttl/tests/dataplane-deploy-no-nodes-test/02-assert.yaml +++ b/test/kuttl/tests/dataplane-deploy-no-nodes-test/02-assert.yaml @@ -90,7 +90,7 @@ spec: volumes: - name: ssh-key-edpm-compute-no-nodes secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-no-nodes diff --git a/test/kuttl/tests/dataplane-deploy-no-nodes-test/04-assert.yaml b/test/kuttl/tests/dataplane-deploy-no-nodes-test/04-assert.yaml index 049a87c8e..d11666214 100644 --- a/test/kuttl/tests/dataplane-deploy-no-nodes-test/04-assert.yaml +++ b/test/kuttl/tests/dataplane-deploy-no-nodes-test/04-assert.yaml @@ -165,7 +165,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-no-nodes secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-no-nodes diff --git a/test/kuttl/tests/dataplane-deploy-no-nodes-test/06-assert.yaml b/test/kuttl/tests/dataplane-deploy-no-nodes-test/06-assert.yaml index 7cfeb3cef..07566a5fa 100644 --- a/test/kuttl/tests/dataplane-deploy-no-nodes-test/06-assert.yaml +++ b/test/kuttl/tests/dataplane-deploy-no-nodes-test/06-assert.yaml @@ -157,7 +157,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-beta-nodeset secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-beta-nodeset @@ -258,7 +258,7 @@ spec: volumes: - name: ssh-key-edpm-compute-beta-nodeset secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-beta-nodeset diff --git a/test/kuttl/tests/dataplane-deploy-no-nodes-test/07-assert.yaml b/test/kuttl/tests/dataplane-deploy-no-nodes-test/07-assert.yaml index ce057fd14..32c1b4ca8 100644 --- a/test/kuttl/tests/dataplane-deploy-no-nodes-test/07-assert.yaml +++ b/test/kuttl/tests/dataplane-deploy-no-nodes-test/07-assert.yaml @@ -85,7 +85,7 @@ spec: volumes: - name: ssh-key-edpm-compute-no-nodes secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-no-nodes diff --git a/test/kuttl/tests/dataplane-deploy-tls-test/02-assert.yaml b/test/kuttl/tests/dataplane-deploy-tls-test/02-assert.yaml index d91df3c37..822f53935 100644 --- a/test/kuttl/tests/dataplane-deploy-tls-test/02-assert.yaml +++ b/test/kuttl/tests/dataplane-deploy-tls-test/02-assert.yaml @@ -249,7 +249,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-openstack-edpm-tls secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_openstack-edpm-tls @@ -361,7 +361,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-openstack-edpm-tls secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_openstack-edpm-tls diff --git a/test/kuttl/tests/dataplane-deploy-tls-test/03-assert.yaml b/test/kuttl/tests/dataplane-deploy-tls-test/03-assert.yaml index f9769a336..e4d6f62b2 100644 --- a/test/kuttl/tests/dataplane-deploy-tls-test/03-assert.yaml +++ b/test/kuttl/tests/dataplane-deploy-tls-test/03-assert.yaml @@ -234,7 +234,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-openstack-edpm-tls secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_openstack-edpm-tls @@ -345,7 +345,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-openstack-edpm-tls secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_openstack-edpm-tls diff --git a/test/kuttl/tests/dataplane-extramounts/00-assert.yaml b/test/kuttl/tests/dataplane-extramounts/00-assert.yaml index 9378776b4..f9a49ca68 100644 --- a/test/kuttl/tests/dataplane-extramounts/00-assert.yaml +++ b/test/kuttl/tests/dataplane-extramounts/00-assert.yaml @@ -119,7 +119,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-extramounts secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-extramounts diff --git a/test/kuttl/tests/dataplane-service-config/00-assert.yaml b/test/kuttl/tests/dataplane-service-config/00-assert.yaml index 02692c4ee..2fdbdc962 100644 --- a/test/kuttl/tests/dataplane-service-config/00-assert.yaml +++ b/test/kuttl/tests/dataplane-service-config/00-assert.yaml @@ -172,7 +172,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-no-nodes secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-no-nodes diff --git a/test/kuttl/tests/dataplane-service-custom-image/00-assert.yaml b/test/kuttl/tests/dataplane-service-custom-image/00-assert.yaml index ea8adfa90..09c48ba92 100644 --- a/test/kuttl/tests/dataplane-service-custom-image/00-assert.yaml +++ b/test/kuttl/tests/dataplane-service-custom-image/00-assert.yaml @@ -141,7 +141,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-no-nodes-custom-svc secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-no-nodes-custom-svc diff --git a/test/kuttl/tests/dataplane-service-failure/00-assert.yaml b/test/kuttl/tests/dataplane-service-failure/00-assert.yaml index c7c3e05df..874414526 100644 --- a/test/kuttl/tests/dataplane-service-failure/00-assert.yaml +++ b/test/kuttl/tests/dataplane-service-failure/00-assert.yaml @@ -102,7 +102,7 @@ spec: secretName: combined-ca-bundle - name: ssh-key-edpm-compute-no-nodes secret: - defaultMode: 420 + defaultMode: 384 items: - key: ssh-privatekey path: ssh_key_edpm-compute-no-nodes