WorkingDir inherit permissions of parent directory #7983
Conversation
tekton-robot
added
release-note
tekton-robot
added
the
size/L
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/assign @vdemeester |
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
chitrangpatel
force-pushed
the
fix-workingdir-init-permissions
branch
from
8996c9c
to
b47ec86
Compare
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
chitrangpatel
force-pushed
the
fix-workingdir-init-permissions
branch
from
b47ec86
to
764baa9
Compare
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
| @@ -473,7 +473,6 @@ func TestPodBuild(t *testing.T) { | |||
| Image: images.WorkingDirInitImage, | |||
| Command: []string{"/ko-app/workingdirinit"}, | |||
| Args: []string{filepath.Join(pipeline.WorkspaceDir, "test")}, | |||
| WorkingDir: pipeline.WorkspaceDir, | |||
There was a problem hiding this comment.
Shall we keep this for backwards-compatibility? and add a new one without it?
There was a problem hiding this comment.
No need. The workingDir only enabled creating directories inside the /workspace folder. We already account for it. It does not matter what the workingDir is since the init container only handles absolute paths now.
| @@ -61,12 +60,11 @@ func TestWorkingDirInit(t *testing.T) { | |||
| Name: "working-dir-initializer", | |||
| Image: images.WorkingDirInitImage, | |||
| Command: []string{"/ko-app/workingdirinit"}, | |||
| Args: []string{"/workspace/bbb", "aaa", "zzz"}, | |||
| WorkingDir: pipeline.WorkspaceDir, | |||
There was a problem hiding this comment.
ditto: shall we adding test cases instead of updating those?
There was a problem hiding this comment.
Again. I think the interesting bit is how this is used in conjunction with the init container. These are the arguments that we pass to the init container. We cannot keep things partially compatible. The eventual outcome is backwards compatible though.
If this is worrisome then I'm happy to split things up as they were. I just think this is cleaner and a transparent change so users shouldn't be affected by it.
Prior to this PR, workingDirInit did not deal handle permissions of nested child directories in workingDirs. This PR provides the same permissions as that of the existing parent directory. This allows non-root users to also create relative sub diectories in a workspace if used as a workingDir. Fixes tektoncd#7804.
chitrangpatel
force-pushed
the
fix-workingdir-init-permissions
branch
from
764baa9
to
5993c98
Compare
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
tekton-robot
added
the
do-not-merge/work-in-progress
Prior to this PR, workingDirInit did not deal handle permissions of nested child directories in workingDirs. This PR provides the same permissions as that of the existing parent directory. This allows non-root users to also create relative sub diectories in a workspace if used as a workingDir.
Fixes #7804.
Changes
If the complete path in used as the workingDir already exists, the permissions are not modified.
Only non-existent child directories are created with the same permissions as the existing parent.
Submitter Checklist
As the author of this PR, please check off the items in this checklist:
/kind <type>. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tepRelease Notes
/kind bug