Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Explicitly defining permissions for files in the compiled directory #1118

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

[WIP] Explicitly defining permissions for files in the compiled directory #1118

wants to merge 3 commits into from

Conversation

metacoma
Copy link
Contributor

@metacoma metacoma commented Jan 18, 2024
edited

Fixes #506

Proposed Changes

Include permissions in the input section to explicitly define access rights for files in compiled directories

Example:

      kapitan:
        compile:
          - input_paths:
              - templates/scripts
            output_path: scripts
            input_type: jinja2
            permissions:
              -
                # https://docs.python.org/3/library/glob.html
                # recursive search
                pattern: my_script
                # https://docs.python.org/3/library/os.html?#os.chmod
                mode: 0o700

How it works:

$ kapitan init
$ kapitan compile
$ ls -ltr compiled/my_target/scripts/my_script.sh
 -rwx------ 1 kapitan kapitan 99 Jan 18 14:59 compiled/my_target/scripts/my_script.sh
$ compiled/my_target/scripts/my_script.sh
Running for target my_target
compiled/my_target/scripts

This PR is in a very early stage. If this approach for setting file permissions is acceptable, I will continue to work on it; otherwise, let's discuss alternatives.

Docs and Tests

  • Tests added
  • Updated documentation

@metacoma
Basic permission support for compiled files
988656d 
Example:
```
  kapitan:
    compile:
      - input_paths:
          - templates/scripts
        output_path: scripts
	input_type: jinja2
	permissions:
	  -
            # https://docs.python.org/3/library/glob.html
	    # recursive search
	    pattern: my_script
	    # https://docs.python.org/3/library/os.html?#os.chmod
            mode: 0o700
```

How it works:

$ kapitan init
$ $EDITOR inventory/classes/my_component.yml
$ kapitan compile
$ ls -ltr compiled/my_target/scripts/my_script.sh
-rwx------ 1 kapitan kapitan 99 Jan 18 14:59 compiled/my_target/scripts/my_script.sh
$ compiled/my_target/scripts/my_script.sh
Running for target my_target
compiled/my_target/scripts
@metacoma
Update code formatting using Black
3ef58aa
@metacoma
Add basic example, explicitly set 0700 permission for my_script.sh
3ba3ac9
@ademariag
Copy link
Contributor

Hello @metacoma, sorry for the long delay.

I'll tell you what I would like for us to go in this regard :)

I'd like to change the behaviour a little of how we create these files, for instance adopting this pattern.

instead of:

local kapitan = import 'lib/kapitan.libjsonnet';
{
  ["apply.sh"]: kapitan.jinja2_template(
    "template/apply.sh", 
    {})
}

I would like us to move towards something like

local kapitan = import 'lib/kapitan.libjsonnet';
{
  ["apply.sh"]: { 
    "content": kapitan.jinja2_template("template/apply.sh", {}),
    "metadata": {
      "mode": 0o700
    }
}

The reasoning behind this is that I would like to change the behaviour of other things within kapitan, for instance be able to produce from a single "compile output" multiple types of files (i.e. .md, .json, .sh)

metadata could be expanded in the future to allow for more features.

@metacoma @ramaro WDYT?

@github-actions github-actions bot added the Stale label Apr 5, 2024
@github-actions github-actions bot removed the Stale label May 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Jsonnet doesn't remember file mode
2 participants
@metacoma @ademariag