Allow setting permission mode bits on secrets, configmaps and downwardAPI files #28936
Conversation
|
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. Otherwise, if this message is too spammy, please complain to ixdy. |
1 similar comment
|
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. Otherwise, if this message is too spammy, please complain to ixdy. |
k8s-github-robot
added
needs-rebase
|
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. Otherwise, if this message is too spammy, please complain to ixdy. |
2 similar comments
|
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. Otherwise, if this message is too spammy, please complain to ixdy. |
|
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. Otherwise, if this message is too spammy, please complain to ixdy. |
rata
changed the title
|
ok to test |
bgrant0607
added
the
do-not-merge
|
This is an example of a PR that sat for over a week without me noticing.
cc @apelisse @kubernetes/contributor-experience |
|
@bgrant0607: thanks! Can you ask to re-test, please? :) |
rata
force-pushed
the
secret-configmap-file-mode
branch
from
ba0159d to
24f078d
Compare
|
Well, there was a typo that I was using hexa instead of octal. That fixed, everything is working fine now :-) The only "weird" thing is that the mode in the yaml needs to be in base 10 or 16, I didn't find how to write in octal in the yaml and get that number when reading it. Probably just because I don't know about protobufs. Also, checking the code for fsGroup, the "OR'd" is done in the lower layer in Also, it seems a validation is not needed, so I didn't wrote one. @pmorie can you please have a look? If it looks mostly fine, I'd like to proceed with some tests (suggestions welcome!), improve some comments and have this merged =) |
rata
changed the title
|
@k8s-bot test this: github issue #IGNORE |
| @@ -607,6 +607,10 @@ type SecretVolumeSource struct { | |||
| // the volume setup will error. Paths must be relative and may not contain | |||
| // the '..' path or start with '..'. | |||
| Items []KeyToPath `json:"items,omitempty"` | |||
| // Mode bits to use on created files by default. The used mode bits will | |||
There was a problem hiding this comment.
s/used/final (same in all cases)
The function can fail, so we must check the return code.
pmorie
force-pushed
the
secret-configmap-file-mode
branch
from
377743d to
4e9a14a
Compare
k8s-github-robot
removed
lgtm
thockin
added
the
lgtm
|
GCE e2e build/test passed for commit 4e9a14a. |
|
Should this have the milestone v1.4? It is in the queue, but after all the v1.4 PRs. But if it will make it anyways, no problem :) |
|
Reviewed 3 of 12 files at r1, 6 of 13 files at r3, 3 of 3 files at r5, 10 of 22 files at r6, 12 of 12 files at r7. Comments from Reviewable |
|
Review status: all files reviewed at latest revision, all discussions resolved. pkg/volume/configmap/configmap_test.go, line 39 [r6] (raw file):
|
|
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
|
GCE e2e build/test passed for commit 4e9a14a. |
|
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
|
GCE e2e build/test passed for commit 4e9a14a. |
|
Automatic merge from submit-queue |
The patch that adds this feature in core kubernetes, kubernetes/kubernetes#28936, was merged and will be released with kubernetes 1.4.
The patch that adds this feature in core kubernetes, kubernetes/kubernetes#28936, was merged and will be released with kubernetes 1.4.
The patch that adds this feature in core kubernetes, kubernetes/kubernetes#28936, was merged and will be released with kubernetes 1.4.
The patch that adds this feature in core kubernetes, kubernetes/kubernetes#28936, was merged and will be released with kubernetes 1.4.
The patch that adds this feature in core kubernetes, kubernetes/kubernetes#28936, was merged and will be released with kubernetes 1.4.
Automatic merge from submit-queue Remove duplicated code in secret e2e tests <!-- Thanks for sending a pull request! Here are some tips for you: 1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md 2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md 3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes --> **What this PR does / why we need it**: This come up when writing another PR: #28936 as a comment from @thockin. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*: **Special notes for your reviewer**: **Release note**: <!-- Steps to write your release note: 1. Use the release-note-* labels to set the release note state (if you have access) 2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`. --> ```NONE ``` This patch just removes duplicated code in secret e2e tests.
…lume - Fixed because of kubernetes/kubernetes#28936
cc @thockin @pmorie
Here is the first round to implement: #28733.
I made two commits: one with the actual change and the other with the auto-generated code. I think it's easier to review this way, but let me know if you prefer in some other way.
I haven't written any tests yet, I wanted to have a first glance and not write them till this (and the API) are more close to the "LGTM" :)
There are some things:
ls -lon the running container. It does work with write permissions to the owner. Debugging seems to show that is something happening after this is correctly set on creation. Will look closer.generated-docsandgenerated-swagger-docsfromhack/update-all.sh) because my machine runs out of mem. So that's why it isn't in this first PR, will try to investigate and see why it happens.Other than that, this works fine here with some silly scripts I did to create a secret&configmap&downwardAPI, a pod and check the file permissions. Tested the "defaultMode" and "mode" for all. But of course, will write tests once this is looking fine :)
Thanks a lot again!
Rodrigo
This change is