diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a2fce9..64d4280 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ All notable changes to this project will be documented in this file. - Add Prometheus labels and annotations to role-group services ([#26]). - Helm: Allow Pod `priorityClassName` to be configured ([#34]). - Support log configuration and log aggregation ([#40]). +- Ensure that the permissions of the configuration files are correct ([#47]). [#10]: https://github.com/stackabletech/opensearch-operator/pull/10 [#17]: https://github.com/stackabletech/opensearch-operator/pull/17 @@ -34,3 +35,4 @@ All notable changes to this project will be documented in this file. [#34]: https://github.com/stackabletech/opensearch-operator/pull/34 [#38]: https://github.com/stackabletech/opensearch-operator/pull/38 [#40]: https://github.com/stackabletech/opensearch-operator/pull/40 +[#47]: https://github.com/stackabletech/opensearch-operator/pull/47 diff --git a/docs/modules/opensearch/examples/getting_started/opensearch.yaml b/docs/modules/opensearch/examples/getting_started/opensearch.yaml index d56f87b..e98b45a 100644 --- a/docs/modules/opensearch/examples/getting_started/opensearch.yaml +++ b/docs/modules/opensearch/examples/getting_started/opensearch.yaml @@ -37,6 +37,7 @@ spec: - name: security-config secret: secretName: opensearch-security-config + defaultMode: 0o660 - name: tls ephemeral: volumeClaimTemplate: diff --git a/rust/operator-binary/src/controller/build/role_group_builder.rs b/rust/operator-binary/src/controller/build/role_group_builder.rs index 4b42052..431690f 100644 --- a/rust/operator-binary/src/controller/build/role_group_builder.rs +++ b/rust/operator-binary/src/controller/build/role_group_builder.rs @@ -260,6 +260,7 @@ impl<'a> RoleGroupBuilder<'a> { Volume { name: CONFIG_VOLUME_NAME.to_string(), config_map: Some(ConfigMapVolumeSource { + default_mode: Some(0o660), name: self.resource_names.role_group_config_map().to_string(), ..Default::default() }), @@ -268,6 +269,7 @@ impl<'a> RoleGroupBuilder<'a> { Volume { name: LOG_CONFIG_VOLUME_NAME.to_string(), config_map: Some(ConfigMapVolumeSource { + default_mode: Some(0o660), name: log_config_volume_config_map.to_string(), ..Default::default() }), @@ -1125,12 +1127,14 @@ mod tests { "volumes": [ { "configMap": { + "defaultMode": 0o660, "name": "my-opensearch-cluster-nodes-default" }, "name": "config" }, { "configMap": { + "defaultMode": 0o660, "name": "my-opensearch-cluster-nodes-default" }, "name": "log-config" diff --git a/tests/templates/kuttl/external-access/opensearch.yaml.j2 b/tests/templates/kuttl/external-access/opensearch.yaml.j2 index 484627d..2b7da52 100644 --- a/tests/templates/kuttl/external-access/opensearch.yaml.j2 +++ b/tests/templates/kuttl/external-access/opensearch.yaml.j2 @@ -106,6 +106,7 @@ spec: - name: security-config secret: secretName: opensearch-security-config + defaultMode: 0o660 - name: tls ephemeral: volumeClaimTemplate: diff --git a/tests/templates/kuttl/ldap/21-install-opensearch.yaml.j2 b/tests/templates/kuttl/ldap/21-install-opensearch.yaml.j2 index 5f0b615..fb42f4e 100644 --- a/tests/templates/kuttl/ldap/21-install-opensearch.yaml.j2 +++ b/tests/templates/kuttl/ldap/21-install-opensearch.yaml.j2 @@ -63,6 +63,7 @@ spec: - name: security-config secret: secretName: opensearch-security-config + defaultMode: 0o660 - name: tls ephemeral: volumeClaimTemplate: diff --git a/tests/templates/kuttl/metrics/20-install-opensearch.yaml.j2 b/tests/templates/kuttl/metrics/20-install-opensearch.yaml.j2 index d6e2d91..cf5f195 100644 --- a/tests/templates/kuttl/metrics/20-install-opensearch.yaml.j2 +++ b/tests/templates/kuttl/metrics/20-install-opensearch.yaml.j2 @@ -63,6 +63,7 @@ spec: - name: security-config secret: secretName: opensearch-security-config + defaultMode: 0o660 - name: tls ephemeral: volumeClaimTemplate: diff --git a/tests/templates/kuttl/smoke/10-assert.yaml.j2 b/tests/templates/kuttl/smoke/10-assert.yaml.j2 index c128217..60c58ed 100644 --- a/tests/templates/kuttl/smoke/10-assert.yaml.j2 +++ b/tests/templates/kuttl/smoke/10-assert.yaml.j2 @@ -246,11 +246,11 @@ spec: terminationGracePeriodSeconds: 120 volumes: - configMap: - defaultMode: 420 + defaultMode: 0o660 name: opensearch-nodes-cluster-manager name: config - configMap: - defaultMode: 420 + defaultMode: 0o660 name: opensearch-nodes-cluster-manager name: log-config - emptyDir: @@ -258,7 +258,7 @@ spec: name: log - name: security-config secret: - defaultMode: 420 + defaultMode: 0o660 secretName: opensearch-security-config - ephemeral: volumeClaimTemplate: @@ -558,11 +558,11 @@ spec: terminationGracePeriodSeconds: 120 volumes: - configMap: - defaultMode: 420 + defaultMode: 0o660 name: opensearch-nodes-data name: config - configMap: - defaultMode: 420 + defaultMode: 0o660 name: opensearch-nodes-data name: log-config - emptyDir: @@ -570,7 +570,7 @@ spec: name: log - name: security-config secret: - defaultMode: 420 + defaultMode: 0o660 secretName: opensearch-security-config - ephemeral: volumeClaimTemplate: diff --git a/tests/templates/kuttl/smoke/10-install-opensearch.yaml.j2 b/tests/templates/kuttl/smoke/10-install-opensearch.yaml.j2 index 56553df..ee70e27 100644 --- a/tests/templates/kuttl/smoke/10-install-opensearch.yaml.j2 +++ b/tests/templates/kuttl/smoke/10-install-opensearch.yaml.j2 @@ -101,6 +101,7 @@ spec: - name: security-config secret: secretName: opensearch-security-config + defaultMode: 0o660 - name: tls ephemeral: volumeClaimTemplate: