You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The "secure" flag to "get_config" enforces the permissions 0x600 for a config file. But in OpenShift the most secure a file can be is 0x640 because any mounted secrets will be owned by root:<app-user>.
This means that in its current state, config_resolver cannot be used for OpenShift apps.
A backwards compatible change would be to allow to pass in an octal value of the "expected" mode of a file, and use 0x600 if a user passes in True. This way each call could be adapted apropriately.
The text was updated successfully, but these errors were encountered:
The "secure" flag to "get_config" enforces the permissions
0x600
for a config file. But in OpenShift the most secure a file can be is0x640
because any mounted secrets will be owned byroot:<app-user>
.This means that in its current state,
config_resolver
cannot be used for OpenShift apps.A backwards compatible change would be to allow to pass in an octal value of the "expected" mode of a file, and use
0x600
if a user passes inTrue
. This way each call could be adapted apropriately.The text was updated successfully, but these errors were encountered: