Skip to content

test: Fix some insecure config file permissions #82

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 27, 2025
Merged

test: Fix some insecure config file permissions #82

merged 1 commit into from
Nov 27, 2025

Conversation

@siegfriedweber
Copy link
Member

@siegfriedweber siegfriedweber commented Nov 27, 2025

Description

Fix some insecure config file permissions in the opensearch-dashboards integration test.

This change fixes the following warnings:

File /stackable/opensearch/config/opensearch-security/..2025_11_27_10_33_49.419458873/action_groups.yml has insecure file permissions (should be 0600)
File /stackable/opensearch/config/opensearch-security/..2025_11_27_10_33_49.419458873/allowlist.yml has insecure file permissions (should be 0600)
File /stackable/opensearch/config/opensearch-security/..2025_11_27_10_33_49.419458873/audit.yml has insecure file permissions (should be 0600)
File /stackable/opensearch/config/opensearch-security/..2025_11_27_10_33_49.419458873/config.yml has insecure file permissions (should be 0600)
File /stackable/opensearch/config/opensearch-security/..2025_11_27_10_33_49.419458873/internal_users.yml has insecure file permissions (should be 0600)
File /stackable/opensearch/config/opensearch-security/..2025_11_27_10_33_49.419458873/nodes_dn.yml has insecure file permissions (should be 0600)
File /stackable/opensearch/config/opensearch-security/..2025_11_27_10_33_49.419458873/roles.yml has insecure file permissions (should be 0600)
File /stackable/opensearch/config/opensearch-security/..2025_11_27_10_33_49.419458873/roles_mapping.yml has insecure file permissions (should be 0600)
File /stackable/opensearch/config/opensearch-security/..2025_11_27_10_33_49.419458873/tenants.yml has insecure file permissions (should be 0600)

It does not fix the following warnings:

Directory /stackable/opensearch/config/opensearch-security has insecure file permissions (should be 0700)
Directory /stackable/opensearch/config/opensearch-security/..2025_11_27_10_27_27.1104253726 has insecure file permissions (should be 0700)
File /stackable/opensearch/config/opensearch-security/..data has insecure file permissions (should be 0600)
File /stackable/opensearch/config/opensearch-security/action_groups.yml has insecure file permissions (should be 0600)
File /stackable/opensearch/config/opensearch-security/allowlist.yml has insecure file permissions (should be 0600)
File /stackable/opensearch/config/opensearch-security/audit.yml has insecure file permissions (should be 0600)
File /stackable/opensearch/config/opensearch-security/config.yml has insecure file permissions (should be 0600)
File /stackable/opensearch/config/opensearch-security/internal_users.yml has insecure file permissions (should be 0600)
File /stackable/opensearch/config/opensearch-security/nodes_dn.yml has insecure file permissions (should be 0600)
File /stackable/opensearch/config/opensearch-security/roles.yml has insecure file permissions (should be 0600)
File /stackable/opensearch/config/opensearch-security/roles_mapping.yml has insecure file permissions (should be 0600)
File /stackable/opensearch/config/opensearch-security/tenants.yml has insecure file permissions (should be 0600)

The previous warnings could be fixed by using separate volume mounts with a subPath for each configuration file. However, this is too much work for this temporary solution. The security configuration will be integrated in #43 and then all warnings will disappear.

Definition of Done Checklist

  • Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
  • Please make sure all these things are done and tick the boxes

Author

  • Integration tests passed (for non trivial changes)

Reviewer

  • Code contains useful comments
  • Code contains useful logging statements
  • (Integration-)Test cases added
  • Documentation added or updated. Follows the style guide.
  • Changelog updated
  • Cargo.toml only contains references to git tags (not specific commits or branches)

Acceptance

  • Feature Tracker has been updated
  • Proper release label has been added
  • Links to generated (nightly) docs added
  • Release note snippet added
  • Add type/deprecation label & add to the deprecation schedule
  • Add type/experimental label & add to the experimental features tracker

@siegfriedweber siegfriedweber self-assigned this Nov 27, 2025
labrenbe
labrenbe approved these changes Nov 27, 2025
View reviewed changes
Copy link
Member

@labrenbe labrenbe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@siegfriedweber siegfriedweber added this pull request to the merge queue Nov 27, 2025
Merged via the queue into main with commit 111b776 Nov 27, 2025
2 checks passed
@siegfriedweber siegfriedweber deleted the test/fix-insecure-config-file-permissions branch November 27, 2025 10:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@labrenbe labrenbe labrenbe approved these changes

Assignees

@siegfriedweber siegfriedweber

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@siegfriedweber @labrenbe