Skip to content

Commit

Permalink
feat: support for customising file permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
adamcooke committed Jul 25, 2022
1 parent 7c5878b commit 4e036b5
Show file tree
Hide file tree
Showing 3 changed files with 62 additions and 8 deletions.
3 changes: 3 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ certificates:
private_key: /etc/certs/service.key.pem
chain: /etc/certs/service.chain.pem
certificate_with_chain: /etc/certs/service.cert-with-chain.pem
permissions:
certificates: 644
keys: 600
commands:
- systemctl reload apache2
- touch /etc/certs/service.cert.updated
Expand Down
32 changes: 28 additions & 4 deletions certificate.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,23 +32,35 @@ func (c *Certificate) Process(logger zerolog.Logger) (bool, error) {
if c.Paths.Certificate == "" {
logger.Info().Msg("Not saving certificate file because no path defined")
} else {
err = os.WriteFile(c.Paths.Certificate, []byte(metadata.Files.Certificate), 0644)
err = os.WriteFile(c.Paths.Certificate, []byte(metadata.Files.Certificate), c.Permissions.CertificatesFileMode())
if err != nil {
logger.Error().Err(err).Str("path", c.Paths.Certificate).Msg("Failed to write certificate file")
return true, err
}
logger.Info().Str("path", c.Paths.Certificate).Msg("Certificate file saved")

err = os.Chmod(c.Paths.Certificate, c.Permissions.CertificatesFileMode())
if err != nil {
logger.Error().Err(err).Str("path", c.Paths.Certificate).Msg("Failed to set permissions for certificate file")
return true, err
}
}

if c.Paths.PrivateKey == "" {
logger.Info().Msg("Not saving private key file because no path defined")
} else {
err = os.WriteFile(c.Paths.PrivateKey, []byte(metadata.Files.PrivateKey), 0600)
err = os.WriteFile(c.Paths.PrivateKey, []byte(metadata.Files.PrivateKey), c.Permissions.KeysFileMode())
if err != nil {
logger.Error().Err(err).Str("path", c.Paths.PrivateKey).Msg("Failed to write private key file")
return true, err
}
logger.Info().Str("path", c.Paths.PrivateKey).Msg("Private key file saved")

err = os.Chmod(c.Paths.PrivateKey, c.Permissions.KeysFileMode())
if err != nil {
logger.Error().Err(err).Str("path", c.Paths.PrivateKey).Msg("Failed to set permissions for private key file")
return true, err
}
}

if c.Paths.Chain == "" {
Expand All @@ -57,24 +69,36 @@ func (c *Certificate) Process(logger zerolog.Logger) (bool, error) {
if metadata.Files.Chain == "" {
logger.Info().Msg("No chain file provided")
} else {
err = os.WriteFile(c.Paths.Chain, []byte(metadata.Files.Chain), 0600)
err = os.WriteFile(c.Paths.Chain, []byte(metadata.Files.Chain), c.Permissions.CertificatesFileMode())
if err != nil {
logger.Error().Err(err).Str("path", c.Paths.Chain).Msg("Failed to write chain file")
return true, err
}
logger.Info().Str("path", c.Paths.Chain).Msg("Chain file saved")

err = os.Chmod(c.Paths.Chain, c.Permissions.CertificatesFileMode())
if err != nil {
logger.Error().Err(err).Str("path", c.Paths.Chain).Msg("Failed to set permissions for chain file")
return true, err
}
}
}

if c.Paths.CertificateWithChain == "" {
logger.Info().Msg("Not saving certificate with chain file because no path defined")
} else {
err = os.WriteFile(c.Paths.CertificateWithChain, []byte(metadata.Files.CertificateWithChain()), 0600)
err = os.WriteFile(c.Paths.CertificateWithChain, []byte(metadata.Files.CertificateWithChain()), c.Permissions.CertificatesFileMode())
if err != nil {
logger.Error().Err(err).Str("path", c.Paths.CertificateWithChain).Msg("Failed to write certificate with chain file")
return true, err
}
logger.Info().Str("path", c.Paths.PrivateKey).Msg("Certificate with chain file saved")

err = os.Chmod(c.Paths.CertificateWithChain, c.Permissions.CertificatesFileMode())
if err != nil {
logger.Error().Err(err).Str("path", c.Paths.CertificateWithChain).Msg("Failed to set permissions for certificate with chain file")
return true, err
}
}

err = c.runCommands(logger)
Expand Down
35 changes: 31 additions & 4 deletions config.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
package main

import (
"io/fs"
"io/ioutil"
"strconv"

"gopkg.in/yaml.v3"
)
Expand All @@ -11,10 +13,10 @@ type Config struct {
}

type Certificate struct {
URL string `yaml:"url"`
Paths Paths `yaml:"paths"`

Commands []string `yaml:"commands"`
URL string `yaml:"url"`
Paths Paths `yaml:"paths"`
Permissions Permissions `yaml:"permissions"`
Commands []string `yaml:"commands"`
}

type Paths struct {
Expand All @@ -24,6 +26,31 @@ type Paths struct {
CertificateWithChain string `yaml:"certificate_with_chain"`
}

type Permissions struct {
Certificates int64 `yaml:"certificates"`
Keys int64 `yaml:"keys"`
}

func (p Permissions) CertificatesFileMode() fs.FileMode {
if p.Certificates == 0 {
return fs.FileMode(0644)
}

i := strconv.FormatInt(p.Certificates, 10)
fm, _ := strconv.ParseInt(i, 8, 32)
return fs.FileMode(fm)
}

func (p Permissions) KeysFileMode() fs.FileMode {
if p.Keys == 0 {
return fs.FileMode(0600)
}

i := strconv.FormatInt(p.Keys, 10)
fm, _ := strconv.ParseInt(i, 8, 32)
return fs.FileMode(fm)
}

func NewConfigFromFile(path string) (*Config, error) {
data, err := ioutil.ReadFile(path)
if err != nil {
Expand Down

0 comments on commit 4e036b5

Please sign in to comment.