[stacks-blockchain-api] check perms before setting them

hirosystems · Sep 29, 2022 · d23d3ba · d23d3ba
1 parent 65b6326
commit d23d3ba
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 9 deletions.
diff --git a/hirosystems/stacks-blockchain-api/Chart.lock b/hirosystems/stacks-blockchain-api/Chart.lock
@@ -1,12 +1,12 @@
 dependencies:
 - name: stacks-blockchain
   repository: https://charts.hiro.so/hirosystems
-  version: 1.1.4
+  version: 1.1.5
 - name: postgresql
   repository: https://charts.bitnami.com/bitnami
   version: 11.9.2
 - name: common
   repository: https://charts.bitnami.com/bitnami
   version: 1.17.1
-digest: sha256:00056a6c8c2685de8ed5f5f744896c407ff379a9f96fa5f25864b00348a3a782
-generated: "2022-09-28T15:33:43.334967-04:00"
+digest: sha256:ba8466016c32d525b64b1707939de87d1bfbd24cb5f2b0a981f7e8ae2dbb2006
+generated: "2022-09-28T21:13:03.908325-04:00"
diff --git a/hirosystems/stacks-blockchain-api/Chart.yaml b/hirosystems/stacks-blockchain-api/Chart.yaml
@@ -41,4 +41,4 @@ sources:
   - https://github.com/hirosystems/stacks-blockchain-api
   - https://docs.hiro.so/api
   - https://docs.hiro.so/get-started/stacks-blockchain-api
-version: 1.1.4
+version: 1.1.5
diff --git a/hirosystems/stacks-blockchain-api/templates/api-writer/statefulset.yaml b/hirosystems/stacks-blockchain-api/templates/api-writer/statefulset.yaml
@@ -162,9 +162,6 @@ spec:
                 wget ${ARCHIVE_URL} -O ${DATA_DIR}/archive.tar.gz
                 tar zxvf ${DATA_DIR}/archive.tar.gz -C ${DATA_DIR}
                 rm -f ${DATA_DIR}/archive.tar.gz
-                echo "Setting permissions"
-                chown -R {{ .Values.apiWriter.containerSecurityContext.runAsUser }}:{{ .Values.apiWriter.podSecurityContext.fsGroup }} ${DATA_DIR}
-                chown -R {{ .Values.apiWriter.containerSecurityContext.runAsUser }}:{{ .Values.apiWriter.podSecurityContext.fsGroup }} {{ .Values.apiWriter.persistence.bns.mountPath }}
               else
                 echo "Previous data found. Exiting."
               fi
@@ -191,8 +188,10 @@ spec:
             - /bin/bash
             - -ec
             - |
-              chown -R {{ .Values.apiWriter.containerSecurityContext.runAsUser }}:{{ .Values.apiWriter.podSecurityContext.fsGroup }} {{ .Values.apiWriter.persistence.data.mountPath }}
-              chown -R {{ .Values.apiWriter.containerSecurityContext.runAsUser }}:{{ .Values.apiWriter.podSecurityContext.fsGroup }} {{ .Values.apiWriter.persistence.bns.mountPath }}
+              if [[ "$(stat {{ .Values.apiWriter.persistence.data.mountPath }} -c %u:%g)" != "{{ .Values.apiWriter.containerSecurityContext.runAsUser }}:{{ .Values.apiWriter.podSecurityContext.fsGroup }}" ]]; then
+                chown -R {{ .Values.apiWriter.containerSecurityContext.runAsUser }}:{{ .Values.apiWriter.podSecurityContext.fsGroup }} {{ .Values.apiWriter.persistence.data.mountPath }}
+                chown -R {{ .Values.apiWriter.containerSecurityContext.runAsUser }}:{{ .Values.apiWriter.podSecurityContext.fsGroup }} {{ .Values.apiWriter.persistence.bns.mountPath }}
+              fi
           {{- if .Values.apiWriter.volumePermissions.containerSecurityContext.enabled }}
           securityContext: {{- omit .Values.apiWriter.volumePermissions.containerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}