From d23d3ba6223ffc833f2e701d6e54e84767b23520 Mon Sep 17 00:00:00 2001 From: CharlieC3 <2747302+CharlieC3@users.noreply.github.com> Date: Wed, 28 Sep 2022 21:13:19 -0400 Subject: [PATCH] [stacks-blockchain-api] check perms before setting them --- hirosystems/stacks-blockchain-api/Chart.lock | 6 +++--- hirosystems/stacks-blockchain-api/Chart.yaml | 2 +- .../templates/api-writer/statefulset.yaml | 9 ++++----- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/hirosystems/stacks-blockchain-api/Chart.lock b/hirosystems/stacks-blockchain-api/Chart.lock index 5295ee3..027e50f 100644 --- a/hirosystems/stacks-blockchain-api/Chart.lock +++ b/hirosystems/stacks-blockchain-api/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: stacks-blockchain repository: https://charts.hiro.so/hirosystems - version: 1.1.4 + version: 1.1.5 - name: postgresql repository: https://charts.bitnami.com/bitnami version: 11.9.2 - name: common repository: https://charts.bitnami.com/bitnami version: 1.17.1 -digest: sha256:00056a6c8c2685de8ed5f5f744896c407ff379a9f96fa5f25864b00348a3a782 -generated: "2022-09-28T15:33:43.334967-04:00" +digest: sha256:ba8466016c32d525b64b1707939de87d1bfbd24cb5f2b0a981f7e8ae2dbb2006 +generated: "2022-09-28T21:13:03.908325-04:00" diff --git a/hirosystems/stacks-blockchain-api/Chart.yaml b/hirosystems/stacks-blockchain-api/Chart.yaml index d77c369..eafc690 100644 --- a/hirosystems/stacks-blockchain-api/Chart.yaml +++ b/hirosystems/stacks-blockchain-api/Chart.yaml @@ -41,4 +41,4 @@ sources: - https://github.com/hirosystems/stacks-blockchain-api - https://docs.hiro.so/api - https://docs.hiro.so/get-started/stacks-blockchain-api -version: 1.1.4 +version: 1.1.5 diff --git a/hirosystems/stacks-blockchain-api/templates/api-writer/statefulset.yaml b/hirosystems/stacks-blockchain-api/templates/api-writer/statefulset.yaml index bdc314b..c275751 100644 --- a/hirosystems/stacks-blockchain-api/templates/api-writer/statefulset.yaml +++ b/hirosystems/stacks-blockchain-api/templates/api-writer/statefulset.yaml @@ -162,9 +162,6 @@ spec: wget ${ARCHIVE_URL} -O ${DATA_DIR}/archive.tar.gz tar zxvf ${DATA_DIR}/archive.tar.gz -C ${DATA_DIR} rm -f ${DATA_DIR}/archive.tar.gz - echo "Setting permissions" - chown -R {{ .Values.apiWriter.containerSecurityContext.runAsUser }}:{{ .Values.apiWriter.podSecurityContext.fsGroup }} ${DATA_DIR} - chown -R {{ .Values.apiWriter.containerSecurityContext.runAsUser }}:{{ .Values.apiWriter.podSecurityContext.fsGroup }} {{ .Values.apiWriter.persistence.bns.mountPath }} else echo "Previous data found. Exiting." fi @@ -191,8 +188,10 @@ spec: - /bin/bash - -ec - | - chown -R {{ .Values.apiWriter.containerSecurityContext.runAsUser }}:{{ .Values.apiWriter.podSecurityContext.fsGroup }} {{ .Values.apiWriter.persistence.data.mountPath }} - chown -R {{ .Values.apiWriter.containerSecurityContext.runAsUser }}:{{ .Values.apiWriter.podSecurityContext.fsGroup }} {{ .Values.apiWriter.persistence.bns.mountPath }} + if [[ "$(stat {{ .Values.apiWriter.persistence.data.mountPath }} -c %u:%g)" != "{{ .Values.apiWriter.containerSecurityContext.runAsUser }}:{{ .Values.apiWriter.podSecurityContext.fsGroup }}" ]]; then + chown -R {{ .Values.apiWriter.containerSecurityContext.runAsUser }}:{{ .Values.apiWriter.podSecurityContext.fsGroup }} {{ .Values.apiWriter.persistence.data.mountPath }} + chown -R {{ .Values.apiWriter.containerSecurityContext.runAsUser }}:{{ .Values.apiWriter.podSecurityContext.fsGroup }} {{ .Values.apiWriter.persistence.bns.mountPath }} + fi {{- if .Values.apiWriter.volumePermissions.containerSecurityContext.enabled }} securityContext: {{- omit .Values.apiWriter.volumePermissions.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }}