forked from bruce/puppet-vcsrepo
-
Notifications
You must be signed in to change notification settings - Fork 285
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vcsrepo: add mode attribute #598
Labels
Comments
Self-decision: |
robbat2
added a commit
to robbat2/puppetlabs-vcsrepo
that referenced
this issue
Apr 9, 2023
Signed-off-by: Robin H. Johnson <[email protected]> Reference: puppetlabs#598
robbat2
added a commit
to robbat2/puppetlabs-vcsrepo
that referenced
this issue
Apr 9, 2023
Signed-off-by: Robin H. Johnson <[email protected]> Reference: puppetlabs#598
robbat2
added a commit
to robbat2/puppetlabs-vcsrepo
that referenced
this issue
Jul 1, 2023
Signed-off-by: Robin H. Johnson <[email protected]> Reference: puppetlabs#598
robbat2
added a commit
to robbat2/puppetlabs-vcsrepo
that referenced
this issue
Jul 13, 2023
Splits set_ownership_and_permissions into seperate functions per Metrics/CyclomaticComplexity & Metrics/PerceivedComplexity rubocop checks. Signed-off-by: Robin H. Johnson <[email protected]> Reference: puppetlabs#598
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Use Case
Trying to properly restrict access to repo checkouts.
Describe the Solution You Would Like
Please add a
mode
attributes that correctly sets the permissions on the repo basedir. The Git provider already provides theumask
attribute, but if the directory already exists, it does not impact that.Describe Alternatives You've Considered
An
exec
resource after thevcsrepo
means a small window when the newly created directory has incorrect permissions, which may present a security risk, or cause other apps to break. Theumask
option only affects new files/dirs, and doesn't change the existing dir.Additional Context
Open question:
should the
chmod
be applied recursively to existing repos, or just the toplevel directory?The text was updated successfully, but these errors were encountered: