[JENKINS-49641] Add Secret files permissions

Type: New Feature
Resolution: Duplicate
Priority: Minor
Component/s: kubernetes-plugin
Labels:
- pipeline
- plugin

Similar Issues:
Powered by SuggestiMate

Show

Add new Feature Secret files permissions.

We need to modify the permissions of the file with the functionality of kubernetes

Doc in K8s (Secret files permission):
https://kubernetes.io/docs/concepts/configuration/secret/

Example pipeline (default mode set permission to 400):

podTemplate(label: 'pod-jenkins-agent-ansible', containers: [
containerTemplate(name: 'ansible', image: 'sockmal/ansible:2.4.3.0', ttyEnabled: true, command: 'cat',
envVars: [containerEnvVar(key: 'ANSIBLE_HOST_KEY_CHECKING', value: 'False')])],
volumes: [secretVolume(secretName: 'ansible-private-key', mountPath: '/root/.ssh', defaultMode: '256')
])

Error output in ansible jenkins agent (Permissions 0644 for '/root/.ssh/id_rsa' are too open):

[dev-back-java-murcia] Running shell script
 + ls -la /root/.ssh/
 total 4
 drwxrwxrwt 3 root root 100 Feb 20 09:11 .
 dr-xr-x--- 1 root root 4096 Feb 20 09:11 ..
 drwxr-xr-x 2 root root 60 Feb 20 09:11 ..2982_20_02_09_11_01.244648209
 lrwxrwxrwx 1 root root 31 Feb 20 09:11 ..data -> ..2982_20_02_09_11_01.244648209
 lrwxrwxrwx 1 root root 13 Feb 20 09:11 id_rsa -> ..data/id_rsa
 [Pipeline] script
 [Pipeline] {
 [Pipeline] sh
 [dev-back-java-murcia] Running shell script
 + ansible-playbook -i ansible-playbooks/hosts ansible-playbooks/playbook.yml
 PLAY [test-campusapp] **********************************************************
TASK [Gathering Facts] *********************************************************
 fatal: [test-campusapp.tk]: UNREACHABLE! => \r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nPermissions 0644 for '/root/.ssh/id_rsa' are too open.\r\nIt is required that your private key files are NOT accessible by others.\r\nThis private key will be ignored.\r\nLoad key \"/root/.ssh/id_rsa\": bad permissions\r\nPermission denied (publickey,password).\r\n", "unreachable": true}
 to retry, use: --limit @/home/jenkins/workspace/dev-back-java-murcia/ansible-playbooks/playbook.retry
PLAY RECAP *********************************************************************
 test-campusapp.tk : ok=0 changed=0 unreachable=1 failed=0

duplicates

JENKINS-42851 secretVolume not created read only

Resolved

Wes Couch added a comment - 2019-04-16 21:44

This has been resolved in this PR https://github.com/jenkinsci/kubernetes-plugin/pull/452 . You can now set defaultMode in the pod template since version 1.15.0

Wes Couch added a comment - 2019-04-16 21:44 This has been resolved in this PR https://github.com/jenkinsci/kubernetes-plugin/pull/452 . You can now set defaultMode in the pod template since version 1.15.0

Assignee:: Carlos Sanchez

Reporter:: Marcos Aranda

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2018-02-20 09:16

Updated:: 2019-04-16 21:44

Resolved:: 2018-05-25 08:41

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Wes Couch added a comment - 2019-04-16 21:44

Expand comment: Wes Couch added a comment - 2019-04-16 21:44

People

Dates