Add Secret files permissions

XMLWordPrintable

      Add new Feature Secret files permissions.

      We need to modify the permissions of the file with the functionality of kubernetes

       

      Doc in K8s (Secret files permission): 
      https://kubernetes.io/docs/concepts/configuration/secret/

       

      Example pipeline (default mode set permission to 400):

       

      podTemplate(label: 'pod-jenkins-agent-ansible', containers: [
containerTemplate(name: 'ansible', image: 'sockmal/ansible:2.4.3.0', ttyEnabled: true, command: 'cat',
envVars: [containerEnvVar(key: 'ANSIBLE_HOST_KEY_CHECKING', value: 'False')])],
volumes: [secretVolume(secretName: 'ansible-private-key', mountPath: '/root/.ssh', defaultMode: '256')
])

      Error output in ansible jenkins agent (Permissions 0644 for '/root/.ssh/id_rsa' are too open):

       

      [dev-back-java-murcia] Running shell script
 + ls -la /root/.ssh/
 total 4
 drwxrwxrwt 3 root root 100 Feb 20 09:11 .
 dr-xr-x--- 1 root root 4096 Feb 20 09:11 ..
 drwxr-xr-x 2 root root 60 Feb 20 09:11 ..2982_20_02_09_11_01.244648209
 lrwxrwxrwx 1 root root 31 Feb 20 09:11 ..data -> ..2982_20_02_09_11_01.244648209
 lrwxrwxrwx 1 root root 13 Feb 20 09:11 id_rsa -> ..data/id_rsa
 [Pipeline] script
 [Pipeline] {
 [Pipeline] sh
 [dev-back-java-murcia] Running shell script
 + ansible-playbook -i ansible-playbooks/hosts ansible-playbooks/playbook.yml
 PLAY [test-campusapp] **********************************************************
TASK [Gathering Facts] *********************************************************
 fatal: [test-campusapp.tk]: UNREACHABLE! => \r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nPermissions 0644 for '/root/.ssh/id_rsa' are too open.\r\nIt is required that your private key files are NOT accessible by others.\r\nThis private key will be ignored.\r\nLoad key \"/root/.ssh/id_rsa\": bad permissions\r\nPermission denied (publickey,password).\r\n", "unreachable": true}
 to retry, use: --limit @/home/jenkins/workspace/dev-back-java-murcia/ansible-playbooks/playbook.retry
PLAY RECAP *********************************************************************
 test-campusapp.tk : ok=0 changed=0 unreachable=1 failed=0

       

            Assignee:
            Carlos Sanchez
            Reporter:
            Marcos Aranda
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: