Switch new conf options from string to int

Signed-off-by: Keegan Witt <[email protected]>
spiffe · Sep 13, 2024 · 189af20 · 189af20
1 parent 465e7c2
commit 189af20
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 46 deletions.
diff --git a/README.md b/README.md
@@ -33,10 +33,10 @@ The configuration file is an [HCL](https://github.com/hashicorp/hcl) formatted f
  | `jwt_svids`                   | An array with the audience and file name to store the JWT SVIDs. File is Base64-encoded string).               | `[{jwt_audience="your-audience", jwt_svid_file_name="jwt_svid.token"}]`                                                                                              |
  | `jwt_bundle_file_name`        | File name to be used to store JWT Bundle in JSON format.                                                       | `"jwt_bundle.json"`                                                                                                                                                  |
  | `include_federated_domains`   | Include trust domains from federated servers in the CA bundle.                                                 | `true`                                                                                                                                                               |
-| `cert_file_mode`              | The octal file mode to use when saving the X.509 public certificate file.                                      | "0644"                                                                                                                                                               |
-| `key_file_mode`               | The octal file mode to use when saving the X.509 private key file                                              | "0600"                                                                                                                                                               |
-| `jwt_bundle_file_mode`        | The octal file mode to use when saving a JWT Bundle file.                                                      | "0600"                                                                                                                                                               |
-| `jwt_svid_file_mode`          | The octal file mode to use when saving a JWT SVID file.                                                        | "0600"                                                                                                                                                               |
+| `cert_file_mode`              | The octal file mode to use when saving the X.509 public certificate file.                                      | 644                                                                                                                                                                  |
+| `key_file_mode`               | The octal file mode to use when saving the X.509 private key file                                              | 600                                                                                                                                                                  |
+| `jwt_bundle_file_mode`        | The octal file mode to use when saving a JWT Bundle file.                                                      | 600                                                                                                                                                                  |
+| `jwt_svid_file_mode`          | The octal file mode to use when saving a JWT SVID file.                                                        | 600                                                                                                                                                                  |
 
 ### Configuration example
 ```

diff --git a/cmd/spiffe-helper/config/config.go b/cmd/spiffe-helper/config/config.go
@@ -3,9 +3,7 @@ package config
 import (
 	"errors"
 	"flag"
-	"math"
 	"os"
-	"strconv"
 
 	"github.com/hashicorp/hcl"
 	"github.com/sirupsen/logrus"
@@ -30,10 +28,10 @@ type Config struct {
 	CmdArgsDeprecated                  string `hcl:"cmdArgs"`
 	CertDir                            string `hcl:"cert_dir"`
 	CertDirDeprecated                  string `hcl:"certDir"`
-	CertFileMode                       string `hcl:"cert_file_mode"`
-	KeyFileMode                        string `hcl:"key_file_mode"`
-	JwtBundleFileMode                  string `hcl:"jwt_bundle_file_mode"`
-	JwtSvidFileMode                    string `hcl:"jwt_svid_file_mode"`
+	CertFileMode                       int32  `hcl:"cert_file_mode"`
+	KeyFileMode                        int32  `hcl:"key_file_mode"`
+	JwtBundleFileMode                  int32  `hcl:"jwt_bundle_file_mode"`
+	JwtSvidFileMode                    int32  `hcl:"jwt_svid_file_mode"`
 	IncludeFederatedDomains            bool   `hcl:"include_federated_domains"`
 	RenewSignal                        string `hcl:"renew_signal"`
 	RenewSignalDeprecated              string `hcl:"renewSignal"`
@@ -179,40 +177,28 @@ func (c *Config) ValidateConfig(log logrus.FieldLogger) error {
 
 func NewSidecarConfig(config *Config, log logrus.FieldLogger) *sidecar.Config {
 	certFileMode := defaultCertFileMode
-	if config.CertFileMode != "" {
-		parsedCertFileMode, err := strconv.ParseUint(config.CertFileMode, 8, 32)
-		if err != nil || parsedCertFileMode > math.MaxUint32 {
-			log.WithError(err).Error("failed to parse file mode, using default")
-		} else {
-			certFileMode = os.FileMode(parsedCertFileMode) //nolint:gosec,G115
-		}
+	if config.CertFileMode <= 0 {
+		log.Error("failed to parse file mode, using default")
+	} else {
+		certFileMode = os.FileMode(config.CertFileMode)
 	}
 	keyFileMode := defaultKeyFileMode
-	if config.KeyFileMode != "" {
-		parsedKeyFileMode, err := strconv.ParseUint(config.KeyFileMode, 8, 32)
-		if err != nil || parsedKeyFileMode > math.MaxUint32 {
-			log.WithError(err).Error("failed to parse file mode, using default")
-		} else {
-			certFileMode = os.FileMode(parsedKeyFileMode) //nolint:gosec,G115
-		}
+	if config.KeyFileMode <= 0 {
+		log.Error("failed to parse file mode, using default")
+	} else {
+		certFileMode = os.FileMode(config.KeyFileMode)
 	}
 	jwtBundleFileMode := defaultJwtBundleFileMode
-	if config.JwtBundleFileMode != "" {
-		parsedJwtBundleFileMode, err := strconv.ParseUint(config.JwtBundleFileMode, 8, 32)
-		if err != nil || parsedJwtBundleFileMode > math.MaxUint32 {
-			log.WithError(err).Error("failed to parse file mode, using default")
-		} else {
-			certFileMode = os.FileMode(parsedJwtBundleFileMode) //nolint:gosec,G115
-		}
+	if config.JwtBundleFileMode <= 0 {
+		log.Error("failed to parse file mode, using default")
+	} else {
+		certFileMode = os.FileMode(config.JwtBundleFileMode)
 	}
 	jwtSvidFileMode := defaultJwtSvidFileMode
-	if config.JwtSvidFileMode != "" {
-		parsedJwtSvidFileMode, err := strconv.ParseUint(config.JwtSvidFileMode, 8, 32)
-		if err != nil || parsedJwtSvidFileMode > math.MaxUint32 {
-			log.WithError(err).Error("failed to parse file mode, using default")
-		} else {
-			certFileMode = os.FileMode(parsedJwtSvidFileMode) //nolint:gosec,G115
-		}
+	if config.JwtSvidFileMode <= 0 {
+		log.Error("failed to parse file mode, using default")
+	} else {
+		certFileMode = os.FileMode(config.JwtSvidFileMode)
 	}
 	sidecarConfig := &sidecar.Config{
 		AddIntermediatesToBundle: config.AddIntermediatesToBundle,

diff --git a/cmd/spiffe-helper/config/config_test.go b/cmd/spiffe-helper/config/config_test.go
@@ -31,10 +31,10 @@ func TestParseConfig(t *testing.T) {
 	expectedJWTSVIDFileName := "jwt_svid.token"
 	expectedJWTBundleFileName := "jwt_bundle.json"
 	expectedJWTAudience := "your-audience"
-	expectedCertFileMode := "0444"
-	expectedKeyFileMode := "0444"
-	expectedJwtBundleFileMode := "0444"
-	expectedJwtSvidFileMode := "0444"
+	expectedCertFileMode := int32(444)
+	expectedKeyFileMode := int32(444)
+	expectedJwtBundleFileMode := int32(444)
+	expectedJwtSvidFileMode := int32(444)
 
 	assert.Equal(t, expectedAgentAddress, c.AgentAddress)
 	assert.Equal(t, expectedCmd, c.Cmd)

diff --git a/cmd/spiffe-helper/config/testdata/helper.conf b/cmd/spiffe-helper/config/testdata/helper.conf
@@ -2,10 +2,10 @@ agent_address = "/tmp/spire-agent/public/api.sock"
 cmd = "hot-restarter.py"
 cmd_args = "start_envoy.sh"
 cert_dir = "certs"
-cert_file_mode = "0444"
-key_file_mode = "0444"
-jwt_bundle_file_mode = "0444"
-jwt_svid_file_mode = "0444"
+cert_file_mode = 444
+key_file_mode = 444
+jwt_bundle_file_mode = 444
+jwt_svid_file_mode = 444
 renew_signal = "SIGHUP"
 svid_file_name = "svid.pem"
 svid_key_file_name = "svid_key.pem"