Skip to content

Commit

Permalink
Switch new conf options from string to int
Browse files Browse the repository at this point in the history
  • Loading branch information
@keeganwitt
keeganwitt committed Sep 13, 2024
1 parent 465e7c2 commit ba06402
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 36 deletions.
8 changes: 4 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,10 @@ The configuration file is an [HCL](https://github.com/hashicorp/hcl) formatted f
| `jwt_svids` | An array with the audience and file name to store the JWT SVIDs. File is Base64-encoded string). | `[{jwt_audience="your-audience", jwt_svid_file_name="jwt_svid.token"}]` |
| `jwt_bundle_file_name` | File name to be used to store JWT Bundle in JSON format. | `"jwt_bundle.json"` |
| `include_federated_domains` | Include trust domains from federated servers in the CA bundle. | `true` |
| `cert_file_mode` | The octal file mode to use when saving the X.509 public certificate file. | "0644" |
| `key_file_mode` | The octal file mode to use when saving the X.509 private key file | "0600" |
| `jwt_bundle_file_mode` | The octal file mode to use when saving a JWT Bundle file. | "0600" |
| `jwt_svid_file_mode` | The octal file mode to use when saving a JWT SVID file. | "0600" |
| `cert_file_mode` | The octal file mode to use when saving the X.509 public certificate file. | 644 |
| `key_file_mode` | The octal file mode to use when saving the X.509 private key file | 600 |
| `jwt_bundle_file_mode` | The octal file mode to use when saving a JWT Bundle file. | 600 |
| `jwt_svid_file_mode` | The octal file mode to use when saving a JWT SVID file. | 600 |

### Configuration example
```
Expand Down
52 changes: 20 additions & 32 deletions cmd/spiffe-helper/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,10 @@ type Config struct {
CmdArgsDeprecated string `hcl:"cmdArgs"`
CertDir string `hcl:"cert_dir"`
CertDirDeprecated string `hcl:"certDir"`
CertFileMode string `hcl:"cert_file_mode"`
KeyFileMode string `hcl:"key_file_mode"`
JwtBundleFileMode string `hcl:"jwt_bundle_file_mode"`
JwtSvidFileMode string `hcl:"jwt_svid_file_mode"`
CertFileMode int32 `hcl:"cert_file_mode"`
KeyFileMode int32 `hcl:"key_file_mode"`
JwtBundleFileMode int32 `hcl:"jwt_bundle_file_mode"`
JwtSvidFileMode int32 `hcl:"jwt_svid_file_mode"`
IncludeFederatedDomains bool `hcl:"include_federated_domains"`
RenewSignal string `hcl:"renew_signal"`
RenewSignalDeprecated string `hcl:"renewSignal"`
Expand Down Expand Up @@ -179,40 +179,28 @@ func (c *Config) ValidateConfig(log logrus.FieldLogger) error {

func NewSidecarConfig(config *Config, log logrus.FieldLogger) *sidecar.Config {
certFileMode := defaultCertFileMode
if config.CertFileMode != "" {
parsedCertFileMode, err := strconv.ParseUint(config.CertFileMode, 8, 32)
if err != nil || parsedCertFileMode > math.MaxUint32 {
log.WithError(err).Error("failed to parse file mode, using default")
} else {
certFileMode = os.FileMode(parsedCertFileMode) //nolint:gosec,G115
}
if config.CertFileMode <= 0 {
log.Error("failed to parse file mode, using default")
} else {
certFileMode = os.FileMode(config.CertFileMode)
}
keyFileMode := defaultKeyFileMode
if config.KeyFileMode != "" {
parsedKeyFileMode, err := strconv.ParseUint(config.KeyFileMode, 8, 32)
if err != nil || parsedKeyFileMode > math.MaxUint32 {
log.WithError(err).Error("failed to parse file mode, using default")
} else {
certFileMode = os.FileMode(parsedKeyFileMode) //nolint:gosec,G115
}
if config.KeyFileMode <= 0 {
log.Error("failed to parse file mode, using default")
} else {
certFileMode = os.FileMode(config.KeyFileMode)
}
jwtBundleFileMode := defaultJwtBundleFileMode
if config.JwtBundleFileMode != "" {
parsedJwtBundleFileMode, err := strconv.ParseUint(config.JwtBundleFileMode, 8, 32)
if err != nil || parsedJwtBundleFileMode > math.MaxUint32 {
log.WithError(err).Error("failed to parse file mode, using default")
} else {
certFileMode = os.FileMode(parsedJwtBundleFileMode) //nolint:gosec,G115
}
if config.JwtBundleFileMode <= 0 {
log.Error("failed to parse file mode, using default")
} else {
certFileMode = os.FileMode(config.JwtBundleFileMode)
}
jwtSvidFileMode := defaultJwtSvidFileMode
if config.JwtSvidFileMode != "" {
parsedJwtSvidFileMode, err := strconv.ParseUint(config.JwtSvidFileMode, 8, 32)
if err != nil || parsedJwtSvidFileMode > math.MaxUint32 {
log.WithError(err).Error("failed to parse file mode, using default")
} else {
certFileMode = os.FileMode(parsedJwtSvidFileMode) //nolint:gosec,G115
}
if config.JwtSvidFileMode <= 0 {
log.Error("failed to parse file mode, using default")
} else {
certFileMode = os.FileMode(config.JwtSvidFileMode)
}
sidecarConfig := &sidecar.Config{
AddIntermediatesToBundle: config.AddIntermediatesToBundle,
Expand Down

0 comments on commit ba06402

Please sign in to comment.