49 lines
1.6 KiB
YAML
49 lines
1.6 KiB
YAML
{{- if .Values.securityContext.enabled }}
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: {{ .Release.Name }}-yugaware-init
|
|
labels:
|
|
app: {{ template "yugaware.name" . }}
|
|
chart: {{ template "yugaware.chart" . }}
|
|
release: {{ .Release.Name }}
|
|
heritage: {{ .Values.helm2Legacy | ternary "Tiller" (.Release.Service | quote) }}
|
|
data:
|
|
init-permissions.sh: |
|
|
#!/bin/bash
|
|
|
|
set -xe -o pipefail
|
|
|
|
data_directory="/opt/yugabyte/yugaware/data"
|
|
if [[ -d "${data_directory}/keys/" ]]; then
|
|
pemfiles=$(find "${data_directory}/keys/" -name "*.pem" -exec stat -c "%a" {} + | uniq | tr '\n' ',')
|
|
IFS="," read -r -a pemfile_perms <<< "${pemfiles}"
|
|
|
|
trigger=false
|
|
echo "Finding pem files with permissions different than 400, and setting their permissions to 400."
|
|
|
|
for pemfile in "${pemfile_perms[@]}"; do
|
|
if [[ "${pemfile}" != *400* ]]; then
|
|
echo "Found a pem file with permissions ${pemfile}"
|
|
trigger=true
|
|
break
|
|
fi
|
|
done
|
|
|
|
if ${trigger}; then
|
|
echo "Creating copy of data/keys directory"
|
|
cp -r "${data_directory}/keys" "${data_directory}/new_keys"
|
|
|
|
echo "Setting permission of all pem files to 400"
|
|
find "${data_directory}/new_keys/" -name "*.pem" -exec chmod 400 {} +
|
|
|
|
echo "Renaming existing keys directory"
|
|
mv "${data_directory}/keys" "${data_directory}/keys-$(date +%s)"
|
|
|
|
echo "Renaming new keys directory"
|
|
mv "${data_directory}/new_keys" "${data_directory}/keys"
|
|
else
|
|
echo "All pem files already have permission set to 400"
|
|
fi
|
|
fi
|
|
{{- end }} |