Domovská stránka Prehľadávať Pomoc
Registrovať Prihlásiť sa
lcy
/
truenas
1
0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Strom: 4466ed6d7e
Branche Tagy
truenas
/
library
/
common
/
templates
/
app_functions
/
_permissions.tpl

_permissions.tpl 3.5 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111 
  1. {{/* Returns an init container that fixes permissions */}}
    2. 

  2. {{/* Call this template:
    3. 

  3. {{ include "ix.v1.common.app.permissions" (dict "UID" 568 "GID" 568 "type" "init") }}
    4. 

  4. 

  5. type (optional): init or install (default: install)
    6. 

  6. UID: UID to change permissions to
    7. 

  7. GID: GID to change permissions to
    8. 

  8. */}}
    9. 

  9. {{- define "ix.v1.common.app.permissions" -}}
    10. 

  10.   {{- $type := .type | default "install" -}}
    11. 

  11.   {{- $containerName := .containerName | default "permissions" -}}
    12. 

  12.   {{- $mode := .mode | default "always" -}}
    13. 

  13.   {{- $chmod := .chmod | default "" -}}
    14. 

  14.   {{- $UID := .UID -}}
    15. 

  15.   {{- $GID := .GID -}}
    16. 

  16. 

  17.   {{- $modes := (list "always" "check") -}}
    18. 

  18.   {{- if not (mustHas $mode $modes) -}}
    19. 

  19.     {{- fail (printf "Permissions Container - [mode] must be one of [%s]" (join ", " $modes)) -}}
    20. 

  20.   {{- end -}}
    21. 

  21. 

  22.   {{- if (kindIs "invalid" $type) -}}
    23. 

  23.     {{- fail "Permissions Container - [type] cannot be empty" -}}
    24. 

  24.   {{- end -}}
    25. 

  25.   {{- if (kindIs "invalid" $containerName) -}}
    26. 

  26.     {{- fail "Permissions Container - [containerName] cannot be empty" -}}
    27. 

  27.   {{- end -}}
    28. 

  28.   {{- if (kindIs "invalid" $GID) -}}
    29. 

  29.     {{- fail "Permissions Container - [GID] cannot be empty" -}}
    30. 

  30.   {{- end -}}
    31. 

  31.   {{- if (kindIs "invalid" $UID) -}}
    32. 

  32.     {{- fail "Permissions Container - [UID] cannot be empty" -}}
    33. 

  33.   {{- end }}
    34. 

  34. 

  35. {{ $containerName }}:
    36. 

  36.   enabled: true
    37. 

  37.   type: {{ $type }}
    38. 

  38.   imageSelector: bashImage
    39. 

  39.   resources:
    40. 

  40.     limits:
    41. 

  41.       cpu: 1000m
    42. 

  42.       memory: 512Mi
    43. 

  43.   securityContext:
    44. 

  44.     runAsUser: 0
    45. 

  45.     runAsGroup: 0
    46. 

  46.     runAsNonRoot: false
    47. 

  47.     readOnlyRootFilesystem: false
    48. 

  48.     capabilities:
    49. 

  49.       add:
    50. 

  50.         - CHOWN
    51. 

  51.         {{- if $chmod }}
    52. 

  52.         - FOWNER
    53. 

  53.         {{- end }}
    54. 

  54.   command: bash
    55. 

  55.   args:
    56. 

  56.     - -c
    57. 

  57.     - |
    58. 

  58.       for dir in /mnt/directories/*; do
    59. 

  59.         if [ ! -d "$dir" ]; then
    60. 

  60.           echo "[$dir] is not a directory, skipping"
    61. 

  61.           continue
    62. 

  62.         fi
    63. 

  63. 

  64.         echo "Current Ownership and Permissions on ["$dir"]:"
    65. 

  65.         echo "chown: $(stat -c "%u %g" "$dir")"
    66. 

  66.         echo "chmod: $(stat -c "%a" "$dir")"
    67. 

  67. 

  68.       {{- if eq $mode "check" }} {{/* If mode is check, check parent dir */}}
    69. 

  69.         if [ $(stat -c %u "$dir") -eq {{ $UID }} ] && [ $(stat -c %g "$dir") -eq {{ $GID }} ]; then
    70. 

  70.           echo "Ownership is correct. Skipping..."
    71. 

  71.           fix_owner="false"
    72. 

  72.         else
    73. 

  73.           echo "Ownership is incorrect. Fixing..."
    74. 

  74.           fix_owner="true"
    75. 

  75.         fi
    76. 

  76. 

  77.         {{- if $chmod }} {{/* Only if chmod value is given */}}
    78. 

  78.           if [ $(stat -c %a "$dir") -eq {{ $chmod }} ]; then
    79. 

  79.             echo "Permissions are correct. Skipping..."
    80. 

  80.             fix_perms="false"
    81. 

  81.           else
    82. 

  82.             echo "Permissions are incorrect. Fixing..."
    83. 

  83.             fix_perms="true"
    84. 

  84.           fi
    85. 

  85.         {{- end }}
    86. 

  86. 

  87.       {{- else if eq $mode "always" }} {{/* If mode is always, always fix perms */}}
    88. 

  88.         fix_owner="true"
    89. 

  89.         fix_perms="true"
    90. 

  90.       {{- end }}
    91. 

  91. 

  92.       {{/* Apply changes */}}
    93. 

  93.         if [ "$fix_owner" = "true" ]; then
    94. 

  94.           echo "Changing ownership to {{ $UID }}:{{ $GID }} on: ["$dir"]"
    95. 

  95.           chown -R {{ $UID }}:{{ $GID }} "$dir"
    96. 

  96.           echo "Finished changing ownership"
    97. 

  97.           echo "Ownership after changes:"
    98. 

  98.           stat -c "%u %g" "$dir"
    99. 

  99.         fi
    100. 

  100. 

  101.         {{- if $chmod }} {{/* Only if chmod value is given */}}
    102. 

  102.           if [ "$fix_perms" = "true" ]; then
    103. 

  103.             echo "Changing permissions to {{ $chmod }} on: ["$dir"]"
    104. 

  104.             chmod -R {{ $chmod }} "$dir"
    105. 

  105.             echo "Finished changing permissions"
    106. 

  106.             echo "Permissions after changes:"
    107. 

  107.             stat -c "%a" "$dir"
    108. 

  108.           fi
    109. 

  109.         {{- end }}
    110. 

  110.       done
    111. 

  111. {{- end -}}
    112.