mirror of https://github.com/status-im/consul.git
Merge pull request #11781 from marco-m/private-key-0600-permission
cli: consul tls: create private keys with mode 0600
This commit is contained in:
commit
1eb3178468
|
@ -0,0 +1,3 @@
|
|||
```release-note:bug
|
||||
cli: when creating a private key, save the file with mode 0600 so that only the user has read permission.
|
||||
```
|
|
@ -83,7 +83,7 @@ func (c *cmd) Run(args []string) int {
|
|||
}
|
||||
c.UI.Output("==> Saved " + certFileName)
|
||||
|
||||
if err := file.WriteAtomicWithPerms(pkFileName, []byte(pk), 0755, 0666); err != nil {
|
||||
if err := file.WriteAtomicWithPerms(pkFileName, []byte(pk), 0755, 0600); err != nil {
|
||||
c.UI.Error(err.Error())
|
||||
return 1
|
||||
}
|
||||
|
|
|
@ -3,6 +3,7 @@ package create
|
|||
import (
|
||||
"crypto"
|
||||
"crypto/x509"
|
||||
"io/fs"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"strings"
|
||||
|
@ -120,6 +121,14 @@ func expectFiles(t *testing.T, caPath, keyPath string) (*x509.Certificate, crypt
|
|||
require.FileExists(t, caPath)
|
||||
require.FileExists(t, keyPath)
|
||||
|
||||
fi, err := os.Stat(keyPath)
|
||||
if err != nil {
|
||||
t.Fatal("should not happen", err)
|
||||
}
|
||||
if want, have := fs.FileMode(0600), fi.Mode().Perm(); want != have {
|
||||
t.Fatalf("private key file %s: permissions: want: %o; have: %o", keyPath, want, have)
|
||||
}
|
||||
|
||||
caData, err := ioutil.ReadFile(caPath)
|
||||
require.NoError(t, err)
|
||||
keyData, err := ioutil.ReadFile(keyPath)
|
||||
|
|
|
@ -196,7 +196,7 @@ func (c *cmd) Run(args []string) int {
|
|||
}
|
||||
c.UI.Output("==> Saved " + certFileName)
|
||||
|
||||
if err := file.WriteAtomicWithPerms(pkFileName, []byte(priv), 0755, 0666); err != nil {
|
||||
if err := file.WriteAtomicWithPerms(pkFileName, []byte(priv), 0755, 0600); err != nil {
|
||||
c.UI.Error(err.Error())
|
||||
return 1
|
||||
}
|
||||
|
|
|
@ -3,6 +3,7 @@ package create
|
|||
import (
|
||||
"crypto"
|
||||
"crypto/x509"
|
||||
"io/fs"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"os"
|
||||
|
@ -242,6 +243,14 @@ func expectFiles(t *testing.T, certPath, keyPath string) (*x509.Certificate, cry
|
|||
require.FileExists(t, certPath)
|
||||
require.FileExists(t, keyPath)
|
||||
|
||||
fi, err := os.Stat(keyPath)
|
||||
if err != nil {
|
||||
t.Fatal("should not happen", err)
|
||||
}
|
||||
if want, have := fs.FileMode(0600), fi.Mode().Perm(); want != have {
|
||||
t.Fatalf("private key file %s: permissions: want: %o; have: %o", keyPath, want, have)
|
||||
}
|
||||
|
||||
certData, err := ioutil.ReadFile(certPath)
|
||||
require.NoError(t, err)
|
||||
keyData, err := ioutil.ReadFile(keyPath)
|
||||
|
|
Loading…
Reference in New Issue