From cdd96e9ad3c2593da2a56f1f07276b0b6fb5fd71 Mon Sep 17 00:00:00 2001 From: Frantisek Tobias Date: Wed, 21 Aug 2024 11:44:14 +0200 Subject: [PATCH] datamodel: file permission checks: format files --- .../datamodel/types/__init__.py | 2 +- .../datamodel/types/files.py | 15 ++++++++------- manager/knot_resolver_manager/server.py | 1 + 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/manager/knot_resolver_manager/datamodel/types/__init__.py b/manager/knot_resolver_manager/datamodel/types/__init__.py index 52ab1cf8c..26675da3f 100644 --- a/manager/knot_resolver_manager/datamodel/types/__init__.py +++ b/manager/knot_resolver_manager/datamodel/types/__init__.py @@ -1,5 +1,5 @@ from .enums import DNSRecordTypeEnum, PolicyActionEnum, PolicyFlagEnum -from .files import AbsoluteDir, Dir, File, FilePath, WritableDir, ReadableFile +from .files import AbsoluteDir, Dir, File, FilePath, ReadableFile, WritableDir from .generic_types import ListOrItem from .types import ( DomainName, diff --git a/manager/knot_resolver_manager/datamodel/types/files.py b/manager/knot_resolver_manager/datamodel/types/files.py index bcb439a05..98b9d86e4 100644 --- a/manager/knot_resolver_manager/datamodel/types/files.py +++ b/manager/knot_resolver_manager/datamodel/types/files.py @@ -1,11 +1,11 @@ -from pathlib import Path -from typing import Any, Dict, Tuple, Type, TypeVar import os import stat -from pwd import getpwnam from grp import getgrnam +from pathlib import Path +from pwd import getpwnam +from typing import Any, Dict, Tuple, Type, TypeVar -from knot_resolver_manager.constants import kresd_user, kresd_group +from knot_resolver_manager.constants import kresd_group, kresd_user from knot_resolver_manager.datamodel.globals import get_resolve_root, get_strict_validation from knot_resolver_manager.utils.modeling.base_value_type import BaseValueType @@ -139,7 +139,6 @@ class FilePath(UncheckedPath): if self.strict_validation and (not p.exists() or not p.is_dir()): raise ValueError(f"path '{self._value}' does not point inside an existing directory") - # WARNING: is_dir() fails for knot-resolver owned paths when using kresctl to validate config if self.strict_validation and self._value.is_dir(): raise ValueError(f"path '{self._value}' points to a directory when we expected a file") @@ -186,13 +185,14 @@ class ReadableFile(File): File, that is enforced to be: - readable by kresd """ + def __init__( self, source_value: Any, parents: Tuple["UncheckedPath", ...] = tuple(), object_path: str = "/" ) -> None: super().__init__(source_value, parents=parents, object_path=object_path) if self.strict_validation and not kresd_accesible(self._value, READ_MODE): - raise ValueError(f"{kresd_user()}:{kresd_group()} has insuficient permissions to read \"{self._value}\"") + raise ValueError(f'{kresd_user()}:{kresd_group()} has insuficient permissions to read "{self._value}"') class WritableDir(Dir): @@ -200,10 +200,11 @@ class WritableDir(Dir): Dif, that is enforced to be: - writable to by kresd """ + def __init__( self, source_value: Any, parents: Tuple["UncheckedPath", ...] = tuple(), object_path: str = "/" ) -> None: super().__init__(source_value, parents=parents, object_path=object_path) if self.strict_validation and not kresd_accesible(self._value, WRITE_MODE): - raise ValueError(f"{kresd_user()}:{kresd_group()} has insuficient permissions to write to \"{self._value}\"") + raise ValueError(f'{kresd_user()}:{kresd_group()} has insuficient permissions to write to "{self._value}"') diff --git a/manager/knot_resolver_manager/server.py b/manager/knot_resolver_manager/server.py index d05ac7b4a..b27cadb33 100644 --- a/manager/knot_resolver_manager/server.py +++ b/manager/knot_resolver_manager/server.py @@ -17,6 +17,7 @@ from aiohttp.web_app import Application from aiohttp.web_response import json_response from aiohttp.web_runner import AppRunner, TCPSite, UnixSite from typing_extensions import Literal + import knot_resolver_manager.utils.custom_atexit as atexit from knot_resolver_manager import log, statistics from knot_resolver_manager.compat import asyncio as asyncio_compat -- 2.47.2