Fixed permissions on gaia created folders and pipelines. (#190)

* Fixed permissions on gaia created folders and pipelines.

* Ran go mod tidy and handling errors

* removed error handling lol

Author: Skarlso

gaia.go

@@ -136,6 +136,9 @@ const (
 
 	// WorkerRegisterKey is the used key for worker registration secret
 	WorkerRegisterKey = "WORKER_REGISTER_KEY"
+
+	// ExecutablePermission is the permission used for gaia created executables.
+	ExecutablePermission = 0700
 )
 
 // User is the user object

handlers/handler.go

@@ -31,7 +31,7 @@ var (
 	ignoredVaultKeys []string
 )
 
-// InitHandlers initializes(registers) all handlers
+// InitHandlers initializes(registers) all handlers.
 func InitHandlers(e *echo.Echo) error {
 	// Define prefix
 	p := "/api/" + gaia.APIVersion + "/"

handlers/pipeline_test.go

@@ -129,7 +129,10 @@ Xbs5AQIEIzWnmQIFAOEml+E=
 		})
 		hostConfig := "github.comom,1.2.3.4 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="
 		knownHostsLocation := filepath.Join(dataDir, ".known_hosts")
-		ioutil.WriteFile(knownHostsLocation, []byte(hostConfig), 0766)
+		err := ioutil.WriteFile(knownHostsLocation, []byte(hostConfig), gaia.ExecutablePermission)
+		if err != nil {
+			t.Fatal(err)
+		}
 		os.Setenv("SSH_KNOWN_HOSTS", knownHostsLocation)
 		repoURL := "github.com:gaia-pipeline/pipeline-test"
 		gr := gaia.GitRepo{
@@ -818,7 +821,7 @@ func TestPipelineNameAvailable(t *testing.T) {
 		q.Add("name", "pipeline a")
 		req.URL.RawQuery = q.Encode()
 
-		PipelineNameAvailable(c)
+		_ = PipelineNameAvailable(c)
 
 		if rec.Code != http.StatusBadRequest {
 			t.Fatalf("expected response code %v got %v", http.StatusBadRequest, rec.Code)

workers/agent/agent.go

@@ -529,7 +529,7 @@ func (a *Agent) streamBinary(pipelineRunPB *pb.PipelineRun, pipelinePath string)
 	}
 
 	// Set pipeline executable rights
-	return os.Chmod(pipelinePath, 0766)
+	return os.Chmod(pipelinePath, gaia.ExecutablePermission)
 }
 
 // updateWork is function that is periodically called and it is used to

workers/pipeline/build_cpp.go

@@ -89,7 +89,7 @@ func (b *BuildPipelineCpp) CopyBinary(p *gaia.CreatePipeline) error {
 	}
 
 	// Set +x (execution right) for pipeline
-	return os.Chmod(dest, 0766)
+	return os.Chmod(dest, gaia.ExecutablePermission)
 }
 
 // SavePipeline saves the current pipeline configuration.

workers/pipeline/build_golang.go

@@ -111,7 +111,7 @@ func (b *BuildPipelineGolang) CopyBinary(p *gaia.CreatePipeline) error {
 	}
 
 	// Set +x (execution right) for pipeline
-	return os.Chmod(dest, 0766)
+	return os.Chmod(dest, gaia.ExecutablePermission)
 }
 
 // SavePipeline saves the current pipeline configuration.

workers/pipeline/build_java.go

@@ -100,7 +100,7 @@ func (b *BuildPipelineJava) CopyBinary(p *gaia.CreatePipeline) error {
 	}
 
 	// Set +x (execution right) for pipeline
-	return os.Chmod(dest, 0766)
+	return os.Chmod(dest, gaia.ExecutablePermission)
 }
 
 // SavePipeline saves the current pipeline configuration.

workers/pipeline/build_nodejs.go

@@ -12,7 +12,7 @@ import (
 	uuid "github.com/satori/go.uuid"
 )
 
-const nodeJSInternalCloneFolder  = "jsclone"
+const nodeJSInternalCloneFolder = "jsclone"
 
 // BuildPipelineNodeJS is the real implementation of BuildPipeline for NodeJS
 type BuildPipelineNodeJS struct {
@@ -99,7 +99,7 @@ func (b *BuildPipelineNodeJS) CopyBinary(p *gaia.CreatePipeline) error {
 	}
 
 	// Set +x (execution right) for pipeline
-	return os.Chmod(dest, 0766)
+	return os.Chmod(dest, gaia.ExecutablePermission)
 }
 
 // SavePipeline saves the current pipeline configuration.

workers/pipeline/build_python.go

@@ -131,7 +131,7 @@ func (b *BuildPipelinePython) CopyBinary(p *gaia.CreatePipeline) error {
 	}
 
 	// Set +x (execution right) for pipeline
-	return os.Chmod(dest, 0766)
+	return os.Chmod(dest, gaia.ExecutablePermission)
 }
 
 // SavePipeline saves the current pipeline configuration.

workers/pipeline/build_ruby.go

@@ -178,7 +178,7 @@ func (b *BuildPipelineRuby) CopyBinary(p *gaia.CreatePipeline) error {
 	}
 
 	// Set +x (execution right) for pipeline
-	return os.Chmod(dest, 0766)
+	return os.Chmod(dest, gaia.ExecutablePermission)
 }
 
 // SavePipeline saves the current pipeline configuration.

workers/pipeline/build_ruby_test.go

@@ -67,7 +67,7 @@ func TestExecuteBuildRuby(t *testing.T) {
 		t.Fatal(err)
 	}
 	libFolder := filepath.Join(tmp, "lib")
-	if err := os.MkdirAll(libFolder, 0766); err != nil {
+	if err := os.MkdirAll(libFolder, gaia.ExecutablePermission); err != nil {
 		t.Fatal(err)
 	}
 	initFile := filepath.Join(libFolder, gemInitFile)
@@ -115,7 +115,7 @@ func TestExecuteBuildContextTimeoutRuby(t *testing.T) {
 	}
 	f.Close()
 	libFolder := filepath.Join(tmp, "lib")
-	if err = os.MkdirAll(libFolder, 0766); err != nil {
+	if err = os.MkdirAll(libFolder, gaia.ExecutablePermission); err != nil {
 		t.Fatal(err)
 	}
 	initFile := filepath.Join(libFolder, gemInitFile)

workers/pipeline/git_test.go

@@ -118,7 +118,11 @@ Xbs5AQIEIzWnmQIFAOEml+E=
 	}
 	hostConfig := "notgithub.comom,192.30.252.130 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="
 	knownHostsLocation := filepath.Join(tmp, ".known_hosts")
-	ioutil.WriteFile(knownHostsLocation, []byte(hostConfig), 0766)
+	err := ioutil.WriteFile(knownHostsLocation, []byte(hostConfig), gaia.ExecutablePermission)
+	if err != nil {
+		t.Fatal(err)
+	}
+
 	os.Setenv("SSH_KNOWN_HOSTS", knownHostsLocation)
 
 	// always ensure that tmp folder is cleaned up
@@ -159,7 +163,11 @@ Xbs5AQIEIzWnmQIFAOEml+E=
 	}
 	hostConfig := "github.com,192.30.252.130 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="
 	knownHostsLocation := filepath.Join(tmp, ".known_hosts")
-	ioutil.WriteFile(knownHostsLocation, []byte(hostConfig), 0766)
+	err := ioutil.WriteFile(knownHostsLocation, []byte(hostConfig), gaia.ExecutablePermission)
+	if err != nil {
+		t.Fatal(err)
+	}
+
 	os.Setenv("SSH_KNOWN_HOSTS", knownHostsLocation)
 
 	// always ensure that tmp folder is cleaned up
@@ -174,7 +182,10 @@ Xbs5AQIEIzWnmQIFAOEml+E=
 	GlobalActivePipelines = NewActivePipelines()
 	GlobalActivePipelines.Append(*p)
 	hostConfig = "invalid.com,192.30.252.130 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="
-	ioutil.WriteFile(knownHostsLocation, []byte(hostConfig), 0766)
+	err = ioutil.WriteFile(knownHostsLocation, []byte(hostConfig), gaia.ExecutablePermission)
+	if err != nil {
+		t.Fatal(err)
+	}
 	updateAllCurrentPipelines()
 	want := "knownhosts: key is unknown"
 	if !strings.Contains(b.String(), want) {