Inside of the directly tls, we have some TLS certificates that are used by PostgreSQL, and the private key must have the limited permissions (600 if owned by a regular user, or 640 is owned by root - reference). In our local environment, the files have the permissions set properly:
-rw------- 1 denis test 1703 Apr 5 16:30 tls/client-tls.key
However, once it's deployed, the TLS files are copied with broader access (644) and then the PostgreSQL connection fails complaining about the permissions.
Is there a way to include these files and also keeping the existing permissions? A workaround so far is to make the Python code to fix the files permissions but ideally it would be nice if this could be fixed during deployment (rather than in each function run).
Hi all,
We are facing an issue when using the option
includein the manifest.yml file, where the permissions of the included files are not preserved.Our manifest.yaml file looks like:
Inside of the directly
tls, we have some TLS certificates that are used by PostgreSQL, and the private key must have the limited permissions (600if owned by a regular user, or640is owned by root - reference). In our local environment, the files have the permissions set properly:However, once it's deployed, the TLS files are copied with broader access (
644) and then the PostgreSQL connection fails complaining about the permissions.Is there a way to include these files and also keeping the existing permissions? A workaround so far is to make the Python code to fix the files permissions but ideally it would be nice if this could be fixed during deployment (rather than in each function run).
Thanks in advance.