[DPE-5915] Reduce pgdate permissions (#759)

* Reduce pgdate permissions * Disable indico tests
canonical · Nov 7, 2024 · ef6baf7 · ef6baf7
1 parent 6f10bb9
commit ef6baf7
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 2 deletions.
diff --git a/src/charm.py b/src/charm.py
@@ -903,7 +903,7 @@ def _create_pgdata(self, container: Container):
         """Create the PostgreSQL data directory."""
         if not container.exists(self.pgdata_path):
             container.make_dir(
-                self.pgdata_path, permissions=0o770, user=WORKLOAD_OS_USER, group=WORKLOAD_OS_GROUP
+                self.pgdata_path, permissions=0o750, user=WORKLOAD_OS_USER, group=WORKLOAD_OS_GROUP
             )
         # Also, fix the permissions from the parent directory.
         container.exec([

diff --git a/tests/integration/new_relations/test_new_relations.py b/tests/integration/new_relations/test_new_relations.py
@@ -668,6 +668,7 @@ async def test_discourse(ops_test: OpsTest):
 
 
 @pytest.mark.group(1)
+@pytest.mark.unstable
 @markers.amd64_only  # indico charm not available for arm64
 async def test_indico_datatabase(ops_test: OpsTest) -> None:
     """Tests deploying and relating to the Indico charm."""

diff --git a/tests/unit/test_charm.py b/tests/unit/test_charm.py
@@ -1773,7 +1773,7 @@ def test_create_pgdata(harness):
     container.exists.return_value = False
     harness.charm._create_pgdata(container)
     container.make_dir.assert_called_once_with(
-        "/var/lib/postgresql/data/pgdata", permissions=504, user="postgres", group="postgres"
+        "/var/lib/postgresql/data/pgdata", permissions=488, user="postgres", group="postgres"
     )
     container.exec.assert_called_once_with([
         "chown",