From ef6baf790b871a445dad3314faf1adf8dd469626 Mon Sep 17 00:00:00 2001 From: Dragomir Penev <6687393+dragomirp@users.noreply.github.com> Date: Thu, 7 Nov 2024 18:43:41 +0200 Subject: [PATCH] [DPE-5915] Reduce pgdate permissions (#759) * Reduce pgdate permissions * Disable indico tests --- src/charm.py | 2 +- tests/integration/new_relations/test_new_relations.py | 1 + tests/unit/test_charm.py | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/charm.py b/src/charm.py index 1789310523..0c0ad4fa9a 100755 --- a/src/charm.py +++ b/src/charm.py @@ -903,7 +903,7 @@ def _create_pgdata(self, container: Container): """Create the PostgreSQL data directory.""" if not container.exists(self.pgdata_path): container.make_dir( - self.pgdata_path, permissions=0o770, user=WORKLOAD_OS_USER, group=WORKLOAD_OS_GROUP + self.pgdata_path, permissions=0o750, user=WORKLOAD_OS_USER, group=WORKLOAD_OS_GROUP ) # Also, fix the permissions from the parent directory. container.exec([ diff --git a/tests/integration/new_relations/test_new_relations.py b/tests/integration/new_relations/test_new_relations.py index d8d08733b8..4a83c35a64 100644 --- a/tests/integration/new_relations/test_new_relations.py +++ b/tests/integration/new_relations/test_new_relations.py @@ -668,6 +668,7 @@ async def test_discourse(ops_test: OpsTest): @pytest.mark.group(1) +@pytest.mark.unstable @markers.amd64_only # indico charm not available for arm64 async def test_indico_datatabase(ops_test: OpsTest) -> None: """Tests deploying and relating to the Indico charm.""" diff --git a/tests/unit/test_charm.py b/tests/unit/test_charm.py index cf5783b54c..fbfbbc2e8d 100644 --- a/tests/unit/test_charm.py +++ b/tests/unit/test_charm.py @@ -1773,7 +1773,7 @@ def test_create_pgdata(harness): container.exists.return_value = False harness.charm._create_pgdata(container) container.make_dir.assert_called_once_with( - "/var/lib/postgresql/data/pgdata", permissions=504, user="postgres", group="postgres" + "/var/lib/postgresql/data/pgdata", permissions=488, user="postgres", group="postgres" ) container.exec.assert_called_once_with([ "chown",