Use uint32 pointer for permissions field of `extensionsv1alpha1.F…

…ile`
gardener · Nov 19, 2024 · 03ab443 · 03ab443
1 parent 39d6b92
commit 03ab443
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 24 deletions.
diff --git a/pkg/webhook/operatingsystemconfig/auditd.go b/pkg/webhook/operatingsystemconfig/auditd.go
@@ -79,7 +79,7 @@ func getAuditConfigFromConfigMap(ctx context.Context, c client.Client, decoder r
 
 	return []extensionsv1alpha1.File{{
 		Path:        fmt.Sprintf("%s/%s", constants.AuditRulesFromOSCDir, "00_shoot_rsyslog_relp.rules"),
-		Permissions: ptr.To(int32(0644)),
+		Permissions: ptr.To(uint32(0644)),
 		Content: extensionsv1alpha1.FileContent{
 			Inline: &extensionsv1alpha1.FileContentInline{
 				Encoding: "b64",
@@ -93,7 +93,7 @@ func getDefaultAuditRules() []extensionsv1alpha1.File {
 	return []extensionsv1alpha1.File{
 		{
 			Path:        baseConfigRulesPath,
-			Permissions: ptr.To(int32(0744)),
+			Permissions: ptr.To(uint32(0744)),
 			Content: extensionsv1alpha1.FileContent{
 				Inline: &extensionsv1alpha1.FileContentInline{
 					Encoding: "b64",
@@ -103,7 +103,7 @@ func getDefaultAuditRules() []extensionsv1alpha1.File {
 		},
 		{
 			Path:        privilegeEscalationRulesPath,
-			Permissions: ptr.To(int32(0744)),
+			Permissions: ptr.To(uint32(0744)),
 			Content: extensionsv1alpha1.FileContent{
 				Inline: &extensionsv1alpha1.FileContentInline{
 					Encoding: "b64",
@@ -113,7 +113,7 @@ func getDefaultAuditRules() []extensionsv1alpha1.File {
 		},
 		{
 			Path:        privilegeSpecialRulesPath,
-			Permissions: ptr.To(int32(0744)),
+			Permissions: ptr.To(uint32(0744)),
 			Content: extensionsv1alpha1.FileContent{
 				Inline: &extensionsv1alpha1.FileContentInline{
 					Encoding: "b64",
@@ -123,7 +123,7 @@ func getDefaultAuditRules() []extensionsv1alpha1.File {
 		},
 		{
 			Path:        systemIntegrityRulesPath,
-			Permissions: ptr.To(int32(0744)),
+			Permissions: ptr.To(uint32(0744)),
 			Content: extensionsv1alpha1.FileContent{
 				Inline: &extensionsv1alpha1.FileContentInline{
 					Encoding: "b64",

diff --git a/pkg/webhook/operatingsystemconfig/ensurer_test.go b/pkg/webhook/operatingsystemconfig/ensurer_test.go
@@ -277,7 +277,7 @@ auditRules: |
 				expectedFiles = append(expectedFiles, []extensionsv1alpha1.File{
 					{
 						Path:        "/var/lib/rsyslog-relp-configurator/audit/rules.d/00_shoot_rsyslog_relp.rules",
-						Permissions: ptr.To(int32(0644)),
+						Permissions: ptr.To(uint32(0644)),
 						Content: extensionsv1alpha1.FileContent{
 							Inline: &extensionsv1alpha1.FileContentInline{
 								Encoding: "b64",
@@ -344,7 +344,7 @@ func getAuditRulesFiles(useExpectedContent bool) []extensionsv1alpha1.File {
 	return []extensionsv1alpha1.File{
 		{
 			Path:        "/var/lib/rsyslog-relp-configurator/audit/rules.d/00-base-config.rules",
-			Permissions: ptr.To(int32(0744)),
+			Permissions: ptr.To(uint32(0744)),
 			Content: extensionsv1alpha1.FileContent{
 				Inline: &extensionsv1alpha1.FileContentInline{
 					Encoding: "b64",
@@ -354,7 +354,7 @@ func getAuditRulesFiles(useExpectedContent bool) []extensionsv1alpha1.File {
 		},
 		{
 			Path:        "/var/lib/rsyslog-relp-configurator/audit/rules.d/10-privilege-escalation.rules",
-			Permissions: ptr.To(int32(0744)),
+			Permissions: ptr.To(uint32(0744)),
 			Content: extensionsv1alpha1.FileContent{
 				Inline: &extensionsv1alpha1.FileContentInline{
 					Encoding: "b64",
@@ -364,7 +364,7 @@ func getAuditRulesFiles(useExpectedContent bool) []extensionsv1alpha1.File {
 		},
 		{
 			Path:        "/var/lib/rsyslog-relp-configurator/audit/rules.d/11-privileged-special.rules",
-			Permissions: ptr.To(int32(0744)),
+			Permissions: ptr.To(uint32(0744)),
 			Content: extensionsv1alpha1.FileContent{
 				Inline: &extensionsv1alpha1.FileContentInline{
 					Encoding: "b64",
@@ -374,7 +374,7 @@ func getAuditRulesFiles(useExpectedContent bool) []extensionsv1alpha1.File {
 		},
 		{
 			Path:        "/var/lib/rsyslog-relp-configurator/audit/rules.d/12-system-integrity.rules",
-			Permissions: ptr.To(int32(0744)),
+			Permissions: ptr.To(uint32(0744)),
 			Content: extensionsv1alpha1.FileContent{
 				Inline: &extensionsv1alpha1.FileContentInline{
 					Encoding: "b64",
@@ -389,7 +389,7 @@ func getRsyslogFiles(rsyslogConfig []byte, useExpectedContent bool) []extensions
 	return []extensionsv1alpha1.File{
 		{
 			Path:        "/var/lib/rsyslog-relp-configurator/rsyslog.d/60-audit.conf",
-			Permissions: ptr.To(int32(0744)),
+			Permissions: ptr.To(uint32(0744)),
 			Content: extensionsv1alpha1.FileContent{
 				Inline: &extensionsv1alpha1.FileContentInline{
 					Encoding: "b64",
@@ -399,7 +399,7 @@ func getRsyslogFiles(rsyslogConfig []byte, useExpectedContent bool) []extensions
 		},
 		{
 			Path:        "/var/lib/rsyslog-relp-configurator/configure-rsyslog.sh",
-			Permissions: ptr.To(int32(0744)),
+			Permissions: ptr.To(uint32(0744)),
 			Content: extensionsv1alpha1.FileContent{
 				Inline: &extensionsv1alpha1.FileContentInline{
 					Encoding: "b64",
@@ -409,7 +409,7 @@ func getRsyslogFiles(rsyslogConfig []byte, useExpectedContent bool) []extensions
 		},
 		{
 			Path:        "/var/lib/rsyslog-relp-configurator/process-rsyslog-pstats.sh",
-			Permissions: ptr.To(int32(0744)),
+			Permissions: ptr.To(uint32(0744)),
 			Content: extensionsv1alpha1.FileContent{
 				Inline: &extensionsv1alpha1.FileContentInline{
 					Encoding: "b64",
@@ -419,7 +419,7 @@ func getRsyslogFiles(rsyslogConfig []byte, useExpectedContent bool) []extensions
 		},
 		{
 			Path:        "/etc/systemd/system/rsyslog.service.d/10-shoot-rsyslog-relp-memory-limits.conf",
-			Permissions: ptr.To(int32(0644)),
+			Permissions: ptr.To(uint32(0644)),
 			Content: extensionsv1alpha1.FileContent{
 				Inline: &extensionsv1alpha1.FileContentInline{
 					Data: getBasedOnCondition(useExpectedContent, `[Service]
@@ -437,7 +437,7 @@ func getRsyslogTLSFiles(useExpectedContent bool) []extensionsv1alpha1.File {
 	return []extensionsv1alpha1.File{
 		{
 			Path:        "/var/lib/rsyslog-relp-configurator/tls/ca.crt",
-			Permissions: ptr.To(int32(0600)),
+			Permissions: ptr.To(uint32(0600)),
 			Content: extensionsv1alpha1.FileContent{
 				SecretRef: &extensionsv1alpha1.FileContentSecretRef{
 					Name:    getBasedOnCondition(useExpectedContent, "ref-rsyslog-tls", "ref-rsyslog-tls-old"),
@@ -447,7 +447,7 @@ func getRsyslogTLSFiles(useExpectedContent bool) []extensionsv1alpha1.File {
 		},
 		{
 			Path:        "/var/lib/rsyslog-relp-configurator/tls/tls.crt",
-			Permissions: ptr.To(int32(0600)),
+			Permissions: ptr.To(uint32(0600)),
 			Content: extensionsv1alpha1.FileContent{
 				SecretRef: &extensionsv1alpha1.FileContentSecretRef{
 					Name:    getBasedOnCondition(useExpectedContent, "ref-rsyslog-tls", "ref-rsyslog-tls-old"),
@@ -457,7 +457,7 @@ func getRsyslogTLSFiles(useExpectedContent bool) []extensionsv1alpha1.File {
 		},
 		{
 			Path:        "/var/lib/rsyslog-relp-configurator/tls/tls.key",
-			Permissions: ptr.To(int32(0600)),
+			Permissions: ptr.To(uint32(0600)),
 			Content: extensionsv1alpha1.FileContent{
 				SecretRef: &extensionsv1alpha1.FileContentSecretRef{
 					Name:    getBasedOnCondition(useExpectedContent, "ref-rsyslog-tls", "ref-rsyslog-tls-old"),

diff --git a/pkg/webhook/operatingsystemconfig/rsyslog.go b/pkg/webhook/operatingsystemconfig/rsyslog.go
@@ -115,7 +115,7 @@ func getRsyslogFiles(rsyslogRelpConfig *rsyslog.RsyslogRelpConfig, cluster *exte
 	rsyslogFiles = append(rsyslogFiles, []extensionsv1alpha1.File{
 		{
 			Path:        constants.RsyslogConfigFromOSCPath,
-			Permissions: ptr.To(int32(0744)),
+			Permissions: ptr.To(uint32(0744)),
 			Content: extensionsv1alpha1.FileContent{
 				Inline: &extensionsv1alpha1.FileContentInline{
 					Encoding: "b64",
@@ -125,7 +125,7 @@ func getRsyslogFiles(rsyslogRelpConfig *rsyslog.RsyslogRelpConfig, cluster *exte
 		},
 		{
 			Path:        constants.ConfigureRsyslogScriptPath,
-			Permissions: ptr.To(int32(0744)),
+			Permissions: ptr.To(uint32(0744)),
 			Content: extensionsv1alpha1.FileContent{
 				Inline: &extensionsv1alpha1.FileContentInline{
 					Encoding: "b64",
@@ -135,7 +135,7 @@ func getRsyslogFiles(rsyslogRelpConfig *rsyslog.RsyslogRelpConfig, cluster *exte
 		},
 		{
 			Path:        constants.ProcessRsyslogPstatsScriptPath,
-			Permissions: ptr.To(int32(0744)),
+			Permissions: ptr.To(uint32(0744)),
 			Content: extensionsv1alpha1.FileContent{
 				Inline: &extensionsv1alpha1.FileContentInline{
 					Encoding: "b64",
@@ -145,7 +145,7 @@ func getRsyslogFiles(rsyslogRelpConfig *rsyslog.RsyslogRelpConfig, cluster *exte
 		},
 		{
 			Path:        rsyslogServiceMemoryLimitsDropInPath,
-			Permissions: ptr.To(int32(0644)),
+			Permissions: ptr.To(uint32(0644)),
 			Content: extensionsv1alpha1.FileContent{
 				Inline: &extensionsv1alpha1.FileContentInline{
 					Data: `[Service]
@@ -227,7 +227,7 @@ func getRsyslogTLSFiles(cluster *extensionscontroller.Cluster, secretRefName str
 	return []extensionsv1alpha1.File{
 		{
 			Path:        constants.RsyslogTLSFromOSCDir + "/ca.crt",
-			Permissions: ptr.To(int32(0600)),
+			Permissions: ptr.To(uint32(0600)),
 			Content: extensionsv1alpha1.FileContent{
 				SecretRef: &extensionsv1alpha1.FileContentSecretRef{
 					Name:    refSecretName,
@@ -237,7 +237,7 @@ func getRsyslogTLSFiles(cluster *extensionscontroller.Cluster, secretRefName str
 		},
 		{
 			Path:        constants.RsyslogTLSFromOSCDir + "/tls.crt",
-			Permissions: ptr.To(int32(0600)),
+			Permissions: ptr.To(uint32(0600)),
 			Content: extensionsv1alpha1.FileContent{
 				SecretRef: &extensionsv1alpha1.FileContentSecretRef{
 					Name:    refSecretName,
@@ -247,7 +247,7 @@ func getRsyslogTLSFiles(cluster *extensionscontroller.Cluster, secretRefName str
 		},
 		{
 			Path:        constants.RsyslogTLSFromOSCDir + "/tls.key",
-			Permissions: ptr.To(int32(0600)),
+			Permissions: ptr.To(uint32(0600)),
 			Content: extensionsv1alpha1.FileContent{
 				SecretRef: &extensionsv1alpha1.FileContentSecretRef{
 					Name:    refSecretName,