diff --git a/pkg/webhook/operatingsystemconfig/auditd.go b/pkg/webhook/operatingsystemconfig/auditd.go index 485b9f52..b822e43a 100644 --- a/pkg/webhook/operatingsystemconfig/auditd.go +++ b/pkg/webhook/operatingsystemconfig/auditd.go @@ -79,7 +79,7 @@ func getAuditConfigFromConfigMap(ctx context.Context, c client.Client, decoder r return []extensionsv1alpha1.File{{ Path: fmt.Sprintf("%s/%s", constants.AuditRulesFromOSCDir, "00_shoot_rsyslog_relp.rules"), - Permissions: ptr.To(int32(0644)), + Permissions: ptr.To(uint32(0644)), Content: extensionsv1alpha1.FileContent{ Inline: &extensionsv1alpha1.FileContentInline{ Encoding: "b64", @@ -93,7 +93,7 @@ func getDefaultAuditRules() []extensionsv1alpha1.File { return []extensionsv1alpha1.File{ { Path: baseConfigRulesPath, - Permissions: ptr.To(int32(0744)), + Permissions: ptr.To(uint32(0744)), Content: extensionsv1alpha1.FileContent{ Inline: &extensionsv1alpha1.FileContentInline{ Encoding: "b64", @@ -103,7 +103,7 @@ func getDefaultAuditRules() []extensionsv1alpha1.File { }, { Path: privilegeEscalationRulesPath, - Permissions: ptr.To(int32(0744)), + Permissions: ptr.To(uint32(0744)), Content: extensionsv1alpha1.FileContent{ Inline: &extensionsv1alpha1.FileContentInline{ Encoding: "b64", @@ -113,7 +113,7 @@ func getDefaultAuditRules() []extensionsv1alpha1.File { }, { Path: privilegeSpecialRulesPath, - Permissions: ptr.To(int32(0744)), + Permissions: ptr.To(uint32(0744)), Content: extensionsv1alpha1.FileContent{ Inline: &extensionsv1alpha1.FileContentInline{ Encoding: "b64", @@ -123,7 +123,7 @@ func getDefaultAuditRules() []extensionsv1alpha1.File { }, { Path: systemIntegrityRulesPath, - Permissions: ptr.To(int32(0744)), + Permissions: ptr.To(uint32(0744)), Content: extensionsv1alpha1.FileContent{ Inline: &extensionsv1alpha1.FileContentInline{ Encoding: "b64", diff --git a/pkg/webhook/operatingsystemconfig/ensurer_test.go b/pkg/webhook/operatingsystemconfig/ensurer_test.go index 80f0c374..38f97357 100644 --- a/pkg/webhook/operatingsystemconfig/ensurer_test.go +++ b/pkg/webhook/operatingsystemconfig/ensurer_test.go @@ -277,7 +277,7 @@ auditRules: | expectedFiles = append(expectedFiles, []extensionsv1alpha1.File{ { Path: "/var/lib/rsyslog-relp-configurator/audit/rules.d/00_shoot_rsyslog_relp.rules", - Permissions: ptr.To(int32(0644)), + Permissions: ptr.To(uint32(0644)), Content: extensionsv1alpha1.FileContent{ Inline: &extensionsv1alpha1.FileContentInline{ Encoding: "b64", @@ -344,7 +344,7 @@ func getAuditRulesFiles(useExpectedContent bool) []extensionsv1alpha1.File { return []extensionsv1alpha1.File{ { Path: "/var/lib/rsyslog-relp-configurator/audit/rules.d/00-base-config.rules", - Permissions: ptr.To(int32(0744)), + Permissions: ptr.To(uint32(0744)), Content: extensionsv1alpha1.FileContent{ Inline: &extensionsv1alpha1.FileContentInline{ Encoding: "b64", @@ -354,7 +354,7 @@ func getAuditRulesFiles(useExpectedContent bool) []extensionsv1alpha1.File { }, { Path: "/var/lib/rsyslog-relp-configurator/audit/rules.d/10-privilege-escalation.rules", - Permissions: ptr.To(int32(0744)), + Permissions: ptr.To(uint32(0744)), Content: extensionsv1alpha1.FileContent{ Inline: &extensionsv1alpha1.FileContentInline{ Encoding: "b64", @@ -364,7 +364,7 @@ func getAuditRulesFiles(useExpectedContent bool) []extensionsv1alpha1.File { }, { Path: "/var/lib/rsyslog-relp-configurator/audit/rules.d/11-privileged-special.rules", - Permissions: ptr.To(int32(0744)), + Permissions: ptr.To(uint32(0744)), Content: extensionsv1alpha1.FileContent{ Inline: &extensionsv1alpha1.FileContentInline{ Encoding: "b64", @@ -374,7 +374,7 @@ func getAuditRulesFiles(useExpectedContent bool) []extensionsv1alpha1.File { }, { Path: "/var/lib/rsyslog-relp-configurator/audit/rules.d/12-system-integrity.rules", - Permissions: ptr.To(int32(0744)), + Permissions: ptr.To(uint32(0744)), Content: extensionsv1alpha1.FileContent{ Inline: &extensionsv1alpha1.FileContentInline{ Encoding: "b64", @@ -389,7 +389,7 @@ func getRsyslogFiles(rsyslogConfig []byte, useExpectedContent bool) []extensions return []extensionsv1alpha1.File{ { Path: "/var/lib/rsyslog-relp-configurator/rsyslog.d/60-audit.conf", - Permissions: ptr.To(int32(0744)), + Permissions: ptr.To(uint32(0744)), Content: extensionsv1alpha1.FileContent{ Inline: &extensionsv1alpha1.FileContentInline{ Encoding: "b64", @@ -399,7 +399,7 @@ func getRsyslogFiles(rsyslogConfig []byte, useExpectedContent bool) []extensions }, { Path: "/var/lib/rsyslog-relp-configurator/configure-rsyslog.sh", - Permissions: ptr.To(int32(0744)), + Permissions: ptr.To(uint32(0744)), Content: extensionsv1alpha1.FileContent{ Inline: &extensionsv1alpha1.FileContentInline{ Encoding: "b64", @@ -409,7 +409,7 @@ func getRsyslogFiles(rsyslogConfig []byte, useExpectedContent bool) []extensions }, { Path: "/var/lib/rsyslog-relp-configurator/process-rsyslog-pstats.sh", - Permissions: ptr.To(int32(0744)), + Permissions: ptr.To(uint32(0744)), Content: extensionsv1alpha1.FileContent{ Inline: &extensionsv1alpha1.FileContentInline{ Encoding: "b64", @@ -419,7 +419,7 @@ func getRsyslogFiles(rsyslogConfig []byte, useExpectedContent bool) []extensions }, { Path: "/etc/systemd/system/rsyslog.service.d/10-shoot-rsyslog-relp-memory-limits.conf", - Permissions: ptr.To(int32(0644)), + Permissions: ptr.To(uint32(0644)), Content: extensionsv1alpha1.FileContent{ Inline: &extensionsv1alpha1.FileContentInline{ Data: getBasedOnCondition(useExpectedContent, `[Service] @@ -437,7 +437,7 @@ func getRsyslogTLSFiles(useExpectedContent bool) []extensionsv1alpha1.File { return []extensionsv1alpha1.File{ { Path: "/var/lib/rsyslog-relp-configurator/tls/ca.crt", - Permissions: ptr.To(int32(0600)), + Permissions: ptr.To(uint32(0600)), Content: extensionsv1alpha1.FileContent{ SecretRef: &extensionsv1alpha1.FileContentSecretRef{ Name: getBasedOnCondition(useExpectedContent, "ref-rsyslog-tls", "ref-rsyslog-tls-old"), @@ -447,7 +447,7 @@ func getRsyslogTLSFiles(useExpectedContent bool) []extensionsv1alpha1.File { }, { Path: "/var/lib/rsyslog-relp-configurator/tls/tls.crt", - Permissions: ptr.To(int32(0600)), + Permissions: ptr.To(uint32(0600)), Content: extensionsv1alpha1.FileContent{ SecretRef: &extensionsv1alpha1.FileContentSecretRef{ Name: getBasedOnCondition(useExpectedContent, "ref-rsyslog-tls", "ref-rsyslog-tls-old"), @@ -457,7 +457,7 @@ func getRsyslogTLSFiles(useExpectedContent bool) []extensionsv1alpha1.File { }, { Path: "/var/lib/rsyslog-relp-configurator/tls/tls.key", - Permissions: ptr.To(int32(0600)), + Permissions: ptr.To(uint32(0600)), Content: extensionsv1alpha1.FileContent{ SecretRef: &extensionsv1alpha1.FileContentSecretRef{ Name: getBasedOnCondition(useExpectedContent, "ref-rsyslog-tls", "ref-rsyslog-tls-old"), diff --git a/pkg/webhook/operatingsystemconfig/rsyslog.go b/pkg/webhook/operatingsystemconfig/rsyslog.go index 0f14def8..e9dcf313 100644 --- a/pkg/webhook/operatingsystemconfig/rsyslog.go +++ b/pkg/webhook/operatingsystemconfig/rsyslog.go @@ -115,7 +115,7 @@ func getRsyslogFiles(rsyslogRelpConfig *rsyslog.RsyslogRelpConfig, cluster *exte rsyslogFiles = append(rsyslogFiles, []extensionsv1alpha1.File{ { Path: constants.RsyslogConfigFromOSCPath, - Permissions: ptr.To(int32(0744)), + Permissions: ptr.To(uint32(0744)), Content: extensionsv1alpha1.FileContent{ Inline: &extensionsv1alpha1.FileContentInline{ Encoding: "b64", @@ -125,7 +125,7 @@ func getRsyslogFiles(rsyslogRelpConfig *rsyslog.RsyslogRelpConfig, cluster *exte }, { Path: constants.ConfigureRsyslogScriptPath, - Permissions: ptr.To(int32(0744)), + Permissions: ptr.To(uint32(0744)), Content: extensionsv1alpha1.FileContent{ Inline: &extensionsv1alpha1.FileContentInline{ Encoding: "b64", @@ -135,7 +135,7 @@ func getRsyslogFiles(rsyslogRelpConfig *rsyslog.RsyslogRelpConfig, cluster *exte }, { Path: constants.ProcessRsyslogPstatsScriptPath, - Permissions: ptr.To(int32(0744)), + Permissions: ptr.To(uint32(0744)), Content: extensionsv1alpha1.FileContent{ Inline: &extensionsv1alpha1.FileContentInline{ Encoding: "b64", @@ -145,7 +145,7 @@ func getRsyslogFiles(rsyslogRelpConfig *rsyslog.RsyslogRelpConfig, cluster *exte }, { Path: rsyslogServiceMemoryLimitsDropInPath, - Permissions: ptr.To(int32(0644)), + Permissions: ptr.To(uint32(0644)), Content: extensionsv1alpha1.FileContent{ Inline: &extensionsv1alpha1.FileContentInline{ Data: `[Service] @@ -227,7 +227,7 @@ func getRsyslogTLSFiles(cluster *extensionscontroller.Cluster, secretRefName str return []extensionsv1alpha1.File{ { Path: constants.RsyslogTLSFromOSCDir + "/ca.crt", - Permissions: ptr.To(int32(0600)), + Permissions: ptr.To(uint32(0600)), Content: extensionsv1alpha1.FileContent{ SecretRef: &extensionsv1alpha1.FileContentSecretRef{ Name: refSecretName, @@ -237,7 +237,7 @@ func getRsyslogTLSFiles(cluster *extensionscontroller.Cluster, secretRefName str }, { Path: constants.RsyslogTLSFromOSCDir + "/tls.crt", - Permissions: ptr.To(int32(0600)), + Permissions: ptr.To(uint32(0600)), Content: extensionsv1alpha1.FileContent{ SecretRef: &extensionsv1alpha1.FileContentSecretRef{ Name: refSecretName, @@ -247,7 +247,7 @@ func getRsyslogTLSFiles(cluster *extensionscontroller.Cluster, secretRefName str }, { Path: constants.RsyslogTLSFromOSCDir + "/tls.key", - Permissions: ptr.To(int32(0600)), + Permissions: ptr.To(uint32(0600)), Content: extensionsv1alpha1.FileContent{ SecretRef: &extensionsv1alpha1.FileContentSecretRef{ Name: refSecretName,