MCPcopy
hub / github.com/dgraph-io/dgraph / setupSecrets

Method setupSecrets

dgraphtest/local_cluster.go:1337–1368  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

1335}
1336
1337func (c *LocalCluster) setupSecrets() error {
1338 // WidenSecretFilePerms is a public hook in dgraphtest/hooks.go; the
1339 // default is no-op. Secret files use mode 0600 (owner-only), which
1340 // is correct upstream. Downstream consumers running the dgraph
1341 // container as a non-root user that differs from the host owner
1342 // override the hook to widen perms — for example, adding group- or
1343 // world-read — so the in-container uid can read the bind-mounted
1344 // secret files.
1345 if c.conf.encryption {
1346 // use this key because some of the data is already encrypted using this key.
1347 encKey := []byte("1234567890123456")
1348 c.encKeyPath = filepath.Join(c.tempSecretsDir, encKeyFile)
1349 if err := os.WriteFile(c.encKeyPath, encKey, 0600); err != nil {
1350 return err
1351 }
1352 if err := WidenSecretFilePerms(c.encKeyPath); err != nil {
1353 return err
1354 }
1355 }
1356
1357 if c.conf.acl {
1358 aclSecretPath := filepath.Join(c.tempSecretsDir, aclKeyFile)
1359 if err := generateACLSecret(c.conf.aclAlg, aclSecretPath); err != nil {
1360 return err
1361 }
1362 if err := WidenSecretFilePerms(aclSecretPath); err != nil {
1363 return err
1364 }
1365 }
1366
1367 return nil
1368}
1369
1370func generateACLSecret(alg jwt.SigningMethod, pathToFile string) error {
1371 if alg == nil {

Callers 1

initMethod · 0.95

Calls 1

generateACLSecretFunction · 0.85

Tested by

no test coverage detected