[Bug] Set file mode explicitly for regular files (#1323)

Set file mode explicitly for regular files * As shown in the following code snippet, the function `ensureFiles` checks the file mode for both regular files and secret files. https://github.com/nginxinc/nginx-gateway-fabric/blob/6d4cfd7f0de32e9f98dae358cb6cec93529109a5/internal/mode/static/nginx/file/manager_test.go#L43-L47 * The function `ReplaceFiles` in `nginx/file/manager.go` creates files by internally calling [os.Create](https://pkg.go.dev/os#Create), which, by default, creates files with mode 0666 (before applying `umask`). See the [source code](https://github.com/golang/go/blob/de5b418bea70aaf27de1f47e9b5813940d1e15a4/src/os/file.go#L357-L364) of `os.Create` for more details. * The function `writeFile` changes the mode of secret files to 0640 by calling `chmod`, but does nothing for regular files. Hence, the check `Expect(info.Mode()).To(Equal(os.FileMode(0o644))) ` in `nginx/file/manager_test.go` only passes for `umask` with specific values. * In my environment, the `umask` value is 002. Therefore, the mode for regular files will be 0666 - 0002 = 0664, causing the unit test to fail. In the following screenshot, 420 is 0o644, and 436 is 0o664. ![Screen Shot 2023-12-02 at 6 05 36 PM](https://github.com/nginxinc/nginx-gateway-fabric/assets/20109646/b621c7de-2465-4c5a-988b-4cf625e5dca7) * Solution: This PR sets the file mode explicitly.
nginx · Dec 5, 2023 · d27dde5 · d27dde5
1 parent b49d802
commit d27dde5
Showing 1 changed file with 13 additions and 2 deletions.
diff --git a/internal/mode/static/nginx/file/manager.go b/internal/mode/static/nginx/file/manager.go
@@ -10,6 +10,8 @@ import (
 )
 
 const (
+	// regularFileMode defines the default file mode for regular files.
+	regularFileMode = 0o644
 	// secretFileMode defines the default file mode for files with secrets.
 	secretFileMode = 0o640
 )
@@ -136,11 +138,20 @@ func writeFile(fileMgr OSFileManager, file File) error {
 		}
 	}()
 
-	if file.Type == TypeSecret {
+	switch file.Type {
+	case TypeRegular:
+		if err := fileMgr.Chmod(f, regularFileMode); err != nil {
+			resultErr = fmt.Errorf(
+				"failed to set file mode to %#o for %q: %w", regularFileMode, file.Path, err)
+			return resultErr
+		}
+	case TypeSecret:
 		if err := fileMgr.Chmod(f, secretFileMode); err != nil {
-			resultErr = fmt.Errorf("failed to set file mode for %q: %w", file.Path, err)
+			resultErr = fmt.Errorf("failed to set file mode to %#o for %q: %w", secretFileMode, file.Path, err)
 			return resultErr
 		}
+	default:
+		panic(fmt.Sprintf("unknown file type %d", file.Type))
 	}
 
 	if err := fileMgr.Write(f, file.Content); err != nil {