cli: agent.token permissions issue
Problem to solve
See !307 (merged).
[...] I'm trying to use the prebuilt
:latest
image... ifbuild/deployment/gitlab-agent/base/secrets/agent.token
doesn't already exist when the container image is built you get:$ docker run --rm -it bazel/cmd/cli:container generate --agent-token "foo" --kas-address grpc://example.com Program aborted: open /app/kpt-package/base/secrets/agent.token: permission denied
I'm not sure how to fix this because the permissions are already set to
0777
on everything inbuild/deployment/BUILD.bazel
. I thought about just adding an empty placeholderagent.token
file, but evidently there is no way togit add -f
a file and still keep future changes untracked.
Possible solution
Quoting @ash2k
To solve the permissions problem we'll likely need to adjust permissions/ownership on the directories. The program is running as
nobody:nogroup
(or something like that) but directories and files are owned byroot
. I'm quite sure this is the cause.
Edited by Hordur Freyr Yngvason