From 4d1dcb943c73122d916d3075a287328de22aa738 Mon Sep 17 00:00:00 2001
From: orange-snn <songnannan2@huawei.com>
Date: Wed, 29 Sep 2021 20:44:33 +0800
Subject: [PATCH] add permission control in ragdoll

(cherry picked from commit b3eb495b52f5d6e982ec05a46315423a7ae0c9e4)
---
 0003-add-permission-control-in-ragdoll.patch | 93 ++++++++++++++++++++
 A-Ops.spec                                   |  8 +-
 2 files changed, 99 insertions(+), 2 deletions(-)
 create mode 100644 0003-add-permission-control-in-ragdoll.patch

diff --git a/0003-add-permission-control-in-ragdoll.patch b/0003-add-permission-control-in-ragdoll.patch
new file mode 100644
index 0000000..8b55f6b
--- /dev/null
+++ b/0003-add-permission-control-in-ragdoll.patch
@@ -0,0 +1,93 @@
+From d3f717d13d2ea70bdcb31dfcef4f7f163f84660e Mon Sep 17 00:00:00 2001
+From: orange-snn <songnannan2@huawei.com>
+Date: Wed, 29 Sep 2021 18:44:52 +0800
+Subject: [PATCH] change the attr of the path in ragdoll
+
+---
+ gala-ragdoll/ragdoll/controllers/domain_controller.py | 1 +
+ gala-ragdoll/ragdoll/controllers/format.py            | 1 +
+ gala-ragdoll/ragdoll/controllers/host_controller.py   | 4 ++++
+ gala-ragdoll/ragdoll/utils/conf_tools.py              | 2 ++
+ gala-ragdoll/ragdoll/utils/prepare.py                 | 1 +
+ 5 files changed, 9 insertions(+)
+
+diff --git a/gala-ragdoll/ragdoll/controllers/domain_controller.py b/gala-ragdoll/ragdoll/controllers/domain_controller.py
+index ba9c6ce6..3c14dba9 100644
+--- a/gala-ragdoll/ragdoll/controllers/domain_controller.py
++++ b/gala-ragdoll/ragdoll/controllers/domain_controller.py
+@@ -46,6 +46,7 @@ def create_domain(body=None):  # noqa: E501
+         else:
+             successDomain.append(tempDomainName)
+             domainPath = os.path.join(TARGETDIR, tempDomainName)
++            os.umask(0o077)
+             os.mkdir(domainPath)
+ 
+     if len(failedDomain) == 0:
+diff --git a/gala-ragdoll/ragdoll/controllers/format.py b/gala-ragdoll/ragdoll/controllers/format.py
+index c302a357..6f03986f 100644
+--- a/gala-ragdoll/ragdoll/controllers/format.py
++++ b/gala-ragdoll/ragdoll/controllers/format.py
+@@ -91,6 +91,7 @@ class Format(object):
+     @staticmethod
+     def addHostToFile(d_file, host):
+         info_json = json.dumps(str(host), sort_keys=False, indent=4, separators=(',', ': '))
++        os.umask(0o077)
+         with open(d_file, 'a+') as host_file:
+             host_file.write(info_json)
+             host_file.write("\n")
+diff --git a/gala-ragdoll/ragdoll/controllers/host_controller.py b/gala-ragdoll/ragdoll/controllers/host_controller.py
+index 75f767b2..441abde4 100644
+--- a/gala-ragdoll/ragdoll/controllers/host_controller.py
++++ b/gala-ragdoll/ragdoll/controllers/host_controller.py
+@@ -143,12 +143,16 @@ def delete_host_in_domain(body=None):  # noqa: E501
+                 codeNum = 500
+                 base_rsp = BaseResponse(codeNum, "The host delete failed.")
+                 return base_rsp, codeNum
++            codeNum = 200
++            base_rsp = BaseResponse(codeNum, "All hosts are deleted in the current domain.")
++            return base_rsp, codeNum
+ 
+     # If the domain exists, check whether the current input parameter host belongs to the corresponding
+     # domain. If the host is in the domain, the host is deleted. If the host is no longer in the domain, 
+     # the host is added to the failure range
+     containedInHost = []
+     notContainedInHost = []
++    os.umask(0o077)
+     for hostInfo in hostInfos:
+         hostId = hostInfo.host_id
+         isContained = False
+diff --git a/gala-ragdoll/ragdoll/utils/conf_tools.py b/gala-ragdoll/ragdoll/utils/conf_tools.py
+index cb051a4a..205f236c 100644
+--- a/gala-ragdoll/ragdoll/utils/conf_tools.py
++++ b/gala-ragdoll/ragdoll/utils/conf_tools.py
+@@ -406,6 +406,7 @@ class ConfTools(object):
+         """
+         res = False
+         cwd = os.getcwd()
++        os.umask(0o077)
+         if not os.path.exists(self._target_dir):
+             os.mkdir(self._target_dir)
+ 
+@@ -583,6 +584,7 @@ class ConfTools(object):
+         """
+         res = False
+         path_delete_last = ""
++        os.umask(0o077)
+         if not os.path.exists(path):
+             paths = path.split('/')
+             for d_index in range(0, len(paths) - 1):
+diff --git a/gala-ragdoll/ragdoll/utils/prepare.py b/gala-ragdoll/ragdoll/utils/prepare.py
+index f8bc7314..a8a06c0a 100644
+--- a/gala-ragdoll/ragdoll/utils/prepare.py
++++ b/gala-ragdoll/ragdoll/utils/prepare.py
+@@ -20,6 +20,7 @@ class Prepare(object):
+         if os.path.exists(self._target_dir):
+             rest = self.git_init(username, useremail)
+             return rest
++        os.umask(0o077)
+         cmd1 = "mkdir -p {}".format(self._target_dir)
+         git_tools = GitTools(self._target_dir)
+         mkdir_code = git_tools.run_shell_return_code(cmd1)
+-- 
+Gitee
+
diff --git a/A-Ops.spec b/A-Ops.spec
index 3c12de2..1df29a7 100644
--- a/A-Ops.spec
+++ b/A-Ops.spec
@@ -1,6 +1,6 @@
 Name:		A-Ops
 Version:	v1.1.1
-Release:	2
+Release:	3
 Summary:	The intelligent ops toolkit for openEuler
 License:	MulanPSL2
 URL:		https://gitee.com/openeuler/A-Ops
@@ -8,7 +8,7 @@ Source0:	%{name}-%{version}.tar.gz
 Source1:	A-Ops-web-node-modules.tar.gz
 patch0001:	0001-fix-diag-return.patch
 patch0002:      0002-fix-log-of-task-execution.patch
-
+patch0003:	0003-add-permission-control-in-ragdoll.patch
 
 # build for gopher
 BuildRequires:	cmake gcc-c++ yum elfutils-devel clang >= 10.0.1 llvm libconfig-devel
@@ -171,6 +171,7 @@ website for A-Ops, deployed by Nginx
 %setup -T -D -a 1
 %patch0001 -p1
 %patch0002 -p1
+%patch0003 -p1
 cp -r A-Ops-web-node-modules/node_modules aops-web/
 
 %build
@@ -492,6 +493,9 @@ fi
 
 
 %changelog
+* Wed Sep 29 2021 orange-snn<songnannan2@huawei.com> - v1.1.1-3
+- add permission control in ragdoll.
+
 * Wed Sep 29 2021 chemingdao<chemingdao@huawei.com> - v1.1.1-2
 - fix log info of the task execution.