You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File "ocaml/xapi/helpers.ml", line 1954, characters 4-30:
1954 | SecretString.write_to_file ~perms:0o600 !Xapi_globs.pool_secret_path ps ;
^^^^^^^^^^^^^^^^^^^^^^^^^^
Error: This function has type string -> SecretString.t -> unit
It is applied to too many arguments; maybe you forgot a `;'.
make: *** [Makefile:16: build] Error 1
Error: Process completed with exit code 2.
The reason will be displayed to describe this comment to others. Learn more.
I don't like that users of the function can dictate the permissions, please undo those changes and instead change the implementation of the function to hardcode it:
let write_to_file =Xapi_stdext_unix.Unixext.write_string_to_file ~perms:0o600
I don't like that users of the function can dictate the permissions, please undo those changes and instead change the implementation of the function to hardcode it:
let write_to_file =Xapi_stdext_unix.Unixext.write_string_to_file ~perms:0o600
Is this based on the argument that we already know that we want to store a secret and hence need most restrictive permissions? Which perms don't you like? I think passing permission to Xapi_stdext_unix.Unixext.write_string_to_file is good, but to SecretString.write_to_file maybe not.
Is this based on the argument that we already know that we want to store a secret and hence need most restrictive permissions? Which perms don't you like?
Yes, since it's a secrets the permissions need to be more stringent. Currently it's on SecretString's user to use the safe permissions, this is risky since it's done a optional parameter which might be elided. Even if it wasn't I don't think it should be a decision at all as it should always use the safe choice, hence why it only makes sense to encode it in SecretString.write_to_file and not expose it to its users
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
snwoods
force-pushed
the
private/stevenwo/CA-371790
branch
from
Depends on the changes in xapi-project/stdext#69