File permissions validations

[JoshVanL]

What this PR does / why we need it:
Adds validations to ensure 600 permissions on id_rsa, ssh_config and vault_root_token

fixes #170

/assign @charlieegan3

NONE

[jetstack-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To fully approve this pull request, please assign additional approvers.
We suggest the following additional approver: mattbates

Assign the PR to them by writing /assign @mattbates in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[charlieegan3]

I've looked over this and the code changes look fine.

When I have the incorrect permissions set now I get the following error:

FATA[0005] Tarmak exited with an error: failed to validate tarmak: 2 errors occurred:

* vault root token file '/home/charlieegan3/.tarmak/charlie/vault_root_token' does not match permissions (0600): -r--------
* '/home/charlieegan3/.tarmak/charlie/id_rsa' does not match permissions (0600): -r--------  error="failed to validate tarmak: 2 errors occurred:\n\n* vault root token file '/home/charlieegan3/.tarmak/charlie/vault_root_token' does not match permissions (0600): -r--------\n* '/home/charlieegan3/.tarmak/charlie/id_rsa' does not match permissions (0600): -r--------"

Clearly a huge improvement on the output in #170.

[charlieegan3]

/lgtm

[charlieegan3]

/unassign
/assign @simonswine

[simonswine]

Thanks a few comments from my side

/assign @JoshVanL
/unassign

[simonswine]

I think we should be only checking if others and group are having a zero like that

(f.Mode() & 0077) == 0

[simonswine]

I think we should be only checking if others and group are having a zero like that

(f.Mode() & 0077) == 0

[simonswine]

I think this whole method should just be calling to validateSSHSetup() or something like that

[JoshVanL]

Not too sure what you mean by this. tarmak.Validate() should only call to validateSSHSetup?

[JoshVanL]

@simonswine

[jetstack-bot]

New changes are detected. LGTM label has been removed.

[JoshVanL]

@simonswine

[JoshVanL]

/assign @simonswine

[JoshVanL]

/unassign

[jetstack-bot]

@JoshVanL: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[jetstack-bot]

@JoshVanL: The following test failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
tarmak-puppet-module-tarmak-acceptance-1-14-centos	d5caa32	link	/test puppet-tarmak-acceptance-centos v1.14

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.