[DPE-5915] Reduce pgdate permissions (#759)

* Reduce pgdate permissions * Disable indico tests
canonical · Nov 8, 2024 · b41e4f2 · b41e4f2
1 parent 8c186b8
commit b41e4f2
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 2 deletions.
diff --git a/src/charm.py b/src/charm.py
@@ -864,7 +864,7 @@ def _create_pgdata(self, container: Container):
         path = f"{self._storage_path}/pgdata"
         if not container.exists(path):
             container.make_dir(
-                path, permissions=0o770, user=WORKLOAD_OS_USER, group=WORKLOAD_OS_GROUP
+                path, permissions=0o750, user=WORKLOAD_OS_USER, group=WORKLOAD_OS_GROUP
             )
         # Also, fix the permissions from the parent directory.
         container.exec([

diff --git a/tests/integration/new_relations/test_new_relations.py b/tests/integration/new_relations/test_new_relations.py
@@ -664,6 +664,7 @@ async def test_discourse(ops_test: OpsTest):
 
 
 @pytest.mark.group(1)
+@pytest.mark.unstable
 @markers.amd64_only  # indico charm not available for arm64
 async def test_indico_datatabase(ops_test: OpsTest) -> None:
     """Tests deploying and relating to the Indico charm."""

diff --git a/tests/unit/test_charm.py b/tests/unit/test_charm.py
@@ -1776,7 +1776,7 @@ def test_create_pgdata(harness):
     container.exists.return_value = False
     harness.charm._create_pgdata(container)
     container.make_dir.assert_called_once_with(
-        "/var/lib/postgresql/data/pgdata", permissions=504, user="postgres", group="postgres"
+        "/var/lib/postgresql/data/pgdata", permissions=488, user="postgres", group="postgres"
     )
     container.exec.assert_called_once_with([
         "chown",