From f0ad6ae6e84a4ad98a476cf692b25d38b0ffe926 Mon Sep 17 00:00:00 2001 From: olivier dubo Date: Mon, 11 May 2026 15:25:56 +0000 Subject: [PATCH 1/3] feat(login): fixed permission for ovh.conf in login Signed-off-by: olivier dubo --- internal/services/login/login.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/internal/services/login/login.go b/internal/services/login/login.go index c626e153..00854304 100644 --- a/internal/services/login/login.go +++ b/internal/services/login/login.go @@ -6,6 +6,7 @@ package login import ( "fmt" + "os" "strings" "github.com/ovh/ovhcloud-cli/internal/config" @@ -92,6 +93,10 @@ func Login(_ *cobra.Command, _ []string) { } } + if err := os.Chmod(flags.CliConfigPath, 0600); err != nil { + display.OutputWarning(&flags.OutputFormatConfig, "failed to set secure permissions on config file: %s", err) + } + display.OutputInfo(&flags.OutputFormatConfig, nil, "Credentials saved to profile %q", LoginProfileFlag) return } @@ -109,4 +114,8 @@ func Login(_ *cobra.Command, _ []string) { return } } + + if err := os.Chmod(flags.CliConfigPath, 0600); err != nil { + display.OutputWarning(&flags.OutputFormatConfig, "failed to set secure permissions on config file: %s", err) + } } From afe5fa37560190f001b7f48e9460e676069441cb Mon Sep 17 00:00:00 2001 From: olivier dubo Date: Tue, 12 May 2026 07:21:42 +0000 Subject: [PATCH 2/3] feat(login): added defer focntion for permission Signed-off-by: olivier dubo --- internal/services/login/login.go | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/internal/services/login/login.go b/internal/services/login/login.go index 00854304..4901f326 100644 --- a/internal/services/login/login.go +++ b/internal/services/login/login.go @@ -64,8 +64,21 @@ func Login(_ *cobra.Command, _ []string) { delete(credentials, "endpoint") } + // Check if config file exists before writing + _, fileExistsErr := os.Stat(flags.CliConfigPath) + fileIsNew := os.IsNotExist(fileExistsErr) + // If a profile name is provided, store credentials in the profile section if LoginProfileFlag != "" { + // Defer chmod to set restrictive permissions only if file was newly created + if fileIsNew { + defer func() { + if err := os.Chmod(flags.CliConfigPath, 0600); err != nil { + display.OutputWarning(&flags.OutputFormatConfig, "failed to set secure permissions on config file: %s", err) + } + }() + } + if config.IsDefaultProfile(LoginProfileFlag) { display.OutputError(&flags.OutputFormatConfig, "%q is a reserved profile name, please choose a different name", config.DefaultProfileName) return @@ -93,10 +106,6 @@ func Login(_ *cobra.Command, _ []string) { } } - if err := os.Chmod(flags.CliConfigPath, 0600); err != nil { - display.OutputWarning(&flags.OutputFormatConfig, "failed to set secure permissions on config file: %s", err) - } - display.OutputInfo(&flags.OutputFormatConfig, nil, "Credentials saved to profile %q", LoginProfileFlag) return } @@ -108,14 +117,18 @@ func Login(_ *cobra.Command, _ []string) { } serviceconfig.SetEndpoint(nil, []string{selectedRegion}) + if fileIsNew { + defer func() { + if err := os.Chmod(flags.CliConfigPath, 0600); err != nil { + display.OutputWarning(&flags.OutputFormatConfig, "failed to set secure permissions on config file: %s", err) + } + }() + } + for k, v := range credentials { if err := config.SetConfigValue(flags.CliConfig, flags.CliConfigPath, configSection, k, v); err != nil { display.OutputError(&flags.OutputFormatConfig, "failed to write configuration %q: %s", k, err) return } } - - if err := os.Chmod(flags.CliConfigPath, 0600); err != nil { - display.OutputWarning(&flags.OutputFormatConfig, "failed to set secure permissions on config file: %s", err) - } } From 06366a0d28a8ba1a5369f9724cf23923150f2d0f Mon Sep 17 00:00:00 2001 From: olivier dubo Date: Tue, 12 May 2026 07:54:55 +0000 Subject: [PATCH 3/3] feat(login): fixed permission in creation file Signed-off-by: olivier dubo --- internal/services/login/login.go | 28 +++++++--------------------- 1 file changed, 7 insertions(+), 21 deletions(-) diff --git a/internal/services/login/login.go b/internal/services/login/login.go index 4901f326..6cf48a0e 100644 --- a/internal/services/login/login.go +++ b/internal/services/login/login.go @@ -55,6 +55,12 @@ func Login(_ *cobra.Command, _ []string) { } flags.CliConfigPath = path + + defer func() { + if err := os.Chmod(flags.CliConfigPath, 0600); err != nil { + display.OutputError(&flags.OutputFormatConfig, "failed to set permissions on config file: %s", err) + } + }() } // Determine the endpoint value @@ -64,21 +70,8 @@ func Login(_ *cobra.Command, _ []string) { delete(credentials, "endpoint") } - // Check if config file exists before writing - _, fileExistsErr := os.Stat(flags.CliConfigPath) - fileIsNew := os.IsNotExist(fileExistsErr) - // If a profile name is provided, store credentials in the profile section if LoginProfileFlag != "" { - // Defer chmod to set restrictive permissions only if file was newly created - if fileIsNew { - defer func() { - if err := os.Chmod(flags.CliConfigPath, 0600); err != nil { - display.OutputWarning(&flags.OutputFormatConfig, "failed to set secure permissions on config file: %s", err) - } - }() - } - if config.IsDefaultProfile(LoginProfileFlag) { display.OutputError(&flags.OutputFormatConfig, "%q is a reserved profile name, please choose a different name", config.DefaultProfileName) return @@ -117,14 +110,6 @@ func Login(_ *cobra.Command, _ []string) { } serviceconfig.SetEndpoint(nil, []string{selectedRegion}) - if fileIsNew { - defer func() { - if err := os.Chmod(flags.CliConfigPath, 0600); err != nil { - display.OutputWarning(&flags.OutputFormatConfig, "failed to set secure permissions on config file: %s", err) - } - }() - } - for k, v := range credentials { if err := config.SetConfigValue(flags.CliConfig, flags.CliConfigPath, configSection, k, v); err != nil { display.OutputError(&flags.OutputFormatConfig, "failed to write configuration %q: %s", k, err) @@ -132,3 +117,4 @@ func Login(_ *cobra.Command, _ []string) { } } } +