Hi
As part of the move to strict confinement for the openstackclients snap I’d like to allow the snap to access the standard location for the openstack clouds.yaml configuration file ($HOME/.config/openstack/clouds.yaml).
I’ve added a personal-files configuration for this access.
Please review!
The snap is currently using:
plugs:
config-openstack:
interface: personal-files
read:
- $HOME/.config/openstack/clouds.yaml
openstackclients is part of the suite of applications that is the clear owner of $HOME/.config/openstack. For consistency with other uses of personal-files, please update your snap.yaml to use dot-config-openstack as the interface reference, like so:
plugs:
dot-config-openstack:
interface: personal-files
read:
- $HOME/.config/openstack/clouds.yaml
+1 for use and auto-connection of personal files for read-only access to this directory when using the dot-config-openstack interface reference.
@reviewers - can others please vote?
+1 to auto-connected access to $HOME/.config/openstack/clouds.yaml. However, @jdstrand given that this directory could also contain e.g. clouds-public.yaml, should we make the interface name file-specific?
@jamespage do you anticipate needing access to other files in that directory?
Oh, this is a good point and from my suggestion of interface name, this is what I had in mind.
@jamespage - if you need only $HOME/.config/openstack/clouds.yaml, please use this in your yaml:
plugs:
dot-config-openstack-clouds-yaml:
interface: personal-files
read:
- $HOME/.config/openstack/clouds.yaml
if you need everything in the directory, please use this:
plugs:
dot-config-openstack:
interface: personal-files
read:
- $HOME/.config/openstack
I continue to be +1 for $HOME/.config/openstack/clouds.yaml. Let us know if this should be updated for the whole directory or perhaps a glob on clouds*.yaml.
I’ll work on renaming the interface to dot-config-openstack-clouds-yaml
Thanks! In addition to that, there are open questions. When you have a moment, can you respond to those as well?
Nudge on this review - I think I’ve answered all of the questions but please let me know if I’ve missed something!
I can confirm my questions have been answered and my +1 for auto-connected access to $HOME/.config/openstack/clouds.yaml remains. I only wanted to make sure you didn’t also need something else.
The snap was adjusted to use:
plugs:
dot-config-openstack-clouds-yaml:
interface: personal-files
read:
- $HOME/.config/openstack/clouds.yaml
and we have votes on this.
2 votes for, 0 against for use of and auto-connection for the personal-files interface for read-only access to $HOME/.config/openstack/clouds.yaml with the interface reference of dot-config-openstack-clouds-yaml. Granting. This is now live.
Note, while the snap declaration has been granted, there is a corresponding change to the review-tools that has been made that is not yet in production and new revisions will not pass automated review until it is. In the meantime, you can request manual reviews for new revisions and a reviewer can manually approve.
I’ve manually approved revisions 80-85.
Turns out general access to this directly might be useful after all:
https://review.opendev.org/c/x/snap-openstackclients/+/768219
I’ve provided feedback on the review to generalise the access pattern to dot-config-openstack.