Request access personal-files for civo cli

The Civo app is a CLI to handler all Civo Cloud service using our API, I think this is the only reason why we need the app to have access to the network

Thanks

so why not simply use the network and network-bind interfaces in strict mode then ?

Hi @ogra in the case i need to access to the $HOME/.civo.json to write and read, i need use personal-file, but now i’m waiting for this:

human review required due to 'allow-installation' constraint (bool) declaration-snap-v2_plugs_installation (personal-files, personal-files) 

change the topic title to become a request for personal-files then … someone from the reviewers should pick it up …

Done, is ok in this way?

1 Like

This request lacks sufficient detail to proceed.

The snap currently is using:

plugs:
  personal-files:
    read:
    - $HOME/.civo.json
    write:
    - $HOME/.civo.json

Since ‘write’ implies ‘read’ in the personal-files interface, this should be changed to:

plugs:
  dot-civo-json:
    interface: personal-files
    write:
    - $HOME/.civo.json

However, the snap already has access to $HOME/.civo.json at runtime, since $HOME expands to ~/snap/civo/<revision>. This interface is typically used to provide read-only access to top-level hidden data directories within a user’s home directory in order to support importing data from existing applications where the snap is the clear owner of the target directory. While civo is the clear owner of the directory, it is requesting write access. Can you detail why civo cannot use ~/snap/civo/<revision>/.civo.json instead?

Hello @jdstrand:
I understand what you are saying, what I do not understand is, we would have to have a .civo.json for each version of our client, that is, if a user installed version 10 and created its configuration when doing an upgrade to version 11 would you have to re-create your configuration?

We are a cloud provider that offers IaaS and Kubernetes services, we would also need to have access to .kube/config and .ssh/id_rsa to create the keys within our IaaS, the latter is not automatic, it is using a command from our cli, like this civo sshkey add my-key --key $HOME/.ssh/id_rsa

Thanks for everything

no, the files in ~/snap/$snapname/$revision are copied when the snap is refreshed to a different version. The old revision’s config remains, for ease of roll-back, but they are also copied to the new revision so the app doesn’t break.

1 Like

.kube/config could also be available to you via the personal-files interface (there are several snaps that use this). The ssh-keys interface is available for your snap to use, but yes, it is manually connected and due to the sensitive nature of the interface, auto-connection would unlikely be granted (though, see manual connection mitigations in our processes for things you can do to improve the user experience). Note that your snap has full access to $SNAP_USER_DATA/.ssh and so your snap could use this for snap-specific keys instead of requiring access to the user’s (global) ssh keys.

@civo - ping, can you please provide the requested information?

@civo - ping, this request cannot proceed without the requested information.

@civo - since we’ve not heard back from you, we are removing this request from our review queue. When you have more time to respond, simply do so here and we can add the request back to the queue. Thanks*