Improve error messages. Debug. Tweak permissions

nginx · Nov 16, 2023 · 78c9ddd · 78c9ddd
1 parent b954a51
commit 78c9ddd
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 16 deletions.
diff --git a/src/extensions/nginx-app-protect/nap/nap_metadata.go b/src/extensions/nginx-app-protect/nap/nap_metadata.go
@@ -11,6 +11,7 @@ import (
 	"encoding/json"
 	"errors"
 	"os"
+	"fmt"
 	"path/filepath"
 
 	"github.com/nginx/agent/sdk/v2"
@@ -33,11 +34,11 @@ func UpdateMetadata(
 	data, err := os.ReadFile(appProtectWAFDetails.GetWafLocation())
 	if err != nil {
 		if !errors.Is(err, os.ErrNotExist) {
-			return err
+			return fmt.Errorf("failed to update metadata: %v", err)
 		}
 	} else {
 		if err := json.Unmarshal(data, &previousMeta); err != nil {
-			return err
+			return fmt.Errorf("failed to unmarshal current metadata: %v", err)
 		}
 		previousPrecompiledPublication = previousMeta.PrecompiledPublication
 	}
@@ -53,14 +54,16 @@ func UpdateMetadata(
 	policies, profiles := sdk.GetAppProtectPolicyAndSecurityLogFilesWithIgnoreDirectives(cfg, ignoreDirectives)
 
 	policyBundles := []*BundleMetadata{}
-	profileBundles := []*BundleMetadata{}
 
 	for _, policy := range policies {
 		bundle := &BundleMetadata{
 			Name: policy,
 		}
 		policyBundles = append(policyBundles, bundle)
 	}
+
+	profileBundles := []*BundleMetadata{}
+
 	for _, profile := range profiles {
 		bundle := &BundleMetadata{
 			Name: profile,
@@ -84,21 +87,27 @@ func UpdateMetadata(
 
 	m, err := json.Marshal(metadata)
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to marshal metadata update: %v", err)
 	}
 
 	// Make dir if not exists
 	directory := filepath.Dir(appProtectWAFDetails.GetWafLocation())
 	_, err = os.Stat(directory)
 	if os.IsNotExist(err) {
-		err = os.MkdirAll(directory, 0o644)
+		err = os.MkdirAll(directory, 0o755)
 		if err != nil {
-			return err
+			return fmt.Errorf("failed to create directory for metadata update: %v", err)
 		}
 	}
 
 	log.Debugf("Writing NAP Metadata %s", m)
-	return os.WriteFile(appProtectWAFDetails.GetWafLocation(), m, 0o644)
+
+	err = os.WriteFile(appProtectWAFDetails.GetWafLocation(), m, 0o664)
+	if err != nil {
+		return fmt.Errorf("failed to write NAP Metadata update: %v", err )
+	}
+
+	return nil
 }
 
 // metadataAreEqual compares the metadata for equality

diff --git a/src/extensions/nginx-app-protect/nap/nap_metadata_test.go b/src/extensions/nginx-app-protect/nap/nap_metadata_test.go
@@ -171,9 +171,10 @@ func TestUpdateNapMetadata(t *testing.T) {
 				WafLocation:             metadataFile,
 				PrecompiledPublication:  tc.precompPub,
 			}
-			ignoreDirecitves := []string{}
+
+			ignoreDirectives = []string{}
 
-			err = UpdateMetadata(cfg, appProtectWAFDetails, ignoreDirecitves)
+			err = UpdateMetadata(cfg, appProtectWAFDetails, ignoreDirectives)
 			assert.NoError(t, err)
 
 			data, err := os.ReadFile(metadataFile)

diff --git a/...nce/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/nap_metadata.go b/...nce/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/nap_metadata.go