From 7bf91b1003d545d8dc84262c1b87619fffc42526 Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Thu, 27 Aug 2020 13:14:55 -0400
Subject: [PATCH] Improve store file handling for CLI

Don't try to chmod every time, instead only chmod when first creating
the file. Also allow loading the default permission from an envvar
rather than hardcoding it.
---
 client-cli/pvc.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/client-cli/pvc.py b/client-cli/pvc.py
index 0bc661e1..da7252b4 100755
--- a/client-cli/pvc.py
+++ b/client-cli/pvc.py
@@ -117,10 +117,14 @@ def get_store(store_path):
 
 def update_store(store_path, store_data):
     store_file = '{}/pvc-cli.json'.format(store_path)
-    with open(store_file, 'w') as fh:
-        fh.write(json.dumps(store_data, sort_keys=True, indent=4))
-    # Ensure file has 0600 permissions due to API key storage
-    os.chmod(store_file, 0o600)
+    if not os.path.exists(store_file):
+        with open(store_file, 'w') as fh:
+            fh.write(json.dumps(store_data, sort_keys=True, indent=4))
+        # Ensure file has sensible permissions due to API key storage, but only when created!
+        os.chmod(store_file, int(os.environ.get('PVC_CLIENT_DB_PERMS', 600), 8))
+    else:
+        with open(store_file, 'w') as fh:
+            fh.write(json.dumps(store_data, sort_keys=True, indent=4))
 
 pvc_client_dir = os.environ.get('PVC_CLIENT_DIR', None)
 home_dir = os.environ.get('HOME', None)