Specify permissions for write_files

FsCloudInit/CloudConfig.fs

@@ -7,19 +7,44 @@ module FileEncoding =
      [<Literal>]
      let Base64 = "b64"
 
+[<Flags>]
+type FilePermission =
+    | None = 0
+    | Execute = 1
+    | Write = 2
+    | Read = 4
+
+type FilePermissions = {
+    User : FilePermission
+    Group : FilePermission
+    Others : FilePermission
+}
+    with
+        static member None = FilePermission.None
+        static member R = FilePermission.Read
+        static member RW = FilePermission.Read ||| FilePermission.Write
+        static member RX = FilePermission.Read ||| FilePermission.Execute
+        static member RWX = FilePermission.Read ||| FilePermission.Write ||| FilePermission.Execute
+        member this.Value =
+            $"0{int this.User}{int this.Group}{int this.Others}"
+
 type WriteFile =
     {
         Encoding : string
         Content : string
         Owner : string
         Path : string
+        Permissions : string
+        Append : bool
     }
     static member Default =
         {
             Encoding = null
             Content = null
             Owner = null
             Path = null
+            Permissions = null
+            Append = false
         }
 
 type AptSource =

FsCloudInitTests/ConfigGeneration.fs

@@ -97,6 +97,53 @@ let tests =
             |> Writer.write
             |> matchExpectedAt "file-embedding.yaml"
         }
+        test "File permission strings" {
+            let perms1 = {
+                User = FilePermissions.RWX
+                Group = FilePermissions.RW
+                Others = FilePermissions.R
+            }
+            Expect.equal perms1.Value "0764" "Unexpected permission mask perms1"
+            let perms2 = {
+                User = FilePermissions.None
+                Group = FilePermissions.None
+                Others = FilePermissions.None
+            }
+            Expect.equal perms2.Value "0000" "Unexpected permission mask perms2"
+            let perms3 = {
+                User = FilePermissions.RW
+                Group = FilePermissions.R
+                Others = FilePermissions.R
+            }
+            Expect.equal perms3.Value "0644" "Unexpected permission mask perms3"
+            let perms4 = {
+                User = FilePermissions.R
+                Group = FilePermissions.None
+                Others = FilePermissions.None
+            }
+            Expect.equal perms4.Value "0400" "Unexpected permission mask perms4"
+        }
+        test "Embed readonly file" {
+            let content = "hello world"
+            {
+                CloudConfig.Default with
+                    WriteFiles = [
+                        {
+                            WriteFile.Default with
+                                Encoding = FileEncoding.Base64
+                                Content = content |> System.Text.Encoding.UTF8.GetBytes |> Convert.ToBase64String
+                                Path = "/var/lib/data/hello"
+                                Owner = "azureuser:azureuser"
+                                Permissions = {
+                                    User = FilePermissions.R
+                                    Group = FilePermissions.None
+                                    Others = FilePermissions.None }.Value
+                        }
+                    ]
+            }
+            |> Writer.write
+            |> matchExpectedAt "file-embedding-readonly.yaml"
+        }
         test "Run a command" {
             {
                 CloudConfig.Default with

FsCloudInitTests/TestContent/file-embedding-readonly.yaml

@@ -0,0 +1,7 @@
+#cloud-config
+write_files:
+- encoding: b64
+  content: aGVsbG8gd29ybGQ=
+  owner: azureuser:azureuser
+  path: /var/lib/data/hello
+  permissions: 0400