Add exclude for permissions in kolla config.json file

When using recursive mode to set permissions for a directory as
defined in kolla config.json, all the subdirectories and files will
receive the same permissions. This change adds the option to exclude
specific files or directories - either a name or a regular expression
can be used.

Closes-Bug: #1931294
Closes-Bug: #1972168

Co-Authored-By: Jakub Darmach <[email protected]>
Change-Id: If2f39736e2af34cd91d0976051ff66f06e96ab42

Author: rainsun-minsu

doc/source/admin/kolla_api.rst

@@ -65,6 +65,9 @@ The `kolla_set_configs`_ script understands the following attributes:
     Must be passed in the numeric octal form.
   * **recurse**: whether to apply the change recursively over the target
     directory. Boolean, defaults to ``false``.
+  * **exclude**: array of names of the directories or files to be excluded when
+    ``recurse`` is set to ``true``. Supports Python regular expressions.
+    Defaults to empty array.
 
 Here is an example configuration file:
 
@@ -85,7 +88,8 @@ Here is an example configuration file:
             {
                 "path": "/var/log/kolla/trove",
                 "owner": "trove:trove",
-                "recurse": true
+                "recurse": true,
+                "exclude": ["/var/log/^snapshot.*"]
             }
         ]
     }

docker/base/set_configs.py

@@ -19,6 +19,7 @@
 import logging
 import os
 import pwd
+import re
 import shutil
 import sys
 
@@ -345,6 +346,7 @@ def handle_permissions(config):
         owner = permission.get('owner')
         recurse = permission.get('recurse', False)
         perm = permission.get('perm')
+        exclude = permission.get('exclude', [])
 
         desired_user, desired_group = user_group(owner)
         uid = pwd.getpwnam(desired_user).pw_uid
@@ -375,14 +377,24 @@ def set_perms(path, uid, gid, perm):
                     LOG.exception('Failed to set permission of %s to %s',
                                   path, perm)
 
+        def handle_exclusion(root, path_suffix):
+            full_path = os.path.join(root, path_suffix)
+            LOG.debug("Checking for exclusion: %s" % full_path)
+            if exclude:
+                for exclude_ in exclude:
+                    if not re.search(exclude_, full_path):
+                        set_perms(full_path, uid, gid, perm)
+            else:
+                set_perms(full_path, uid, gid, perm)
+
         for dest in glob.glob(path):
             set_perms(dest, uid, gid, perm)
             if recurse and os.path.isdir(dest):
                 for root, dirs, files in os.walk(dest):
                     for dir_ in dirs:
-                        set_perms(os.path.join(root, dir_), uid, gid, perm)
+                        handle_exclusion(root, dir_)
                     for file_ in files:
-                        set_perms(os.path.join(root, file_), uid, gid, perm)
+                        handle_exclusion(root, file_)
 
 
 def execute_config_strategy(config):

releasenotes/notes/permissions-exclude-e1138abb573956a7.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Adds option to exclude files and directories when setting permissions
+    defined in kolla config.json using regular expression.