openstack/cookbook-openstack-block-storage
Code Issues Proposed changes

Update cinder.conf permission

Browse Source 
cinder.conf contains some secret information such as qpid password.
To prevent unauthorized users to access it, this file should be set
as 640 mode.

Fix bug 1369467
Change-Id: I12a0e6e3e492397f1282366ab38ed1e1f46997f7
This commit is contained in:
leileiz
2014-09-15 10:59:14 -04:00
parent 6dbe30d817
commit 3b3c18ff81
5 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@@ -1,6 +1,8 @@
openstack-block-storage Cookbook CHANGELOG openstack-block-storage Cookbook CHANGELOG
============================== ==============================
This file is used to list changes made in each version of the openstack-block-storage cookbook. This file is used to list changes made in each version of the openstack-block-storage cookbook.
## 10.0.1
# Update cinder.conf mode from 0644 to 0640
## 10.0.0 ## 10.0.0
* Upgrading to Juno * Upgrading to Juno

2
metadata.rb
View File

@@ -5,7 +5,7 @@ maintainer_email 'cookbooks@lists.tfoundry.com'
license 'Apache 2.0' license 'Apache 2.0'
description 'The OpenStack Advanced Volume Management service Cinder.' description 'The OpenStack Advanced Volume Management service Cinder.'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '10.0.0' version '10.0.1'
recipe 'openstack-block-storage::api', 'Installs the cinder-api, sets up the cinder database, and cinder service/user/endpoints in keystone' recipe 'openstack-block-storage::api', 'Installs the cinder-api, sets up the cinder database, and cinder service/user/endpoints in keystone'
recipe 'openstack-block-storage::client', 'Install packages required for cinder client' recipe 'openstack-block-storage::client', 'Install packages required for cinder client'

2
recipes/cinder-common.rb
View File

@@ -90,7 +90,7 @@ template '/etc/cinder/cinder.conf' do
source 'cinder.conf.erb' source 'cinder.conf.erb'
group node['openstack']['block-storage']['group'] group node['openstack']['block-storage']['group']
owner node['openstack']['block-storage']['user'] owner node['openstack']['block-storage']['user']
mode 00644 mode 00640
variables( variables(
sql_connection: sql_connection, sql_connection: sql_connection,
mq_service_type: mq_service_type, mq_service_type: mq_service_type,

2
spec/cinder_common_spec.rb
View File

@@ -72,7 +72,7 @@ describe 'openstack-block-storage::cinder-common' do
end end
it 'has proper modes' do it 'has proper modes' do
expect(sprintf('%o', file.mode)).to eq '644' expect(sprintf('%o', file.mode)).to eq '640'
end end
context 'template keystone contents' do context 'template keystone contents' do

2
spec/spec_helper.rb
View File

@@ -108,7 +108,7 @@ def expect_creates_cinder_conf(service, user, group, action = :restart) # ruboco
end end
it 'has proper modes' do it 'has proper modes' do
expect(sprintf('%o', file.mode)).to eq '644' expect(sprintf('%o', file.mode)).to eq '640'
end end
it 'notifies service restart' do it 'notifies service restart' do