Update keystone.conf permission

To avoid other users to access scecret in keystone.conf, set the
file permission to 640 instead of 644

Fix bug 1369446
Change-Id: I26af2ae803de9ba909d3356c27a33563fba68af3

CHANGELOG.md

@@ -1,5 +1,7 @@
 # CHANGELOG for cookbook-openstack-identity
 This file is used to list changes made in each version of cookbook-openstack-identity.
+## 10.0.1
+* Update keystone.conf from mode 0644 to 0640
 
 ## 10.0.0
 * Upgrading to Juno

metadata.rb

@@ -4,7 +4,7 @@ maintainer_email 'matt@opscode.com'
 license          'Apache 2.0'
 description      'The OpenStack Identity service Keystone.'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '10.0.0'
+version          '10.0.1'
 
 recipe           'openstack-identity::client', 'Install packages required for keystone client'
 recipe           'openstack-identity::server', 'Installs and Configures Keystone Service'

recipes/server.rb

@@ -200,7 +200,7 @@ template '/etc/keystone/keystone.conf' do
   source 'keystone.conf.erb'
   owner node['openstack']['identity']['user']
   group node['openstack']['identity']['group']
-  mode   00644
+  mode   00640
   variables(
     sql_connection: sql_connection,
     bind_address: bind_address,

spec/server_spec.rb

@@ -352,7 +352,7 @@ describe 'openstack-identity::server' do
         end
 
         it 'has correct modes' do
-          expect(sprintf('%o', resource.mode)).to eq('644')
+          expect(sprintf('%o', resource.mode)).to eq('640')
         end
       end