Update keystone.conf permission

To avoid other users to access scecret in keystone.conf, set the file permission to 640 instead of 644 Fix bug 1369446 Change-Id: I26af2ae803de9ba909d3356c27a33563fba68af3
2014-09-15 04:35:36 -04:00
parent bc8e6a9250
commit 5b0944ff56
4 changed files with 5 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,7 @@
 # CHANGELOG for cookbook-openstack-identity
 This file is used to list changes made in each version of cookbook-openstack-identity.
+## 10.0.1
+* Update keystone.conf from mode 0644 to 0640

 ## 10.0.0
 * Upgrading to Juno
--- a/metadata.rb
+++ b/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email 'matt@opscode.com'
 license          'Apache 2.0'
 description      'The OpenStack Identity service Keystone.'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '10.0.0'
+version          '10.0.1'

 recipe           'openstack-identity::client', 'Install packages required for keystone client'
 recipe           'openstack-identity::server', 'Installs and Configures Keystone Service'
--- a/recipes/server.rb
+++ b/recipes/server.rb
@@ -200,7 +200,7 @@ template '/etc/keystone/keystone.conf' do
  source 'keystone.conf.erb'
  owner node['openstack']['identity']['user']
  group node['openstack']['identity']['group']
-  mode   00644
+  mode   00640
  variables(
    sql_connection: sql_connection,
    bind_address: bind_address,
--- a/spec/server_spec.rb
+++ b/spec/server_spec.rb
@@ -352,7 +352,7 @@ describe 'openstack-identity::server' do
        end

        it 'has correct modes' do
-          expect(sprintf('%o', resource.mode)).to eq('644')
+          expect(sprintf('%o', resource.mode)).to eq('640')
        end
      end