Update heat.conf permission
To avoid unauthorized users to read secrete information in heat.conf, heat.conf should be set as 640 instead of 644. Fix bug 1370870 Change-Id: I02756cea10113ca89ddeaa9232d04c75380756e8
This commit is contained in:
parent
108dba6ff4
commit
eea627edda
|
@ -6,6 +6,7 @@ This file is used to list changes made in each version of cookbook-openstack-orc
|
|||
* Upgrading to Juno
|
||||
* Sync conf files with Juno
|
||||
* Upgrading berkshelf from 2.0.18 to 3.1.5
|
||||
* Update mode for heat.conf from 644 to 640
|
||||
|
||||
## 9.2.0
|
||||
* python_packages database client attributes have been migrated to
|
||||
|
|
|
@ -101,7 +101,7 @@ template '/etc/heat/heat.conf' do
|
|||
source 'heat.conf.erb'
|
||||
group node['openstack']['orchestration']['group']
|
||||
owner node['openstack']['orchestration']['user']
|
||||
mode 00644
|
||||
mode 00640
|
||||
variables(
|
||||
mq_service_type: mq_service_type,
|
||||
mq_password: mq_password,
|
||||
|
|
|
@ -138,7 +138,7 @@ shared_examples 'expects to create heat conf' do
|
|||
expect(chef_run).to create_template(file.name).with(
|
||||
owner: 'heat',
|
||||
group: 'heat',
|
||||
mode: 0644
|
||||
mode: 0640
|
||||
)
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue