Update heat.conf permission

To avoid unauthorized users to read secrete information in
heat.conf, heat.conf should be set as 640 instead of 644.

Fix bug 1370870
Change-Id: I02756cea10113ca89ddeaa9232d04c75380756e8
This commit is contained in:
leileiz 2014-09-18 01:55:49 -04:00
parent 108dba6ff4
commit eea627edda
3 changed files with 3 additions and 2 deletions

View File

@ -6,6 +6,7 @@ This file is used to list changes made in each version of cookbook-openstack-orc
* Upgrading to Juno * Upgrading to Juno
* Sync conf files with Juno * Sync conf files with Juno
* Upgrading berkshelf from 2.0.18 to 3.1.5 * Upgrading berkshelf from 2.0.18 to 3.1.5
* Update mode for heat.conf from 644 to 640
## 9.2.0 ## 9.2.0
* python_packages database client attributes have been migrated to * python_packages database client attributes have been migrated to

View File

@ -101,7 +101,7 @@ template '/etc/heat/heat.conf' do
source 'heat.conf.erb' source 'heat.conf.erb'
group node['openstack']['orchestration']['group'] group node['openstack']['orchestration']['group']
owner node['openstack']['orchestration']['user'] owner node['openstack']['orchestration']['user']
mode 00644 mode 00640
variables( variables(
mq_service_type: mq_service_type, mq_service_type: mq_service_type,
mq_password: mq_password, mq_password: mq_password,

View File

@ -138,7 +138,7 @@ shared_examples 'expects to create heat conf' do
expect(chef_run).to create_template(file.name).with( expect(chef_run).to create_template(file.name).with(
owner: 'heat', owner: 'heat',
group: 'heat', group: 'heat',
mode: 0644 mode: 0640
) )
end end