Update heat.conf permission
To avoid unauthorized users to read secrete information in heat.conf, heat.conf should be set as 640 instead of 644. Fix bug 1370870 Change-Id: I02756cea10113ca89ddeaa9232d04c75380756e8
This commit is contained in:
parent
108dba6ff4
commit
eea627edda
|
@ -6,6 +6,7 @@ This file is used to list changes made in each version of cookbook-openstack-orc
|
||||||
* Upgrading to Juno
|
* Upgrading to Juno
|
||||||
* Sync conf files with Juno
|
* Sync conf files with Juno
|
||||||
* Upgrading berkshelf from 2.0.18 to 3.1.5
|
* Upgrading berkshelf from 2.0.18 to 3.1.5
|
||||||
|
* Update mode for heat.conf from 644 to 640
|
||||||
|
|
||||||
## 9.2.0
|
## 9.2.0
|
||||||
* python_packages database client attributes have been migrated to
|
* python_packages database client attributes have been migrated to
|
||||||
|
|
|
@ -101,7 +101,7 @@ template '/etc/heat/heat.conf' do
|
||||||
source 'heat.conf.erb'
|
source 'heat.conf.erb'
|
||||||
group node['openstack']['orchestration']['group']
|
group node['openstack']['orchestration']['group']
|
||||||
owner node['openstack']['orchestration']['user']
|
owner node['openstack']['orchestration']['user']
|
||||||
mode 00644
|
mode 00640
|
||||||
variables(
|
variables(
|
||||||
mq_service_type: mq_service_type,
|
mq_service_type: mq_service_type,
|
||||||
mq_password: mq_password,
|
mq_password: mq_password,
|
||||||
|
|
|
@ -138,7 +138,7 @@ shared_examples 'expects to create heat conf' do
|
||||||
expect(chef_run).to create_template(file.name).with(
|
expect(chef_run).to create_template(file.name).with(
|
||||||
owner: 'heat',
|
owner: 'heat',
|
||||||
group: 'heat',
|
group: 'heat',
|
||||||
mode: 0644
|
mode: 0640
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue