Move the chmod function before the write and flush functions to prevent sensitive information leakage.
Closes-Bug: #2047690 Change-Id: I2b88a14cc67a4fba35fcfc187a91771e1d714844
This commit is contained in:
parent
f6baa6d1ff
commit
cb71d19382
@ -189,23 +189,22 @@ def create_client_files(cluster, context=None):
|
||||
magnum_cert = get_cluster_magnum_cert(cluster, context)
|
||||
|
||||
ca_file = open(cached_ca_file, "w+")
|
||||
os.chmod(cached_ca_file, 0o600)
|
||||
ca_file.write(encodeutils.safe_decode(ca_cert.get_certificate()))
|
||||
ca_file.flush()
|
||||
|
||||
key_file = open(cached_key_file, "w+")
|
||||
os.chmod(cached_key_file, 0o600)
|
||||
key_file.write(encodeutils.safe_decode(
|
||||
magnum_cert.get_decrypted_private_key()))
|
||||
key_file.flush()
|
||||
|
||||
cert_file = open(cached_cert_file, "w+")
|
||||
os.chmod(cached_cert_file, 0o600)
|
||||
cert_file.write(
|
||||
encodeutils.safe_decode(magnum_cert.get_certificate()))
|
||||
cert_file.flush()
|
||||
|
||||
os.chmod(cached_ca_file, 0o600)
|
||||
os.chmod(cached_key_file, 0o600)
|
||||
os.chmod(cached_cert_file, 0o600)
|
||||
|
||||
else:
|
||||
ca_file = open(cached_ca_file, "r")
|
||||
key_file = open(cached_key_file, "r")
|
||||
|
Loading…
Reference in New Issue
Block a user