From 0c570993670e12f141e72cd034ececd9fa256ad4 Mon Sep 17 00:00:00 2001
From: Andrey <agrebennikov@mirantis.com>
Date: Tue, 17 Jan 2017 15:40:17 -0600
Subject: [PATCH] Change permission for conf folder

According to the security guide config files should not be
reachable by any users except the owner and root.

Change-Id: I5caba528ae85a8209de7637ecfdd9407e10ea0df
---
 tasks/keystone_pre_install.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/keystone_pre_install.yml b/tasks/keystone_pre_install.yml
index ce22f66a..fbc668bf 100644
--- a/tasks/keystone_pre_install.yml
+++ b/tasks/keystone_pre_install.yml
@@ -57,7 +57,7 @@
     mode: "{{ item.mode|default(0755) }}"
   with_items:
     - { path: "/openstack", mode: "0755", owner: "root", group: "root" }
-    - { path: "/etc/keystone" }
+    - { path: "/etc/keystone", mode: "0750" }
     - { path: "{{ keystone_ldap_domain_config_dir }}" }
     - { path: "/etc/keystone/ssl" }
     - { path: "{{ keystone_fernet_tokens_key_repository }}", mode: "2750"}