update permission of paste config to 600
to ensure that any system users cannot read credentials stored in the file.
This commit is contained in:
parent
c3515c93e3
commit
7d07f23914
@ -37,7 +37,9 @@ class cinder::base (
|
||||
mode => '0600',
|
||||
}
|
||||
|
||||
file { $::cinder::params::cinder_paste_api_ini: }
|
||||
file { $::cinder::params::cinder_paste_api_ini:
|
||||
mode => '0600',
|
||||
}
|
||||
|
||||
# Temporary fixes
|
||||
file { ['/var/log/cinder', '/var/lib/cinder']:
|
||||
|
@ -40,5 +40,13 @@ describe 'cinder::base' do
|
||||
)
|
||||
end
|
||||
|
||||
it { should contain_file('/etc/cinder/cinder.conf').with(
|
||||
:mode => '0600'
|
||||
) }
|
||||
|
||||
it { should contain_file('/etc/cinder/api-paste.ini').with(
|
||||
:mode => '0600'
|
||||
) }
|
||||
|
||||
end
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user