Correct TLS cert permission

This patch corrects file permission of cert directory and certificates for QDR. Change-Id: I5a8e4b3598d5e5a30ec967fba504bac91c7f51ec (cherry picked from commit 109a62a61e)
2022-06-24 16:34:07 +02:00 · 2022-06-24 16:34:07 +02:00 · 6710e46474
parent ec757c161d
commit 6710e46474
2 changed files with 5 additions and 5 deletions
--- a/manifests/profile/base/metrics/qdr.pp
+++ b/manifests/profile/base/metrics/qdr.pp
@ -209,7 +209,7 @@ class tripleo::profile::base::metrics::qdr (

    file { $ssl_cert_dir:
      ensure => directory,
-      mode   => '0700'
+      mode   => '0755'
    }
    $prep_ssl_profiles = qdr_ssl_certificate($ssl_profiles, $ssl_cert_dir)
    $final_ssl_profiles = $prep_ssl_profiles.reduce( [] ) |$memo, $prf| {
@ -217,7 +217,7 @@ class tripleo::profile::base::metrics::qdr (
        file { $prf['caCertFile']:
          ensure  => present,
          content => $prf['caCertFileContent'],
-          mode    => '0600',
+          mode    => '0644',
          require => File[$ssl_cert_dir]
        }
        $memo << delete($prf, 'caCertFileContent')
--- a/spec/classes/tripleo_profile_base_metrics_qdr_spec.rb
+++ b/spec/classes/tripleo_profile_base_metrics_qdr_spec.rb
@ -207,17 +207,17 @@ describe 'tripleo::profile::base::metrics::qdr' do
        ])
        is_expected.to contain_file('/tmp/certs').with(
          :ensure => 'directory',
-          :mode => '0700'
+          :mode => '0755'
        )
        is_expected.to contain_file('/tmp/certs/CA_wubba.pem').with(
          :ensure => 'present',
          :content => 'ca_wubba',
-          :mode => '0600'
+          :mode => '0644'
        )
        is_expected.to contain_file('/tmp/certs/CA_lubba.pem').with(
          :ensure => 'present',
          :content => 'ca_lubba',
-          :mode => '0600'
+          :mode => '0644'
        )
      end
    end