From e0687aa02bbdfe8697bea405d8a763f5903a6fa2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20M=C3=A1gr?= <mmagr@redhat.com>
Date: Fri, 24 Jun 2022 16:34:07 +0200
Subject: [PATCH] Correct TLS cert permission

This patch corrects file permission of cert directory and certificates
for QDR.

Depends-On: If75c8d42891efa87ca1922e2189027b077e37fd9

Change-Id: I5a8e4b3598d5e5a30ec967fba504bac91c7f51ec
(cherry picked from commit 109a62a61e06b44e4764258082cb47c57409afeb)
---
 manifests/profile/base/metrics/qdr.pp                 | 4 ++--
 spec/classes/tripleo_profile_base_metrics_qdr_spec.rb | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/manifests/profile/base/metrics/qdr.pp b/manifests/profile/base/metrics/qdr.pp
index fdb6e755a..dd8c53f30 100644
--- a/manifests/profile/base/metrics/qdr.pp
+++ b/manifests/profile/base/metrics/qdr.pp
@@ -218,7 +218,7 @@ class tripleo::profile::base::metrics::qdr (
 
     file { $ssl_cert_dir:
       ensure => directory,
-      mode   => '0700'
+      mode   => '0755'
     }
     $prep_ssl_profiles = qdr_ssl_certificate($ssl_profiles, $ssl_cert_dir)
     $final_ssl_profiles = $prep_ssl_profiles.reduce( [] ) |$memo, $prf| {
@@ -226,7 +226,7 @@ class tripleo::profile::base::metrics::qdr (
         file { $prf['caCertFile']:
           ensure  => present,
           content => $prf['caCertFileContent'],
-          mode    => '0600',
+          mode    => '0644',
           require => File[$ssl_cert_dir]
         }
         $memo << delete($prf, 'caCertFileContent')
diff --git a/spec/classes/tripleo_profile_base_metrics_qdr_spec.rb b/spec/classes/tripleo_profile_base_metrics_qdr_spec.rb
index 58df1ea75..94fdd1a6d 100644
--- a/spec/classes/tripleo_profile_base_metrics_qdr_spec.rb
+++ b/spec/classes/tripleo_profile_base_metrics_qdr_spec.rb
@@ -207,17 +207,17 @@ describe 'tripleo::profile::base::metrics::qdr' do
         ])
         is_expected.to contain_file('/tmp/certs').with(
           :ensure => 'directory',
-          :mode => '0700'
+          :mode => '0755'
         )
         is_expected.to contain_file('/tmp/certs/CA_wubba.pem').with(
           :ensure => 'present',
           :content => 'ca_wubba',
-          :mode => '0600'
+          :mode => '0644'
         )
         is_expected.to contain_file('/tmp/certs/CA_lubba.pem').with(
           :ensure => 'present',
           :content => 'ca_lubba',
-          :mode => '0600'
+          :mode => '0644'
         )
       end
     end