Correct TLS cert permission

This patch corrects file permission of cert directory and certificates
for QDR.

Depends-On: If75c8d42891efa87ca1922e2189027b077e37fd9

Change-Id: I5a8e4b3598d5e5a30ec967fba504bac91c7f51ec
(cherry picked from commit 109a62a61e)
This commit is contained in:
Martin Mágr 2022-06-24 16:34:07 +02:00 committed by Martin Magr
parent 0ab70ac702
commit e0687aa02b
2 changed files with 5 additions and 5 deletions

View File

@ -218,7 +218,7 @@ class tripleo::profile::base::metrics::qdr (
file { $ssl_cert_dir:
ensure => directory,
mode => '0700'
mode => '0755'
}
$prep_ssl_profiles = qdr_ssl_certificate($ssl_profiles, $ssl_cert_dir)
$final_ssl_profiles = $prep_ssl_profiles.reduce( [] ) |$memo, $prf| {
@ -226,7 +226,7 @@ class tripleo::profile::base::metrics::qdr (
file { $prf['caCertFile']:
ensure => present,
content => $prf['caCertFileContent'],
mode => '0600',
mode => '0644',
require => File[$ssl_cert_dir]
}
$memo << delete($prf, 'caCertFileContent')

View File

@ -207,17 +207,17 @@ describe 'tripleo::profile::base::metrics::qdr' do
])
is_expected.to contain_file('/tmp/certs').with(
:ensure => 'directory',
:mode => '0700'
:mode => '0755'
)
is_expected.to contain_file('/tmp/certs/CA_wubba.pem').with(
:ensure => 'present',
:content => 'ca_wubba',
:mode => '0600'
:mode => '0644'
)
is_expected.to contain_file('/tmp/certs/CA_lubba.pem').with(
:ensure => 'present',
:content => 'ca_lubba',
:mode => '0600'
:mode => '0644'
)
end
end