openstack
/
tripleo-common
Code Issues Proposed changes

Merge "Enforce 0600 permissions on an existing SSH private key file." into stable/train

This commit is contained in:
Zuul 2020-01-25 10:17:23 +00:00 committed by Gerrit Code Review
parent 6fc665cbb6 41cf8e84b3
commit 6501655ab1
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tripleo_common/actions/ansible.py
View File

@ -232,6 +232,7 @@ class AnsibleAction(actions.Action):
# NOTE(flaper87): if it's a path, use it # NOTE(flaper87): if it's a path, use it
if (isinstance(self._ssh_private_key, six.string_types) and if (isinstance(self._ssh_private_key, six.string_types) and
os.path.exists(self._ssh_private_key)): os.path.exists(self._ssh_private_key)):
os.chmod(self._ssh_private_key, 0o600)
return self._ssh_private_key return self._ssh_private_key
path = os.path.join(self.work_dir, 'ssh_private_key') path = os.path.join(self.work_dir, 'ssh_private_key')
@ -462,6 +463,7 @@ class AnsiblePlaybookAction(base.TripleOAction):
# NOTE(flaper87): if it's a path, use it # NOTE(flaper87): if it's a path, use it
if (isinstance(self._ssh_private_key, six.string_types) and if (isinstance(self._ssh_private_key, six.string_types) and
os.path.exists(self._ssh_private_key)): os.path.exists(self._ssh_private_key)):
os.chmod(self._ssh_private_key, 0o600)
return self._ssh_private_key return self._ssh_private_key
path = os.path.join(self.work_dir, 'ssh_private_key') path = os.path.join(self.work_dir, 'ssh_private_key')