From 9b5e0571e3d75e69d76a2936d3be0cd3e136f995 Mon Sep 17 00:00:00 2001
From: Alexandre Horst <alexandre.horst@windriver.com>
Date: Tue, 2 Nov 2021 09:17:38 -0300
Subject: [PATCH] Remove read permission from key files

After files being copied, the new code remove read permission
from key files. They are with read flag enabled for group and
other.

Files changed after this change:
  /etc/etcd/ca.key
  /etc/etcd/etcd-server.key
  /etc/etcd/etcd-client.key
  /etc/ssl/private/registry-cert.key

Test Plan:

PASS: Verify that read file permission of the file is removed
      from files with .key extension in /etc/etcd

Closes-Bug: 1949781
Change-Id: I8159ecc8c4a4f5255447b28a1826637673a7c0ef
Signed-off-by: Alexandre Horst <alexandre.horst@windriver.com>
---
 .../controllerconfig/scripts/controller_config       | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/controllerconfig/controllerconfig/scripts/controller_config b/controllerconfig/controllerconfig/scripts/controller_config
index 6fda6a6c53..7398f76e0a 100755
--- a/controllerconfig/controllerconfig/scripts/controller_config
+++ b/controllerconfig/controllerconfig/scripts/controller_config
@@ -309,7 +309,8 @@ start()
 
     if [ -e $CONFIG_DIR/etcd/etcd-server.key ]
     then
-        cp $CONFIG_DIR/etcd/etcd-server.key /etc/etcd/etcd-server.key
+        cp $CONFIG_DIR/etcd/etcd-server.key /etc/etcd/etcd-server.key &&
+        chmod 600 /etc/etcd/etcd-server.key
         if [ $? -ne 0 ]
         then
             fatal_error "Unable to copy $CONFIG_DIR/etcd/etcd-server.key"
@@ -327,7 +328,8 @@ start()
 
     if [ -e $CONFIG_DIR/etcd/etcd-client.key ]
     then
-        cp $CONFIG_DIR/etcd/etcd-client.key /etc/etcd/etcd-client.key
+        cp $CONFIG_DIR/etcd/etcd-client.key /etc/etcd/etcd-client.key &&
+        chmod 600 /etc/etcd/etcd-client.key
         if [ $? -ne 0 ]
         then
             fatal_error "Unable to copy $CONFIG_DIR/etcd/etcd-client.key"
@@ -345,7 +347,8 @@ start()
 
     if [ -e $CONFIG_DIR/etcd/ca.key ]
     then
-        cp $CONFIG_DIR/etcd/ca.key /etc/etcd/ca.key
+        cp $CONFIG_DIR/etcd/ca.key /etc/etcd/ca.key &&
+        chmod 600 /etc/etcd/ca.key
         if [ $? -ne 0 ]
         then
             fatal_error "Unable to copy $CONFIG_DIR/etcd/ca.key"
@@ -354,7 +357,8 @@ start()
 
     if [ -e $CONFIG_DIR/registry-cert.key ]
     then
-        cp $CONFIG_DIR/registry-cert.key /etc/ssl/private/registry-cert.key
+        cp $CONFIG_DIR/registry-cert.key /etc/ssl/private/registry-cert.key &&
+        chmod 600 /etc/ssl/private/registry-cert.key
         if [ $? -ne 0 ]
         then
             fatal_error "Unable to copy $CONFIG_DIR/registry-cert.key"