From d48c234b1e9a55ba7ae7ce9cfb3b99309eb85ae5 Mon Sep 17 00:00:00 2001
From: Tyler Smith <tyler.smith@windriver.com>
Date: Wed, 17 Jul 2019 14:40:03 -0400
Subject: [PATCH] Zero Touch Provisioning changes for subcloud configuration

- Modifying permissions to prevent non-root users from seeing passwords
  in the /opt/dc/ansible folder

Change-Id: I90cad757c116b2d4b8b355c3cfe81d0c4e357138
Story: 2004766
Task: 35756
Signed-off-by: Tyler Smith <tyler.smith@windriver.com>
---
 openstack/distributedcloud/centos/distributedcloud.spec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/openstack/distributedcloud/centos/distributedcloud.spec b/openstack/distributedcloud/centos/distributedcloud.spec
index 2ede8610..781c82b3 100644
--- a/openstack/distributedcloud/centos/distributedcloud.spec
+++ b/openstack/distributedcloud/centos/distributedcloud.spec
@@ -158,7 +158,7 @@ cd %{_builddir}/%{pypi_name}-%{version} && oslo-config-generator --config-file .
 install -p -D -m 640 %{_builddir}/%{pypi_name}-%{version}%{_sysconfdir}/dcdbsync/dcdbsync.conf.sample %{buildroot}%{_sysconfdir}/dcdbsync/dcdbsync.conf
 
 # install ansible overrides dir
-install -d -m 755 ${RPM_BUILD_ROOT}/opt/dc/ansible
+install -d -m 600 ${RPM_BUILD_ROOT}/opt/dc/ansible
 
 %files dcmanager
 %license LICENSE
@@ -176,7 +176,7 @@ install -d -m 755 ${RPM_BUILD_ROOT}/opt/dc/ansible
 %dir %attr(0755,root,root) %{_sysconfdir}/dcmanager
 %config(noreplace) %attr(-, root, root) %{_sysconfdir}/dcmanager/dcmanager.conf
 %dir %attr(0755,root,root) /usr/lib/ocf/resource.d/openstack
-%dir %attr(0755,root,root) /opt/dc/ansible
+%dir %attr(0600,root,root) /opt/dc/ansible
 %defattr(-,root,root,-)
 /usr/lib/ocf/resource.d/openstack/dcmanager-*