Dashboard's local_settings file should not be world readable

The file /etc/openstack-dashboard/local_settings contains some security values which should not be publicly disclosed like the SECRET_KEY. According to the documentation of Django, this value should remain secret : https://docs.djangoproject.com/en/dev/ref/settings/#secret-key Change-Id: Ia2ba9403f06156a8312d4d1ec8b1c8eb0d99fbb5 Resolves: rhbz#1217089
2015-12-03 19:43:12 -07:00
parent 75bcfd3031
commit 8414e52bce
1 changed files with 7 additions and 0 deletions
--- a/packstack/puppet/templates/horizon.pp
+++ b/packstack/puppet/templates/horizon.pp
@@ -44,6 +44,13 @@ class {'::horizon':
  },
 }

+File <| path == $::horizon::params::config_file |> {
+  ensure  => present,
+  owner   => 'root',
+  group   => $::horizon::params::apache_group,
+  mode    => 0640,
+}
+
 if $horizon_ssl {
  apache::listen { '443': }
 }