Add mode to packer

Address E208 rule violation

Change-Id: I9ab220b0b8cf52ec42d2b4f5097b8bdc9b8f6fc8
Upstream: https://ansible-lint.readthedocs.io/en/latest/default_rules.html#file-permissions-not-mentioned

.ansible-lint

@@ -8,8 +8,9 @@ skip_list:
            # TODO(AJaeger): E208 gives false positives currently, we
            # should enable it once all issues in zuul-jobs and
            # ansible-lint are fixed.
-  - '208'  # File permissions not mentioned
   - '301'  # Commands should not change things if nothing needs doing
+warn_list:
+  - '208'  # File permissions not mentioned
 rulesdir:
   - ./.rules/
 use_default_rules: true

roles/ensure-packer/tasks/install-packer.yaml

@@ -29,23 +29,26 @@
   file:
     path: "{{ packer_install_tempdir.path }}/{{ packer_package }}"
     state: directory
+    mode: 0700
 
 - name: Unarchive packer
   unarchive:
     src: "{{ packer_install_tempdir.path }}/{{ packer_package }}.zip"
     dest: "{{ packer_install_tempdir.path }}/{{ packer_package }}"
     remote_src: yes
+    mode: 0600
 
 - name: Make sure installation directory exists
   file:
     path: "{{ packer_install_dir }}"
     state: directory
+    mode: 0755
 
 - name: Install packer
   copy:
     src: "{{ packer_install_tempdir.path }}/{{ packer_package }}/packer"
     dest: "{{ packer_install_dir }}/packer"
-    mode: '0755'
+    mode: 0755
     owner: "{{ ansible_user }}"
     remote_src: yes
 

roles/packer/tasks/main.yaml

@@ -13,6 +13,7 @@
     content: |
       {{ packer_variables | to_json }}
     dest: "{{ packer_variable_tempfile.path }}"
+    mode: 0600
   when: packer_variables is defined
   no_log: true  # We don't want to log this since credentials could be passed this way