Merge "Increase file permissions around generate keys" into feature/zuulv3
This commit is contained in:
commit
08ec3bade9
|
@ -903,7 +903,7 @@ class TenantParser(object):
|
||||||
|
|
||||||
key_dir = os.path.dirname(project.private_key_file)
|
key_dir = os.path.dirname(project.private_key_file)
|
||||||
if not os.path.isdir(key_dir):
|
if not os.path.isdir(key_dir):
|
||||||
os.makedirs(key_dir)
|
os.makedirs(key_dir, 0o700)
|
||||||
|
|
||||||
TenantParser.log.info(
|
TenantParser.log.info(
|
||||||
"Generating RSA keypair for project %s" % (project.name,)
|
"Generating RSA keypair for project %s" % (project.name,)
|
||||||
|
@ -920,6 +920,9 @@ class TenantParser(object):
|
||||||
with open(project.private_key_file, 'wb') as f:
|
with open(project.private_key_file, 'wb') as f:
|
||||||
f.write(pem_private_key)
|
f.write(pem_private_key)
|
||||||
|
|
||||||
|
# Ensure private key is read/write for zuul user only.
|
||||||
|
os.chmod(project.private_key_file, 0o600)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def _loadKeys(project):
|
def _loadKeys(project):
|
||||||
# Check the key files specified are there
|
# Check the key files specified are there
|
||||||
|
|
Loading…
Reference in New Issue