Update cinder.conf permission

cinder.conf contains some secret information such as qpid password. To prevent unauthorized users to access it, this file should be set as 640 mode. Fix bug 1369467 Change-Id: I12a0e6e3e492397f1282366ab38ed1e1f46997f7
2014-09-15 10:59:14 -04:00 · 2014-09-15 10:59:14 -04:00 · 3b3c18ff81
parent 6dbe30d817
commit 3b3c18ff81
5 changed files with 6 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,6 +1,8 @@
 openstack-block-storage Cookbook CHANGELOG
 ==============================
 This file is used to list changes made in each version of the openstack-block-storage cookbook.
+## 10.0.1
+# Update cinder.conf mode from 0644 to 0640

 ## 10.0.0
 * Upgrading to Juno
--- a/metadata.rb
+++ b/metadata.rb
@ -5,7 +5,7 @@ maintainer_email 'cookbooks@lists.tfoundry.com'
 license          'Apache 2.0'
 description      'The OpenStack Advanced Volume Management service Cinder.'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '10.0.0'
+version          '10.0.1'

 recipe           'openstack-block-storage::api', 'Installs the cinder-api, sets up the cinder database, and cinder service/user/endpoints in keystone'
 recipe           'openstack-block-storage::client', 'Install packages required for cinder client'
--- a/recipes/cinder-common.rb
+++ b/recipes/cinder-common.rb
@ -90,7 +90,7 @@ template '/etc/cinder/cinder.conf' do
  source 'cinder.conf.erb'
  group node['openstack']['block-storage']['group']
  owner node['openstack']['block-storage']['user']
-  mode 00644
+  mode 00640
  variables(
    sql_connection: sql_connection,
    mq_service_type: mq_service_type,
--- a/spec/cinder_common_spec.rb
+++ b/spec/cinder_common_spec.rb
@ -72,7 +72,7 @@ describe 'openstack-block-storage::cinder-common' do
      end

      it 'has proper modes' do
-        expect(sprintf('%o', file.mode)).to eq '644'
+        expect(sprintf('%o', file.mode)).to eq '640'
      end

      context 'template keystone contents' do
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@ -108,7 +108,7 @@ def expect_creates_cinder_conf(service, user, group, action = :restart) # ruboco
    end

    it 'has proper modes' do
-      expect(sprintf('%o', file.mode)).to eq '644'
+      expect(sprintf('%o', file.mode)).to eq '640'
    end

    it 'notifies service restart' do