Update cinder.conf permission
cinder.conf contains some secret information such as qpid password. To prevent unauthorized users to access it, this file should be set as 640 mode. Fix bug 1369467 Change-Id: I12a0e6e3e492397f1282366ab38ed1e1f46997f7
This commit is contained in:
parent
6dbe30d817
commit
3b3c18ff81
|
@ -1,6 +1,8 @@
|
|||
openstack-block-storage Cookbook CHANGELOG
|
||||
==============================
|
||||
This file is used to list changes made in each version of the openstack-block-storage cookbook.
|
||||
## 10.0.1
|
||||
# Update cinder.conf mode from 0644 to 0640
|
||||
|
||||
## 10.0.0
|
||||
* Upgrading to Juno
|
||||
|
|
|
@ -5,7 +5,7 @@ maintainer_email 'cookbooks@lists.tfoundry.com'
|
|||
license 'Apache 2.0'
|
||||
description 'The OpenStack Advanced Volume Management service Cinder.'
|
||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
||||
version '10.0.0'
|
||||
version '10.0.1'
|
||||
|
||||
recipe 'openstack-block-storage::api', 'Installs the cinder-api, sets up the cinder database, and cinder service/user/endpoints in keystone'
|
||||
recipe 'openstack-block-storage::client', 'Install packages required for cinder client'
|
||||
|
|
|
@ -90,7 +90,7 @@ template '/etc/cinder/cinder.conf' do
|
|||
source 'cinder.conf.erb'
|
||||
group node['openstack']['block-storage']['group']
|
||||
owner node['openstack']['block-storage']['user']
|
||||
mode 00644
|
||||
mode 00640
|
||||
variables(
|
||||
sql_connection: sql_connection,
|
||||
mq_service_type: mq_service_type,
|
||||
|
|
|
@ -72,7 +72,7 @@ describe 'openstack-block-storage::cinder-common' do
|
|||
end
|
||||
|
||||
it 'has proper modes' do
|
||||
expect(sprintf('%o', file.mode)).to eq '644'
|
||||
expect(sprintf('%o', file.mode)).to eq '640'
|
||||
end
|
||||
|
||||
context 'template keystone contents' do
|
||||
|
|
|
@ -108,7 +108,7 @@ def expect_creates_cinder_conf(service, user, group, action = :restart) # ruboco
|
|||
end
|
||||
|
||||
it 'has proper modes' do
|
||||
expect(sprintf('%o', file.mode)).to eq '644'
|
||||
expect(sprintf('%o', file.mode)).to eq '640'
|
||||
end
|
||||
|
||||
it 'notifies service restart' do
|
||||
|
|
Loading…
Reference in New Issue