From 428e7c55f6c0749ea180f0b89a61cfcf2fa63452 Mon Sep 17 00:00:00 2001
From: Jason Hedden <jason@latigid.net>
Date: Wed, 10 May 2017 09:54:41 -0500
Subject: [PATCH] Update file and directory permissions

Currently the clouds.yaml directory permissions are hardcoded and
missing the execute bit. When using this role with a default location in
/etc/openstack, normal system users are not able to read the
configuration file.

This commit adds variable overrides for the file and directory
permissions, as well as correcting the directory permissions.

Change-Id: I2380030235d455ff4dd0ea7658c7146ece60db81
Closes-Bug: #1689837
---
 defaults/main.yml | 3 +++
 tasks/main.yml    | 6 +++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index e450f8b..de1eb7e 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -32,11 +32,14 @@ openrc_insecure: "{{ (keystone_service_adminuri_insecure | bool or keystone_serv
 openrc_file_dest: "{{ ansible_env.HOME }}/openrc"
 openrc_file_owner: "{{ ansible_user_id }}"
 openrc_file_group: "{{ ansible_user_id }}"
+openrc_file_mode: "0600"
 
 ## Create clouds.yml file
 openrc_openstack_client_config_dir_dest: "{{ ansible_env.HOME }}/.config/openstack"
 openrc_openstack_client_config_dir_owner: "{{ ansible_user_id }}"
 openrc_openstack_client_config_dir_group: "{{ ansible_user_id }}"
+openrc_openstack_client_config_dir_mode: "0700"
 openrc_clouds_yml_file_dest: "{{ openrc_openstack_client_config_dir_dest }}/clouds.yaml"
 openrc_clouds_yml_file_owner: "{{ ansible_user_id }}"
 openrc_clouds_yml_file_group: "{{ ansible_user_id }}"
+openrc_clouds_yml_file_mode: "0600"
diff --git a/tasks/main.yml b/tasks/main.yml
index f4e6567..71341cd 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -19,7 +19,7 @@
     dest: "{{ openrc_file_dest }}"
     owner: "{{ openrc_file_owner }}"
     group: "{{ openrc_file_group }}"
-    mode: "0600"
+    mode: "{{ openrc_file_mode }}"
   tags:
     - openstack_openrc-config
 
@@ -28,7 +28,7 @@
     dest: "{{ openrc_openstack_client_config_dir_dest }}"
     owner: "{{ openrc_openstack_client_config_dir_owner }}"
     group: "{{ openrc_openstack_client_config_dir_group }}"
-    mode: "0600"
+    mode: "{{ openrc_openstack_client_config_dir_mode }}"
     state: directory
   tags:
     - openstack_openrc-install
@@ -39,6 +39,6 @@
     dest: "{{ openrc_clouds_yml_file_dest }}"
     owner: "{{ openrc_clouds_yml_file_owner }}"
     group: "{{ openrc_clouds_yml_file_group }}"
-    mode: "0600"
+    mode: "{{ openrc_clouds_yml_file_mode }}"
   tags:
     - openstack_openrc-config