diff --git a/charms_openstack/charm/core.py b/charms_openstack/charm/core.py index 93b6b53..4846e6c 100644 --- a/charms_openstack/charm/core.py +++ b/charms_openstack/charm/core.py @@ -326,6 +326,12 @@ class BaseOpenStackCharm(object, metaclass=BaseOpenStackCharmMeta): package_codenames = {} + # File permissions + # config files written with 'group' read permission but always + # owned by root. + user = 'root' + group = 'root' + @property def singleton(self): """Return the only instance of the charm class in this run""" @@ -763,7 +769,9 @@ class BaseOpenStackCharmActions(object): 'templates/', self.release), target=conf, context=adapters_instance, - config_template=config_template + config_template=config_template, + group=self.group, + perms=0o640, ) def render_with_interfaces(self, interfaces, configs=None): diff --git a/unit_tests/charms_openstack/charm/test_core.py b/unit_tests/charms_openstack/charm/test_core.py index 59fedcf..7ab1ab4 100644 --- a/unit_tests/charms_openstack/charm/test_core.py +++ b/unit_tests/charms_openstack/charm/test_core.py @@ -473,7 +473,9 @@ class TestMyOpenStackCharm(BaseOpenStackCharmTest): template_loader='my-loader', target='path1', context=mock.ANY, - config_template=None + config_template=None, + group='root', + perms=0o640, ) # assert the context was an MyAdapter instance. context = self.render.call_args_list[0][1]['context'] @@ -511,6 +513,8 @@ class TestMyOpenStackCharm(BaseOpenStackCharmTest): target='path1', context=mock.ANY, config_template=config_template, + group='root', + perms=0o640, ) # assert the context was an MyAdapter instance. context = self.render.call_args_list[0][1]['context'] @@ -576,28 +580,36 @@ class TestMyOpenStackCharm(BaseOpenStackCharmTest): template_loader='my-loader', target='path1', context=mock.ANY, - config_template=None + config_template=None, + group='root', + perms=0o640, ), mock.call( source='path2', template_loader='my-loader', target='path2', context=mock.ANY, - config_template=None + config_template=None, + group='root', + perms=0o640, ), mock.call( source='path3', template_loader='my-loader', target='path3', context=mock.ANY, - config_template=None + config_template=None, + group='root', + perms=0o640, ), mock.call( source='path4', template_loader='my-loader', target='path4', context=mock.ANY, - config_template=None + config_template=None, + group='root', + perms=0o640, ), ] self.render.assert_has_calls(calls, any_order=True) @@ -635,28 +647,36 @@ class TestMyOpenStackCharm(BaseOpenStackCharmTest): template_loader='my-loader', target='path1', context=mock.ANY, - config_template=None + config_template=None, + group='root', + perms=0o640, ), mock.call( source='path2', template_loader='my-loader', target='path2', context=mock.ANY, - config_template=None + config_template=None, + group='root', + perms=0o640, ), mock.call( source='path3', template_loader='my-loader', target='path3', context=mock.ANY, - config_template=None + config_template=None, + group='root', + perms=0o640, ), mock.call( source='path4', template_loader='my-loader', target='path4', context=mock.ANY, - config_template=None + config_template=None, + group='root', + perms=0o640, ), ] self.render.assert_has_calls(calls, any_order=True)