Merge "Update glance config files permissions"
diff --git a/glance/server.sls b/glance/server.sls
index 9442fc8..8a7830c 100644
--- a/glance/server.sls
+++ b/glance/server.sls
@@ -38,6 +38,8 @@
file.managed:
- source: salt://glance/files/{{ server.version }}/glance-cache.conf.{{ grains.os_family }}
- template: jinja
+ - mode: 0640
+ - group: glance
- require:
- pkg: glance_packages
- require_in:
@@ -47,6 +49,8 @@
file.managed:
- source: salt://glance/files/{{ server.version }}/glance-registry.conf.{{ grains.os_family }}
- template: jinja
+ - mode: 0640
+ - group: glance
- require:
- pkg: glance_packages
- require_in:
@@ -56,6 +60,8 @@
file.managed:
- source: salt://glance/files/{{ server.version }}/glance-scrubber.conf.{{ grains.os_family }}
- template: jinja
+ - mode: 0640
+ - group: glance
- require:
- pkg: glance_packages
- require_in:
@@ -65,6 +71,8 @@
file.managed:
- source: salt://glance/files/{{ server.version }}/glance-api.conf.{{ grains.os_family }}
- template: jinja
+ - mode: 0640
+ - group: glance
- require:
- pkg: glance_packages
- require_in:
@@ -74,6 +82,8 @@
file.managed:
- source: salt://glance/files/{{ server.version }}/glance-api-paste.ini
- template: jinja
+ - mode: 0640
+ - group: glance
- require:
- pkg: glance_packages
- require_in:
@@ -89,6 +99,8 @@
file.managed:
- source: salt://glance/files/{{ server.version }}/glance-glare-paste.ini
- template: jinja
+ - mode: 0640
+ - group: glance
- require:
- pkg: glance_packages
- pkg: glance_glare_package
@@ -99,6 +111,8 @@
file.managed:
- source: salt://glance/files/{{ server.version }}/glance-glare.conf.{{ grains.os_family }}
- template: jinja
+ - mode: 0640
+ - group: glance
- require:
- pkg: glance_packages
- pkg: glance_glare_package
@@ -168,7 +182,8 @@
- name: /etc/glance/logging.conf
- source: salt://oslo_templates/files/logging/_logging.conf
- template: jinja
- - user: glance
+ - mode: 0640
+ - user: root
- group: glance
- defaults:
service_name: glance
@@ -188,7 +203,8 @@
- source: salt://oslo_templates/files/logging/_logging.conf
- template: jinja
- makedirs: True
- - user: glance
+ - mode: 0640
+ - user: root
- group: glance
- defaults:
service_name: {{ service_name }}
@@ -215,6 +231,8 @@
file.managed:
- source: salt://glance/files/_backends/_swift.conf
- template: jinja
+ - mode: 0640
+ - group: glance
- require:
- pkg: glance_packages
- watch_in:
@@ -339,8 +357,8 @@
glance_filesystem_store_metadata_file:
file.managed:
- name: {{ server.get('filesystem_store_metadata_file', '/etc/glance/filesystem_store_metadata.json') }}
- - mode: 644
- - user: glance
+ - mode: 0640
+ - user: root
- group: glance
- source: salt://glance/files/filesystem_store_metadata.json_template
- template: jinja
@@ -402,4 +420,14 @@
{%- endif %}
{%- endif %}
+correct_permissions_files:
+ cmd.run:
+ - name: find /etc/glance/ -type f \( \! -perm 640 -o \! -user root -o \! -group glance \) -execdir chmod 640 {} + -execdir chown root:glance {} +
+ - onlyif: find /etc/glance/ -type f \( \! -perm 640 -o \! -user root -o \! -group glance \) -printf found | grep -q found
+
+correct_permissions_dirs:
+ cmd.run:
+ - name: find /etc/glance/ -type d \( \! -perm 750 -o \! -user root -o \! -group glance \) -execdir chmod 750 {} + -execdir chown root:glance {} +
+ - onlyif: find /etc/glance/ -type d \( \! -perm 750 -o \! -user root -o \! -group glance \) -printf found | grep -q found
+
{%- endif %}