Merge "Update heat config files permissions"
diff --git a/heat/server.sls b/heat/server.sls
index 266d5fb..775d562 100644
--- a/heat/server.sls
+++ b/heat/server.sls
@@ -14,6 +14,8 @@
file.managed:
- source: salt://heat/files/{{ server.version }}/heat.conf.{{ grains.os_family }}
- template: jinja
+ - mode: 0640
+ - group: heat
- require:
- pkg: heat_server_packages
- require_in:
@@ -23,6 +25,8 @@
file.managed:
- source: salt://heat/files/{{ server.version }}/api-paste.ini
- template: jinja
+ - mode: 0640
+ - group: heat
- require:
- pkg: heat_server_packages
@@ -55,7 +59,8 @@
- name: /etc/heat/logging.conf
- source: salt://oslo_templates/files/logging/_logging.conf
- template: jinja
- - user: heat
+ - mode: 0640
+ - user: root
- group: heat
- defaults:
service_name: heat
@@ -82,7 +87,8 @@
- source: salt://oslo_templates/files/logging/_logging.conf
- template: jinja
- makedirs: True
- - user: heat
+ - mode: 0640
+ - user: root
- group: heat
- defaults:
service_name: {{ service_name }}
@@ -218,4 +224,14 @@
- file: /etc/heat/heat.conf
{%- endif %}
+correct_file_permissions_heat:
+ cmd.run:
+ - name: find /etc/heat -type f \( \! -perm 640 -o \! -user root -o \! -group heat \) -execdir chmod 640 {} + -execdir chown root:heat {} +
+ - onlyif: find /etc/heat -type f \( \! -perm 640 -o \! -user root -o \! -group heat \) -printf found | grep -q found
+
+correct_dir_permissions_heat:
+ cmd.run:
+ - name: find /etc/heat -type d \( \! -perm 750 -o \! -user root -o \! -group heat \) -execdir chmod 750 {} + -execdir chown root:heat {} +
+ - onlyif: find /etc/heat -type d \( \! -perm 750 -o \! -user root -o \! -group heat \) -printf found | grep -q found
+
{%- endif %}