Set correct permissions of redis.conf files
/etc/redis/redis.conf (potentially contains password)
and is world readable. To fix this security issue
we need to set correct permissions of this files.
Change-Id: Icc9d377ec5e239428220d718ce25becaed995675
Relate-Prod: PROD-25320 (PROD:25320)
diff --git a/opencontrail/collector.sls b/opencontrail/collector.sls
index 63f7d86..88f1cb5 100644
--- a/opencontrail/collector.sls
+++ b/opencontrail/collector.sls
@@ -49,6 +49,11 @@
- source: salt://opencontrail/files/{{ collector.version }}/redis.conf
- template: jinja
- makedirs: True
+ - mode: 640
+{%- if collector.version < 4.0 %}
+ - user: redis
+ - group: redis
+{%- endif %}
/etc/contrail/contrail-collector.conf:
file.managed: