From 41d599cb37fbc082a4869e32b520d7017085c4f7 Mon Sep 17 00:00:00 2001
From: Steven Hardy <shardy@redhat.com>
Date: Mon, 4 Sep 2017 13:53:04 +0100
Subject: Set mode for ansible written files

Use a more restrictive mode for these files, as some may contain sensitive data
which shouldn't be world readable

Closes-Bug: #1714986
Change-Id: Ib1e79b1d4e25d6e329938402b1ca776bdab81bdd
(cherry picked from commit 94c7752cfae64d96124a32bc36ccd6ec7b4df4a7)
---
 common/deploy-steps-tasks.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'common/deploy-steps-tasks.yaml')

diff --git a/common/deploy-steps-tasks.yaml b/common/deploy-steps-tasks.yaml
index f0729425..73d3036c 100644
--- a/common/deploy-steps-tasks.yaml
+++ b/common/deploy-steps-tasks.yaml
@@ -5,7 +5,7 @@
     # Per step puppet configuration of the baremetal host
     #####################################################
     - name: Write the config_step hieradata
-      copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true
+      copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true mode=0600
     - name: Run puppet host configuration for step {{step}}
       command: >-
         puppet apply
-- 
cgit 1.2.3-korg