From 1192f93f6b50d96adc2942a2f5d309d13102511b Mon Sep 17 00:00:00 2001
From: Christian Berendt <berendt@betacloud-solutions.de>
Date: Thu, 28 Dec 2017 17:28:45 +0100
Subject: [PATCH] Fix keystone domains directory permissions

Closes-bug: #1799348

Change-Id: I4c43076795d28ea36f9e1d165e56abb110c5b544
---
 ansible/roles/keystone/templates/keystone.json.j2 | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/keystone/templates/keystone.json.j2 b/ansible/roles/keystone/templates/keystone.json.j2
index 5d0486ede0..4269d7e0fa 100644
--- a/ansible/roles/keystone/templates/keystone.json.j2
+++ b/ansible/roles/keystone/templates/keystone.json.j2
@@ -20,7 +20,7 @@
             "source": "{{ container_config_directory }}/domains",
             "dest": "/etc/keystone/domains",
             "owner": "keystone",
-            "perm": "0700",
+            "perm": "0600",
             "optional": true
         }{% if keystone_policy_file is defined %},
         {
@@ -49,6 +49,11 @@
             "path": "/etc/keystone/fernet-keys",
             "owner": "keystone:keystone",
             "perm": "0770"
+        },
+        {
+            "path": "/etc/keystone/domains",
+            "owner": "keystone:keystone",
+            "perm": "0700"
         }
     ]
 }