Merge "Implementing stricter permissions on config files"

.gitignore

@@ -62,6 +62,7 @@ releasenotes/build
 
 # Test temp files
 tests/common
+tests/playbooks
 tests/*.retry
 
 # Vagrant artifacts

tasks/cinder_post_install.yml

@@ -17,9 +17,9 @@
   config_template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
-    owner: "{{ item.owner|default(cinder_system_user_name) }}"
+    owner: "root"
     group: "{{ item.group|default(cinder_system_group_name) }}"
-    mode: "0644"
+    mode: "0640"
     config_overrides: "{{ item.config_overrides }}"
     config_type: "{{ item.config_type }}"
   with_items:
@@ -33,8 +33,6 @@
       config_type: "ini"
     - src: "rootwrap.conf.j2"
       dest: "/etc/cinder/rootwrap.conf"
-      owner: "root"
-      group: "root"
       config_overrides: "{{ cinder_rootwrap_conf_overrides }}"
       config_type: "ini"
     - src: "policy.json.j2"

tasks/cinder_pre_install.yml

@@ -40,7 +40,7 @@
     - { path: "/openstack", mode: "0755", owner: "root", group: "root" }
     - { path: "/var/cache/cinder", mode: "0700" }
     - { path: "/etc/cinder", mode: "0750" }
-    - { path: "/etc/cinder/rootwrap.d", owner: "root", group: "root" }
+    - { path: "/etc/cinder/rootwrap.d", owner: "root", group: "root", mode: "0750" }
     - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" }
     - { path: "{{ cinder_system_home_folder }}" }