container config json files need more retrictive mode

Bug #1714986 reported by Steven Hardy on 2017-09-04
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
High
Steven Hardy

Bug Description

The various json files we write (from ansible in deploy-steps.j2 and docker-puppet.py) get the default 0644 permissions, but some may contain sensitive data so it will be safer to write them with 0600 instead.

This fix should be backported to pike before the final release.

Steven Hardy (shardy) on 2017-09-04
Changed in tripleo:
status: New → In Progress
importance: Undecided → High
milestone: none → pike-rc2
assignee: nobody → Steven Hardy (shardy)
tags: added: pike-backport-potential

Reviewed: https://review.openstack.org/500585
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=94c7752cfae64d96124a32bc36ccd6ec7b4df4a7
Submitter: Jenkins
Branch: master

commit 94c7752cfae64d96124a32bc36ccd6ec7b4df4a7
Author: Steven Hardy <email address hidden>
Date: Mon Sep 4 13:53:04 2017 +0100

    Set mode for ansible written files

    Use a more restrictive mode for these files, as some may contain sensitive data
    which shouldn't be world readable

    Closes-Bug: #1714986
    Change-Id: Ib1e79b1d4e25d6e329938402b1ca776bdab81bdd

Changed in tripleo:
status: In Progress → Fix Released

Reviewed: https://review.openstack.org/500884
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=41d599cb37fbc082a4869e32b520d7017085c4f7
Submitter: Jenkins
Branch: stable/pike

commit 41d599cb37fbc082a4869e32b520d7017085c4f7
Author: Steven Hardy <email address hidden>
Date: Mon Sep 4 13:53:04 2017 +0100

    Set mode for ansible written files

    Use a more restrictive mode for these files, as some may contain sensitive data
    which shouldn't be world readable

    Closes-Bug: #1714986
    Change-Id: Ib1e79b1d4e25d6e329938402b1ca776bdab81bdd
    (cherry picked from commit 94c7752cfae64d96124a32bc36ccd6ec7b4df4a7)

tags: added: in-stable-pike

This issue was fixed in the openstack/tripleo-heat-templates 7.0.0.0rc2 release candidate.

This issue was fixed in the openstack/tripleo-heat-templates 8.0.0.0b1 development milestone.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers