ACL mask added for cert_path

[ta/caas-security.git] / ansible / roles / cert / tasks / main.yml

diff --git a/ansible/roles/cert/tasks/main.yml b/ansible/roles/cert/tasks/main.yml
index a23996c..0691b48 100644 (file)
--- a/ansible/roles/cert/tasks/main.yml
+++ b/ansible/roles/cert/tasks/main.yml
@@ -104,7 +104,7 @@
     mode: 0000
   when: not cert_path_register.stat.exists
 
-- name: adding default acl read to {{ users.admin_user_name }} to {{ cert_path }}/ca.epm
+- name: adding default acl read to {{ users.admin_user_name }} to {{ cert_path }}/ca.pem
   acl:
     name:  "{{ cert_path }}/ca.pem"
     entity: "{{ users.admin_user_name }}"
@@ -132,6 +132,14 @@
     state: present
   with_items: "{{ add_users | default([]) }}"
 
+- name: adding mask to the acl
+  acl:
+    name: "{{ cert_path }}"
+    etype: mask
+    permissions: "rx"
+    recursive: yes
+    state: present
+
 - name: create kubeconfig from cert
   include_role:
     name: kubeconfig