X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Fcaas-security.git;a=blobdiff_plain;f=ansible%2Froles%2Fcert%2Ftasks%2Fmain.yml;fp=ansible%2Froles%2Fcert%2Ftasks%2Fmain.yml;h=0691b48628bfe950a0db53a31133a727ee575394;hp=a23996c50361d104596e95ebed2af7093657874f;hb=cb52d561f9a957a47ba4502d028ea533c5edf481;hpb=ab06369952ca256e012266a8f2d6ff009cc21c6e

diff --git a/ansible/roles/cert/tasks/main.yml b/ansible/roles/cert/tasks/main.yml
index a23996c..0691b48 100644
--- a/ansible/roles/cert/tasks/main.yml
+++ b/ansible/roles/cert/tasks/main.yml
@@ -104,7 +104,7 @@
     mode: 0000
   when: not cert_path_register.stat.exists
 
-- name: adding default acl read to {{ users.admin_user_name }} to {{ cert_path }}/ca.epm
+- name: adding default acl read to {{ users.admin_user_name }} to {{ cert_path }}/ca.pem
   acl:
     name:  "{{ cert_path }}/ca.pem"
     entity: "{{ users.admin_user_name }}"
@@ -132,6 +132,14 @@
     state: present
   with_items: "{{ add_users | default([]) }}"
 
+- name: adding mask to the acl
+  acl:
+    name: "{{ cert_path }}"
+    etype: mask
+    permissions: "rx"
+    recursive: yes
+    state: present
+
 - name: create kubeconfig from cert
   include_role:
     name: kubeconfig