From: Levente Kálé <levente.kale@nokia.com>
Date: Wed, 31 Jul 2019 18:14:33 +0000 (+0000)
Subject: Merge "ACL mask added for cert_path"
X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Fcaas-security.git;a=commitdiff_plain;h=a71dc45147014fe8e8b9cd7e00c972ffaf497104;hp=1c858897ae7d4151a85631911c3645cfa00a3501

Merge "ACL mask added for cert_path"
---

diff --git a/ansible/roles/cert/tasks/main.yml b/ansible/roles/cert/tasks/main.yml
index a23996c..0691b48 100644
--- a/ansible/roles/cert/tasks/main.yml
+++ b/ansible/roles/cert/tasks/main.yml
@@ -104,7 +104,7 @@
     mode: 0000
   when: not cert_path_register.stat.exists
 
-- name: adding default acl read to {{ users.admin_user_name }} to {{ cert_path }}/ca.epm
+- name: adding default acl read to {{ users.admin_user_name }} to {{ cert_path }}/ca.pem
   acl:
     name:  "{{ cert_path }}/ca.pem"
     entity: "{{ users.admin_user_name }}"
@@ -132,6 +132,14 @@
     state: present
   with_items: "{{ add_users | default([]) }}"
 
+- name: adding mask to the acl
+  acl:
+    name: "{{ cert_path }}"
+    etype: mask
+    permissions: "rx"
+    recursive: yes
+    state: present
+
 - name: create kubeconfig from cert
   include_role:
     name: kubeconfig