From: Balint Varga <balint.varga@nokia.com>
Date: Fri, 26 Jul 2019 07:19:28 +0000 (+0200)
Subject: ACL mask added for cert_path
X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Fcaas-security.git;a=commitdiff_plain;h=cb52d561f9a957a47ba4502d028ea533c5edf481

ACL mask added for cert_path

Signed-off-by: Balint Varga <balint.varga@nokia.com>
Change-Id: I1a1a1912eecd8cbb3966f77b4f3e9f9ac03b2354
---

diff --git a/ansible/roles/cert/tasks/main.yml b/ansible/roles/cert/tasks/main.yml
index a23996c..0691b48 100644
--- a/ansible/roles/cert/tasks/main.yml
+++ b/ansible/roles/cert/tasks/main.yml
@@ -104,7 +104,7 @@
     mode: 0000
   when: not cert_path_register.stat.exists
 
-- name: adding default acl read to {{ users.admin_user_name }} to {{ cert_path }}/ca.epm
+- name: adding default acl read to {{ users.admin_user_name }} to {{ cert_path }}/ca.pem
   acl:
     name:  "{{ cert_path }}/ca.pem"
     entity: "{{ users.admin_user_name }}"
@@ -132,6 +132,14 @@
     state: present
   with_items: "{{ add_users | default([]) }}"
 
+- name: adding mask to the acl
+  acl:
+    name: "{{ cert_path }}"
+    etype: mask
+    permissions: "rx"
+    recursive: yes
+    state: present
+
 - name: create kubeconfig from cert
   include_role:
     name: kubeconfig
diff --git a/rpmbuild.spec b/rpmbuild.spec
index 56a927d..b9b37f3 100644
--- a/rpmbuild.spec
+++ b/rpmbuild.spec
@@ -15,7 +15,7 @@
 %define COMPONENT security
 %define RPM_NAME caas-%{COMPONENT}
 %define RPM_MAJOR_VERSION 1.0.0
-%define RPM_MINOR_VERSION 2
+%define RPM_MINOR_VERSION 3
 
 Name:           %{RPM_NAME}
 Version:        %{RPM_MAJOR_VERSION}