From a51b7d5fda69b3f88b0231c8b805755fe98691ca Mon Sep 17 00:00:00 2001
From: Eli Young <elyscape@gmail.com>
Date: Mon, 21 Mar 2016 16:10:34 -0700
Subject: Lock down permissions on named certificates

---
 playbooks/common/openshift-master/config.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 972427c53..f1eaf8e16 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -311,13 +311,14 @@
     file:
       path: "{{ named_certs_dir }}"
       state: directory
+      mode: 0700
     when: named_certs_specified | bool
   - name: Land named certificates
     copy: src="{{ item.certfile }}" dest="{{ named_certs_dir }}"
     with_items: openshift_master_named_certificates
     when: named_certs_specified | bool
   - name: Land named certificate keys
-    copy: src="{{ item.keyfile }}" dest="{{ named_certs_dir }}"
+    copy: src="{{ item.keyfile }}" dest="{{ named_certs_dir }}" mode=0600
     with_items: openshift_master_named_certificates
     when: named_certs_specified | bool
 
-- 
cgit v1.2.3