Bug 2180902 - add mode parameter to change permissions for cert files [NEEDINFO]
Summary: add mode parameter to change permissions for cert files
Keywords:
Status: VERIFIED
Alias: None
Deadline: 2023-07-31
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: rhel-system-roles
Version: 9.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 9.3
Assignee: Rich Megginson
QA Contact: Jakub Haruda
URL:
Whiteboard: role:certificate
Depends On:
Blocks: 2218204
TreeView+ depends on / blocked
 
Reported: 2023-03-22 15:03 UTC by Rich Megginson
Modified: 2023-07-18 09:03 UTC (History)
5 users (show)

Fixed In Version: rhel-system-roles-1.22.0-0.15.el9
Doc Type: Enhancement
Doc Text:
Enhancement: Allow setting of certificate and key files mode attribute through the use of the 'mode' parameter, when using the certmonger provider. Reason: Previously, the certificate files generated by the certmonger provider used a default file mode that may not be suitable for some tools or for some more restricted environments. Result: The file mode attribute can now be set using the same roles as Ansible's file mode parameter, accepting either a string or an integer.
Clone Of:
: 2218204 (view as bug list)
Environment:
Last Closed:
Type: ---
Target Upstream Version:
Embargoed:
rmeggins: needinfo? (djez)
rmeggins: needinfo? (vdanek)

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github linux-system-roles certificate pull 175 0 None open feat: Allow setting certificate and key files mode 2023-06-20 22:04:36 UTC
Red Hat Issue Tracker RHELPLAN-152758 0 None None None 2023-03-22 15:05:21 UTC

Description Rich Megginson 2023-03-22 15:03:41 UTC 
There are some cases where the file permissions should be more or less restrictive than the certmonger defaults.  The role should provide a mode parameter for this.  See https://github.com/linux-system-roles/certificate/issues/133#issuecomment-1475281537
Comment 5 Rafael Jeffman 2023-06-21 12:07:06 UTC 
Upstream PR: https://github.com/linux-system-roles/certificate/pull/175
Note You need to log in before you can comment on or make changes to this bug.