Merge pull request #24 from vutny/secure-config-datadir-permissions

Secure filesystem permissions for config file and data dir
This commit is contained in:
Ahmed M. AbouZaid 2017-11-29 23:31:30 +01:00 committed by GitHub
commit ddfd7a7f87
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 14 deletions

View file

@ -1,18 +1,19 @@
{% from slspath + "/map.jinja" import consul with context %} {%- from slspath + '/map.jinja' import consul with context -%}
consul-config: consul-config:
file.serialize: file.serialize:
- name: /etc/consul.d/config.json - name: /etc/consul.d/config.json
{% if consul.service != False %}
- watch_in:
- service: consul
{% endif %}
- user: consul
- group: consul
- require:
- user: consul
- formatter: json - formatter: json
- dataset: {{ consul.config }} - dataset: {{ consul.config }}
- user: {{ consul.user }}
- group: {{ consul.group }}
- mode: 0640
- require:
- user: consul-user
{%- if consul.service %}
- watch_in:
- service: consul
{%- endif %}
{% for script in consul.scripts %} {% for script in consul.scripts %}
consul-script-install-{{ loop.index }}: consul-script-install-{{ loop.index }}:
@ -36,7 +37,7 @@ consul-script-config:
- user: {{ consul.user }} - user: {{ consul.user }}
- group: {{ consul.group }} - group: {{ consul.group }}
- require: - require:
- user: consul - user: consul-user
- formatter: json - formatter: json
- dataset: - dataset:
services: {{ consul.register }} services: {{ consul.register }}

View file

@ -1,4 +1,4 @@
{% from slspath+"/map.jinja" import consul with context %} {%- from slspath + '/map.jinja' import consul with context -%}
consul-dep-unzip: consul-dep-unzip:
pkg.installed: pkg.installed:
@ -17,7 +17,8 @@ consul-group:
consul-user: consul-user:
user.present: user.present:
- name: {{ consul.user }} - name: {{ consul.user }}
- gid: {{ consul.group }} - groups:
- {{ consul.group }}
- createhome: False - createhome: False
- system: True - system: True
- require: - require:
@ -29,13 +30,15 @@ consul-config-dir:
- name: /etc/consul.d - name: /etc/consul.d
- user: {{ consul.user }} - user: {{ consul.user }}
- group: {{ consul.group }} - group: {{ consul.group }}
- mode: 0750
consul-data-dir: consul-data-dir:
file.directory: file.directory:
- name: {{ consul.config.data_dir }} - name: {{ consul.config.data_dir }}
- user: consul
- group: consul
- makedirs: True - makedirs: True
- user: {{ consul.user }}
- group: {{ consul.group }}
- mode: 0750
# Install agent # Install agent
consul-download: consul-download: