From 90d263941aeed6e3c23b6be2723913904ae4aa8c Mon Sep 17 00:00:00 2001
From: Sorin Sbarnea <ssbarnea@redhat.com>
Date: Wed, 4 Nov 2020 08:19:35 +0000
Subject: [PATCH] More E208

Change-Id: I8c3d224682d7d6780d6ad7823e390c47114e702b
---
 roles/pull-from-intermediate-registry/tasks/main.yaml | 2 ++
 roles/push-to-intermediate-registry/tasks/push.yaml   | 2 ++
 roles/run-buildset-registry/tasks/main.yaml           | 2 ++
 roles/stage-output/tasks/main.yaml                    | 1 +
 roles/upload-logs/tasks/main.yaml                     | 1 +
 5 files changed, 8 insertions(+)

diff --git a/roles/pull-from-intermediate-registry/tasks/main.yaml b/roles/pull-from-intermediate-registry/tasks/main.yaml
index 2bb9650b1..c6daf8890 100644
--- a/roles/pull-from-intermediate-registry/tasks/main.yaml
+++ b/roles/pull-from-intermediate-registry/tasks/main.yaml
@@ -25,10 +25,12 @@
   file:
     path: "/etc/docker/certs.d/127.0.0.1:{{ socat_port }}/"
     state: directory
+    mode: 0755
 - name: Write registry TLS certificate
   copy:
     content: "{{ buildset_registry.cert }}"
     dest: "/etc/docker/certs.d/127.0.0.1:{{ socat_port }}/ca.crt"
+    mode: 0644
 
 # Update user config for intermediate and buildset registries
 - name: Ensure docker user directory exists
diff --git a/roles/push-to-intermediate-registry/tasks/push.yaml b/roles/push-to-intermediate-registry/tasks/push.yaml
index a85a3b3ce..26b124e8a 100644
--- a/roles/push-to-intermediate-registry/tasks/push.yaml
+++ b/roles/push-to-intermediate-registry/tasks/push.yaml
@@ -25,10 +25,12 @@
   file:
     path: "/etc/docker/certs.d/127.0.0.1:{{ socat_port }}/"
     state: directory
+    mode: 0755
 - name: Write registry TLS certificate
   copy:
     content: "{{ buildset_registry.cert }}"
     dest: "/etc/docker/certs.d/127.0.0.1:{{ socat_port }}/ca.crt"
+    mode: 0644
 
 # Update user config for intermediate and buildset registries
 - name: Ensure docker user directory exists
diff --git a/roles/run-buildset-registry/tasks/main.yaml b/roles/run-buildset-registry/tasks/main.yaml
index bae986e37..548c1f91e 100644
--- a/roles/run-buildset-registry/tasks/main.yaml
+++ b/roles/run-buildset-registry/tasks/main.yaml
@@ -20,6 +20,7 @@
   file:
     state: directory
     path: "{{ buildset_registry_root }}/{{ zj_dir }}"
+    mode: 0755
   loop:
     - tls
     - conf
@@ -33,6 +34,7 @@
   template:
     src: registry.yaml.j2
     dest: "{{ buildset_registry_root }}/conf/registry.yaml"
+    mode: 0600
 - name: Generate a TLS key for the registry
   command: "openssl req -x509 -newkey rsa:2048 -keyout {{ buildset_registry_root }}/tls/cert.key -out {{ buildset_registry_root }}/tls/cert.pem -days 365 -nodes -subj '/C=US/ST=California/L=Oakland/O=Company Name/OU=Org/CN={{ ansible_host }}' -addext 'subjectAltName = DNS:zuul-jobs.buildset-registry,DNS:{{ ansible_host }},IP:{{ ansible_host }},IP:127.0.0.1'"
 - name: Read TLS certificate
diff --git a/roles/stage-output/tasks/main.yaml b/roles/stage-output/tasks/main.yaml
index 8153b5581..e0d5f94f1 100644
--- a/roles/stage-output/tasks/main.yaml
+++ b/roles/stage-output/tasks/main.yaml
@@ -55,6 +55,7 @@
     path: "{{ stage_dir }}/{{ zj_output_dirs }}"
     state: directory
     owner: "{{ ansible_user }}"
+    mode: 0755
   with_items:
     - docs
     - artifacts
diff --git a/roles/upload-logs/tasks/main.yaml b/roles/upload-logs/tasks/main.yaml
index a04dd9c00..dbb888d18 100644
--- a/roles/upload-logs/tasks/main.yaml
+++ b/roles/upload-logs/tasks/main.yaml
@@ -39,6 +39,7 @@
       delegate_to: localhost
       archive:
         path: "{{ zuul.executor.log_root }}/{{ zj_log }}"
+        mode: 0644
       with_items:
         - job-output.txt
         - job-output.json