From aaa9a4efac3b01bbb2315e8a146bdced30bbc87e Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <matthew.mosesohn@virtustream.com>
Date: Fri, 7 Sep 2018 11:27:25 +0300
Subject: [PATCH] Ensure vault file permissions are correct

---
 roles/etcd/tasks/gen_certs_vault.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/etcd/tasks/gen_certs_vault.yml b/roles/etcd/tasks/gen_certs_vault.yml
index 4e3325b4f..13f796f5e 100644
--- a/roles/etcd/tasks/gen_certs_vault.yml
+++ b/roles/etcd/tasks/gen_certs_vault.yml
@@ -65,3 +65,9 @@
   with_items: "{{ etcd_node_certs_needed|d([]) }}"
   when: inventory_hostname in etcd_node_cert_hosts
   notify: set etcd_secret_changed
+
+- name: gen_certs_vault | ensure file permissions
+  shell: >-
+    find {{etcd_cert_dir }} -type d -exec chmod 0755 {} \; &&
+    find {{etcd_cert_dir }} -type f -exec chmod 0640 {} \;
+  changed_when: false