signed_certificate: check for file permissions

author: Jonas Gunz <himself@jonasgunz.de> 2021-09-07 02:27:06 +0200
committer: Jonas Gunz <himself@jonasgunz.de> 2021-09-07 02:27:06 +0200
commit: 79cdef90e78237a4b197905304506c5ed15fd232 (patch)
tree: eb08c0fe79e9a6cc39d4593a0cea3e27fb6d55fe /roles/signed_certificate/tasks/main.yml
parent: 2ccf20e70715acd02f86415a61341476ef2c2f14 (diff)
download: ansible_collection-79cdef90e78237a4b197905304506c5ed15fd232.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/roles/signed_certificate/tasks/main.yml b/roles/signed_certificate/tasks/main.yml
index 3e1a7b2..d5491ac 100644
--- a/roles/signed_certificate/tasks/main.yml
+++ b/roles/signed_certificate/tasks/main.yml
@@ -21,9 +21,20 @@
     path: '{{ key_path }}/{{ cert_name }}.key'
     owner: '{{ owner }}'
     group: '{{ group }}'
+    mode: '640'
   become: yes
   when: key_check.failed
 
+- name: Check file permissions for Key
+  file:
+    path: '{{ key_path }}/{{ cert_name }}.key'
+    state: file
+    owner: '{{ owner }}'
+    group: '{{ group }}'
+    mode: '640'
+  become: yes
+  when: not key_check.failed
+
 - name: Read existing Certificate
   community.crypto.x509_certificate_info:
     path: '{{ cert_path }}/{{ cert_name }}.pem'
author	Jonas Gunz <himself@jonasgunz.de>	2021-09-07 02:27:06 +0200
committer	Jonas Gunz <himself@jonasgunz.de>	2021-09-07 02:27:06 +0200
commit	79cdef90e78237a4b197905304506c5ed15fd232 (patch)
tree	eb08c0fe79e9a6cc39d4593a0cea3e27fb6d55fe /roles/signed_certificate/tasks/main.yml
parent	2ccf20e70715acd02f86415a61341476ef2c2f14 (diff)
download	ansible_collection-79cdef90e78237a4b197905304506c5ed15fd232.tar.gz