ITPLT-3785 can't recursively manage permissions on a single file; manage permissions for atl_product_version_cache file when written instead

2025-12-13 00:13:09 -06:00 · 2024-06-11 17:50:07 -05:00
parent ee9348473a
commit 5caddaede1
4 changed files with 9 additions and 15 deletions
--- a/roles/confluence_config/tasks/main.yml
+++ b/roles/confluence_config/tasks/main.yml
@@ -66,16 +66,13 @@
    owner: "{{ atl_product_user }}"
    group: "{{ atl_product_user }}"

- name: Limit permissions on the installer temp and version cache directories, recursively
+- name: Limit permissions on the installer temp directory, recursively
  ansible.builtin.file:
-    path: "{{ item }}"
+    path: "{{ atl_installer_temp }}"
    owner: "root"
    group: "root"
    mode: "u=rwX,g=rX,o=rX"
    recurse: true
-  with_items:
-    - "{{ atl_installer_temp }}"
-    - "{{ atl_product_version_cache }}"
  changed_when: false  # For Molecule idempotence check

 - name: Limit permissions on the installation directory, non-recursively
--- a/roles/crowd_config/tasks/main.yml
+++ b/roles/crowd_config/tasks/main.yml
@@ -66,16 +66,13 @@
    - "{{ atl_product_shared_plugins }}"
  changed_when: false  # For Molecule idempotence check

- name: Limit permissions on the installer temp and version cache directories, recursively
+- name: Limit permissions on the installer temp directory, recursively
  ansible.builtin.file:
-    path: "{{ item }}"
+    path: "{{ atl_installer_temp }}"
    owner: "root"
    group: "root"
    mode: "u=rwX,g=rX,o=rX"
    recurse: true
-  with_items:
-    - "{{ atl_installer_temp }}"
-    - "{{ atl_product_version_cache }}"
  changed_when: false  # For Molecule idempotence check

 - name: Limit permissions on the installation directory, non-recursively
--- a/roles/jira_config/tasks/main.yml
+++ b/roles/jira_config/tasks/main.yml
@@ -75,16 +75,13 @@
    - "{{ atl_product_shared_plugins }}"
  changed_when: false  # For Molecule idempotence check

- name: Limit permissions on the installer temp and version cache directories, recursively
+- name: Limit permissions on the installer temp directory, recursively
  ansible.builtin.file:
-    path: "{{ item }}"
+    path: "{{ atl_installer_temp }}"
    owner: "root"
    group: "root"
    mode: "u=rwX,g=rX,o=rX"
    recurse: true
-  with_items:
-    - "{{ atl_installer_temp }}"
-    - "{{ atl_product_version_cache }}"
  changed_when: false  # For Molecule idempotence check

 - name: Limit permissions on the installation directory, non-recursively
--- a/roles/product_install/tasks/main.yml
+++ b/roles/product_install/tasks/main.yml
@@ -136,6 +136,9 @@
  ansible.builtin.template:
    src: version.j2
    dest: "{{ atl_product_version_cache }}"
+    owner: "root"
+    group: "root"
+    mode: "u=rwX,g=rX,o=rX"
    force: true

 # For the first run a temp binary should be downloaded but moved to