From 5caddaede18d9f95eb07cb3d1b06786d5d81b3eb Mon Sep 17 00:00:00 2001
From: Lee Goolsbee <lgoolsbee@atlassian.com>
Date: Tue, 11 Jun 2024 17:50:07 -0500
Subject: [PATCH] ITPLT-3785 can't recursively manage permissions on a single
 file; manage permissions for atl_product_version_cache file when written
 instead

---
 roles/confluence_config/tasks/main.yml | 7 ++-----
 roles/crowd_config/tasks/main.yml      | 7 ++-----
 roles/jira_config/tasks/main.yml       | 7 ++-----
 roles/product_install/tasks/main.yml   | 3 +++
 4 files changed, 9 insertions(+), 15 deletions(-)

diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml
index 4625b50..b36e20e 100644
--- a/roles/confluence_config/tasks/main.yml
+++ b/roles/confluence_config/tasks/main.yml
@@ -66,16 +66,13 @@
     owner: "{{ atl_product_user }}"
     group: "{{ atl_product_user }}"
 
-- name: Limit permissions on the installer temp and version cache directories, recursively
+- name: Limit permissions on the installer temp directory, recursively
   ansible.builtin.file:
-    path: "{{ item }}"
+    path: "{{ atl_installer_temp }}"
     owner: "root"
     group: "root"
     mode: "u=rwX,g=rX,o=rX"
     recurse: true
-  with_items:
-    - "{{ atl_installer_temp }}"
-    - "{{ atl_product_version_cache }}"
   changed_when: false  # For Molecule idempotence check
 
 - name: Limit permissions on the installation directory, non-recursively
diff --git a/roles/crowd_config/tasks/main.yml b/roles/crowd_config/tasks/main.yml
index 39208d1..d3915c8 100644
--- a/roles/crowd_config/tasks/main.yml
+++ b/roles/crowd_config/tasks/main.yml
@@ -66,16 +66,13 @@
     - "{{ atl_product_shared_plugins }}"
   changed_when: false  # For Molecule idempotence check
 
-- name: Limit permissions on the installer temp and version cache directories, recursively
+- name: Limit permissions on the installer temp directory, recursively
   ansible.builtin.file:
-    path: "{{ item }}"
+    path: "{{ atl_installer_temp }}"
     owner: "root"
     group: "root"
     mode: "u=rwX,g=rX,o=rX"
     recurse: true
-  with_items:
-    - "{{ atl_installer_temp }}"
-    - "{{ atl_product_version_cache }}"
   changed_when: false  # For Molecule idempotence check
 
 - name: Limit permissions on the installation directory, non-recursively
diff --git a/roles/jira_config/tasks/main.yml b/roles/jira_config/tasks/main.yml
index ff8d803..935318c 100644
--- a/roles/jira_config/tasks/main.yml
+++ b/roles/jira_config/tasks/main.yml
@@ -75,16 +75,13 @@
     - "{{ atl_product_shared_plugins }}"
   changed_when: false  # For Molecule idempotence check
 
-- name: Limit permissions on the installer temp and version cache directories, recursively
+- name: Limit permissions on the installer temp directory, recursively
   ansible.builtin.file:
-    path: "{{ item }}"
+    path: "{{ atl_installer_temp }}"
     owner: "root"
     group: "root"
     mode: "u=rwX,g=rX,o=rX"
     recurse: true
-  with_items:
-    - "{{ atl_installer_temp }}"
-    - "{{ atl_product_version_cache }}"
   changed_when: false  # For Molecule idempotence check
 
 - name: Limit permissions on the installation directory, non-recursively
diff --git a/roles/product_install/tasks/main.yml b/roles/product_install/tasks/main.yml
index 2801870..ca5f97a 100644
--- a/roles/product_install/tasks/main.yml
+++ b/roles/product_install/tasks/main.yml
@@ -136,6 +136,9 @@
   ansible.builtin.template:
     src: version.j2
     dest: "{{ atl_product_version_cache }}"
+    owner: "root"
+    group: "root"
+    mode: "u=rwX,g=rX,o=rX"
     force: true
 
 # For the first run a temp binary should be downloaded but moved to