From b056d0ea566bd592218bd48746560a9454ab18ec Mon Sep 17 00:00:00 2001
From: Ondrej Mular <omular@redhat.com>
Date: Tue, 20 Feb 2018 09:47:00 +0100
Subject: [PATCH] uncouple booth authfile mode from pcmk authfile

According to booth documentation, user and group of booth authfile
should be set to hacluster/haclient (created and used by pacemaker) but
mode of file doesn't need to be same as pacemaker authfile. To prevent
confusion constant was renamed.
---
 pcs/lib/booth/env.py                | 5 ++++-
 pcs/lib/commands/test/test_booth.py | 4 ++--
 pcs/settings_default.py             | 2 +-
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/pcs/lib/booth/env.py b/pcs/lib/booth/env.py
index c5a69b754..fd31b99ff 100644
--- a/pcs/lib/booth/env.py
+++ b/pcs/lib/booth/env.py
@@ -61,7 +61,10 @@ def set_keyfile_access(file_path):
     except EnvironmentError as e:
         raise report_keyfile_io_error(file_path, "chown", e)
     try:
-        os.chmod(file_path, settings.pacemaker_authkey_file_mode)
+        # According to booth documentation, user and group of booth authfile
+        # should be set to hacluster/haclient (created and used by pacemaker)
+        # but mode of file doesn't need to be same as pacemaker authfile.
+        os.chmod(file_path, settings.booth_authkey_file_mode)
     except EnvironmentError as e:
         raise report_keyfile_io_error(file_path, "chmod", e)
 
diff --git a/pcs/lib/commands/test/test_booth.py b/pcs/lib/commands/test/test_booth.py
index c9af6ff6c..7805af0c2 100644
--- a/pcs/lib/commands/test/test_booth.py
+++ b/pcs/lib/commands/test/test_booth.py
@@ -935,7 +935,7 @@ def setUp(self):
                 name="fs.open.authfile.write"
             )
             .fs.chown(self.authfile_path, self.pcmk_uid, self.pcmk_gid)
-            .fs.chmod(self.authfile_path, settings.pacemaker_authkey_file_mode)
+            .fs.chmod(self.authfile_path, settings.booth_authkey_file_mode)
         )
 
         self.addCleanup(
@@ -1150,7 +1150,7 @@ def test_unable_to_set_authfile_mode(self, pwd_mock, grp_mock):
                 self.authfile_path, self.pcmk_uid, self.pcmk_gid,
             )
             .fs.chmod(
-                self.authfile_path, settings.pacemaker_authkey_file_mode,
+                self.authfile_path, settings.booth_authkey_file_mode,
                 side_effect=EnvironmentError(1, self.reason, self.authfile_path)
             )
         )
diff --git a/pcs/settings_default.py b/pcs/settings_default.py
index 0f28a72d0..baf0783c5 100644
--- a/pcs/settings_default.py
+++ b/pcs/settings_default.py
@@ -21,7 +21,7 @@
 corosync_qdevice_net_client_ca_file_name = "qnetd-cacert.crt"
 corosync_authkey_file = os.path.join(corosync_conf_dir, "authkey")
 pacemaker_authkey_file = "/etc/pacemaker/authkey"
-pacemaker_authkey_file_mode = 0o600
+booth_authkey_file_mode = 0o600
 cluster_conf_file = "/etc/cluster/cluster.conf"
 fence_agent_binaries = "/usr/sbin/"
 pengine_binary = "/usr/libexec/pacemaker/pengine"