Hi Joseph, yep sure I see why you removed it now that's fine. Admittedly I am overloading the term module so apologies if it is confusing. What i mean is that in the harding library we have four hardening modules i.e. "os", "mysql", "apache" and "ssh" each of which has an accompanying set of code e.g. "os" is implemented in contrib.hardening.host, "ssh" in contrib.hardning.ssh etc. What I am suggesting is that we either bite the bullet now (if we think there will be enough requirements to warrant the extra work) and implement a new hardening module called "openstack" and add the bits you need to that (i.e. setting openstack config file permissions). Another possible alternative is that we add support to the "os" module for setting permissions on arbitrary files which could be provided through configuration. My reason for saying this is principally that contrib.hardening.host is not supposed to have project specific code in it. If this patch is time-sensitive then it probably makes more sense to add support for setting permissions on arbitrary files. I also wonder whether it woud be simpler to just fix this in the charms themselves. If you fix this in charmhelpers you are going to have to sync it into the charms anyway in order for it to be used so you could just fix it straight in the charms for which a problem has been identified.
Hi Joseph, yep sure I see why you removed it now that's fine. Admittedly I am overloading the term module so apologies if it is confusing. What i mean is that in the harding library we have four hardening modules i.e. "os", "mysql", "apache" and "ssh" each of which has an accompanying set of code e.g. "os" is implemented in contrib. hardening. host, "ssh" in contrib. hardning. ssh etc. What I am suggesting is that we either bite the bullet now (if we think there will be enough requirements to warrant the extra work) and implement a new hardening module called "openstack" and add the bits you need to that (i.e. setting openstack config file permissions). Another possible alternative is that we add support to the "os" module for setting permissions on arbitrary files which could be provided through configuration. My reason for saying this is principally that contrib. hardening. host is not supposed to have project specific code in it. If this patch is time-sensitive then it probably makes more sense to add support for setting permissions on arbitrary files. I also wonder whether it woud be simpler to just fix this in the charms themselves. If you fix this in charmhelpers you are going to have to sync it into the charms anyway in order for it to be used so you could just fix it straight in the charms for which a problem has been identified.