From 342bab110ba139b17c2a3f4ac9466487cd86fd3d Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Wed, 25 Apr 2018 09:01:48 -0700
Subject: [PATCH] relvalconsumer: allow fedmsg-hub to write the token cache

Been getting access denied errors lately, and from a look at
the python-openidc-client code, seems that clients may need to
write as well as read the token cache sometimes.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
 roles/relvalconsumer/tasks/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/relvalconsumer/tasks/main.yml b/roles/relvalconsumer/tasks/main.yml
index 47dca43022..3e7e03930c 100644
--- a/roles/relvalconsumer/tasks/main.yml
+++ b/roles/relvalconsumer/tasks/main.yml
@@ -64,7 +64,7 @@
   file: path=/root/.openidc state=directory owner=root group=root mode=0700
 
 - name: Create /usr/share/fedmsg/.openidc (token file location for fedmsg consumer runs)
-  file: path=/usr/share/fedmsg/.openidc state=directory owner=root group=fedmsg mode=0750
+  file: path=/usr/share/fedmsg/.openidc state=directory owner=root group=fedmsg mode=0770
 
 - name: Write wikitcms token file for root
   copy: src={{ wikitcms_token }} dest=/root/.openidc/oidc_wikitcms.json owner=root group=root mode=0600
@@ -73,7 +73,7 @@
   - config
 
 - name: Write wikitcms token file for fedmsg
-  copy: src={{ wikitcms_token }} dest=/usr/share/fedmsg/.openidc/oidc_wikitcms.json owner=root group=fedmsg mode=0640
+  copy: src={{ wikitcms_token }} dest=/usr/share/fedmsg/.openidc/oidc_wikitcms.json owner=root group=fedmsg mode=0660
   when: "wikitcms_token is defined"
   tags:
   - config