From f0e9c2df87ecca478d8f3b13a8b39678ee69e153 Mon Sep 17 00:00:00 2001
From: Andrew Vant <andrew.vant@rackspace.com>
Date: Mon, 6 Apr 2015 11:24:41 -0400
Subject: [PATCH] Enforced root-only permissions on cloud.providers.d.

As mentioned in issue #118, provider files may contain passwords
or API keys and should be restricted. Profiles/maps are probably
OK with the defaults.
---
 salt/cloud.sls | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/salt/cloud.sls b/salt/cloud.sls
index 6834f2d..f67a147 100644
--- a/salt/cloud.sls
+++ b/salt/cloud.sls
@@ -56,9 +56,17 @@ salt-cloud-{{ dir }}:
     - name: /etc/salt/cloud.{{ dir }}.d
     - source: {{ source }}
     - template: jinja
-    - user: root
-    - group: root
-    - dir_mode: 755
-    - file_mode: 644
     - makedirs: True
 {%- endfor %}
+
+salt-cloud-providers-permissions:
+  file.directory:
+    - name: /etc/salt/cloud.providers.d
+    - user: root
+    - group: root
+    - file_mode: 600
+    - dir_mode: 700
+    - recurse:
+      - user
+      - group
+      - mode