From f44c04a1255cfcb6e8b3c78488e61de89cf03a90 Mon Sep 17 00:00:00 2001
From: Nikhil Jha <nikhiljha@users.noreply.github.com>
Date: Thu, 9 Dec 2021 16:02:34 -0800
Subject: [PATCH] make ocf-create.conf readable only by root

---
 modules/ocf_admin/manifests/create.pp | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/modules/ocf_admin/manifests/create.pp b/modules/ocf_admin/manifests/create.pp
index db297423b..65babfd4d 100644
--- a/modules/ocf_admin/manifests/create.pp
+++ b/modules/ocf_admin/manifests/create.pp
@@ -7,9 +7,8 @@
     '/etc/ocf-create':
       ensure => directory;
 
-    # TODO: ideally this file wouldn't be directly readable by staff
     '/etc/ocf-create/ocf-create.conf':
-      group     => ocfstaff,
+      group     => ocfroot,
       content   => template('ocf_admin/create.conf.erb'),
       mode      => '0440',
       show_diff => false;