From 9b18918157562aa2899762241f4fb007061d92ab Mon Sep 17 00:00:00 2001
From: Sean Johnson <sean@mailgun.com>
Date: Sun, 23 Dec 2018 13:43:37 -0600
Subject: [PATCH] Adjust pki modes again

---
 app/consul/ca.sls | 11 ++++++++++-
 base/files.sls    |  2 +-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/app/consul/ca.sls b/app/consul/ca.sls
index 3d3aa78..d27f355 100644
--- a/app/consul/ca.sls
+++ b/app/consul/ca.sls
@@ -1,12 +1,21 @@
 ---
 
 {% set ca_path = salt.pillar.get("consul:config:ca_path", "/etc/pki/consul/ca") %}
+{% set pki_dir = salt.file.dirname(ca_path) %}
+
+{{ pki_dir }}:
+  file.directory:
+    - user: {{ salt.pillar.get("consul:user", "root") }}
+    - group: {{ salt.pillar.get("consul:group", "root") }}
+    - dir_mode: 0750
+    - file_mode: 0660
+    - makedirs: true
 
 {{ ca_path }}:
   file.directory:
     - user: {{ salt.pillar.get("consul:user", "root") }}
     - group: {{ salt.pillar.get("consul:group", "root") }}
-    - dir_mode: 0660
+    - dir_mode: 0750
     - file_mode: 0660
     - makedirs: true
 
diff --git a/base/files.sls b/base/files.sls
index 87875e8..f5c6413 100644
--- a/base/files.sls
+++ b/base/files.sls
@@ -14,7 +14,7 @@
   file.directory:
     - user: root
     - group: root
-    - mode: 0644
+    - mode: 0755
 
 logdna root tls certificate:
   file.managed: