-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
salt: Do not overwrite private key if they already exists #2753
Conversation
In our salt states we generate a bunch of private key for certificates, those private key are only needed to generate these certificates and we do not really care about the length of the key, so if the key already exists do not generate a new one and take this one even if it's not the expected key length
Hello teddyandrieux,My role is to assist you with the merge of this Status report is not available. |
Integration data createdI have created the integration data for the additional destination branches.
The following branches will NOT be impacted:
You can set option
|
Waiting for approvalThe following approvals are needed before I can proceed with the merge:
Peer approvals must include at least 1 approval from the following list:
|
- unless: | ||
- test -f "{{ private_key_path }}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- unless: | |
- test -f "{{ private_key_path }}" | |
- replace: False |
??
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mainly because; Any kwargs supported by file.managed are supported.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nop, it does not work because replace is not part of "file_args" salt will give to the file.managed
salt/states/x509.py:225:def _get_file_args(name, **kwargs):
salt/states/x509.py-226- valid_file_args = [
salt/states/x509.py-227- "user",
salt/states/x509.py-228- "group",
salt/states/x509.py-229- "mode",
salt/states/x509.py-230- "makedirs",
salt/states/x509.py-231- "dir_mode",
salt/states/x509.py-232- "backup",
salt/states/x509.py-233- "create",
salt/states/x509.py-234- "follow_symlinks",
salt/states/x509.py-235- "check_cmd",
salt/states/x509.py-236- ]
salt/states/x509.py-237- file_args = {}
salt/states/x509.py-238- extra_args = {}
salt/states/x509.py-239- for k, v in kwargs.items():
salt/states/x509.py-240- if k in valid_file_args:
salt/states/x509.py-241- file_args[k] = v
salt/states/x509.py-242- else:
salt/states/x509.py-243- extra_args[k] = v
salt/states/x509.py-244- file_args["name"] = name
salt/states/x509.py-245- return file_args, extra_args
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
/approve |
In the queueThe changeset has received all authorizations and has been added to the The changeset will be merged in:
The following branches will NOT be impacted:
There is no action required on your side. You will be notified here once IMPORTANT Please do not attempt to modify this pull request.
If you need this pull request to be removed from the queue, please contact a The following options are set: approve |
I have successfully merged the changeset of this pull request
The following branches have NOT changed:
Please check the status of the associated issue None. Goodbye teddyandrieux. |
Component:
'salt'
Context:
In our salt states we generate a bunch of private key for certificates,
those private key are only needed to generate these certificates and we
do not really care about the length of the key, so if the key already
exists do not generate a new one and take this one even if it's not the
expected key length
Summary:
If the key already exists do not generate a new one and take this one even if it's not the
expected key length