salt: Do not overwrite private key if they already exists

[TeddyAndrieux]

Component:

'salt'

Context:

In our salt states we generate a bunch of private key for certificates,
those private key are only needed to generate these certificates and we
do not really care about the length of the key, so if the key already
exists do not generate a new one and take this one even if it's not the
expected key length

Summary:

If the key already exists do not generate a new one and take this one even if it's not the
expected key length

---

[bert-e]

Hello teddyandrieux,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Status report is not available.

[bert-e]

Integration data created

I have created the integration data for the additional destination branches.

• this pull request will merge bugfix/do-not-overwrite-private-key into
  development/2.0
• w/2.1/bugfix/do-not-overwrite-private-key will be merged into development/2.1
• w/2.2/bugfix/do-not-overwrite-private-key will be merged into development/2.2
• w/2.3/bugfix/do-not-overwrite-private-key will be merged into development/2.3
• w/2.4/bugfix/do-not-overwrite-private-key will be merged into development/2.4
• w/2.5/bugfix/do-not-overwrite-private-key will be merged into development/2.5
• w/2.6/bugfix/do-not-overwrite-private-key will be merged into development/2.6

The following branches will NOT be impacted:

• development/1.0
• development/1.1
• development/1.2
• development/1.3

You can set option create_pull_requests if you need me to create
integration pull requests in addition to integration branches, with:

@bert-e create_pull_requests

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• one peer

Peer approvals must include at least 1 approval from the following list:

• @thomasdanan

• @alexandre-allard-scality

• @tcarmet

• @nootal

• @TeddyAndrieux

• @lucieleonard

• @gdemonet

• @sayf-eddine-scality

• @NicolasT

• @jbertran

• @MonPote

• @carlito-scality

• @slaperche-scality

• @cmonfort

[Ebaneck]

Suggested change

	- unless:
	- test -f "{{ private_key_path }}"
	- replace: False

??

[Ebaneck]

Mainly because; Any kwargs supported by file.managed are supported.

[TeddyAndrieux]

Nop, it does not work because replace is not part of "file_args" salt will give to the file.managed

salt/states/x509.py:225:def _get_file_args(name, **kwargs):
salt/states/x509.py-226-    valid_file_args = [
salt/states/x509.py-227-        "user",
salt/states/x509.py-228-        "group",
salt/states/x509.py-229-        "mode",
salt/states/x509.py-230-        "makedirs",
salt/states/x509.py-231-        "dir_mode",
salt/states/x509.py-232-        "backup",
salt/states/x509.py-233-        "create",
salt/states/x509.py-234-        "follow_symlinks",
salt/states/x509.py-235-        "check_cmd",
salt/states/x509.py-236-    ]
salt/states/x509.py-237-    file_args = {}
salt/states/x509.py-238-    extra_args = {}
salt/states/x509.py-239-    for k, v in kwargs.items():
salt/states/x509.py-240-        if k in valid_file_args:
salt/states/x509.py-241-            file_args[k] = v
salt/states/x509.py-242-        else:
salt/states/x509.py-243-            extra_args[k] = v
salt/states/x509.py-244-    file_args["name"] = name
salt/states/x509.py-245-    return file_args, extra_args

saltstack/salt#58263

[alexandre-allard]

LGTM

[TeddyAndrieux]

/approve

[bert-e]

In the queue

The changeset has received all authorizations and has been added to the
relevant queue(s). The queue(s) will be merged in the target development
branch(es) as soon as builds have passed.

The changeset will be merged in:

• ✔️ development/2.0

• ✔️ development/2.1

• ✔️ development/2.2

• ✔️ development/2.3

• ✔️ development/2.4

• ✔️ development/2.5

• ✔️ development/2.6

The following branches will NOT be impacted:

• development/1.0
• development/1.1
• development/1.2
• development/1.3

There is no action required on your side. You will be notified here once
the changeset has been merged. In the unlikely event that the changeset
fails permanently on the queue, a member of the admin team will
contact you to help resolve the matter.

IMPORTANT

Please do not attempt to modify this pull request.

• Any commit you add on the source branch will trigger a new cycle after the
  current queue is merged.
• Any commit you add on one of the integration branches will be lost.

If you need this pull request to be removed from the queue, please contact a
member of the admin team now.

The following options are set: approve

[bert-e]

I have successfully merged the changeset of this pull request
into targetted development branches:

• ✔️ development/2.0

• ✔️ development/2.1

• ✔️ development/2.2

• ✔️ development/2.3

• ✔️ development/2.4

• ✔️ development/2.5

• ✔️ development/2.6

The following branches have NOT changed:

• development/1.0
• development/1.1
• development/1.2
• development/1.3

Please check the status of the associated issue None.

Goodbye teddyandrieux.