Ensure correct permissions for salt-cloud generated files

[pprkut]

PR progress checklist (to be filled in by reviewers)

• [x] Changes to documentation are appropriate (or tick if not required)
• [ ] Changes to tests are appropriate (or tick if not required)
• [ ] Reviews completed

---

What type of PR is this?

Primary type

• [ ] [build] Changes related to the build system
• [ ] [chore] Changes to the build process or auxiliary tools and libraries such as documentation generation
• [ ] [ci] Changes to the continuous integration configuration
• [x] [feat] A new feature
• [ ] [fix] A bug fix
• [ ] [perf] A code change that improves performance
• [ ] [refactor] A code change that neither fixes a bug nor adds a feature
• [ ] [revert] A change used to revert a previous commit
• [ ] [style] Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)

Secondary type

• [ ] [docs] Documentation changes
• [ ] [test] Adding missing or correcting existing tests

Does this PR introduce a BREAKING CHANGE?

No.

Related issues and/or pull requests

Describe the changes you're proposing

salt-cloud creates the initial minion config and certificates with the permissions of the user it's connected as. These checks make sure the permissions are the same as in a non salt-cloud setup.

Pillar / config required to test the proposed changes

Debug log showing how the proposed changes work

Documentation checklist

• [ ] Updated the README (e.g. Available states).
• [ ] Updated pillar.example.

Testing checklist

• [ ] Included in Kitchen (i.e. under state_top).
• [ ] Covered by new/existing tests (e.g. InSpec, Serverspec, etc.).
• [ ] Updated the relevant test pillar.

Additional context

[pprkut]

Not sure about the failing tests :-/

It looks like on those systems the pki-dir is different from /etc/salt/pki, but no config (that I can find) that would define it. Am I missing something?

[noelmcloughlin]

@pprkut sorry for delay getting feedback. Could you add makedirs: true to your file.directory states?

The CI error is : No directory to create /etc/salt/pki/minion in

[noelmcloughlin]

ping @pprkut ;-)

[pprkut]

@noelmcloughlin Hi! I'm currently on vacation, but I'll pick this up once I'm back :)

[pprkut]

@noelmcloughlin Sorry, this took longer than I thought it would, but looks like the tests are indeed fixed now :)

[pprkut]

@vutny I think I have that covered now

[pprkut]

Hmm, the windows tests seem to stumble over the group now. I thought that was ignored on windows?

[noelmcloughlin]

Hello @pprkut Windows should be easy fix hopefully, see https://github.com/saltstack-formulas/docker-formula/pull/299/files Update: Actually windows is already supported, you just need to use {{ salt_settings.rootuser }} instead of "root".

[noelmcloughlin]

I think Windows group needs {% if grains['kernel'] != 'Windows' %} wrapped

[pprkut]

I see the windows states failing on this though:

The following packages failed to install/update: salt-minion-py3

[pprkut]

I'm afraid I'm a bit lost now on the windows failures :( Since one of them succeeded, I'm assuming it should work fine generally. The remaining failures look unrelated to my changes, but I can't be sure. Can someone with more knowledge about windows have a look?

[myii]

I'm afraid I'm a bit lost now on the windows failures :( Since one of them succeeded, I'm assuming it should work fine generally. The remaining failures look unrelated to my changes, but I can't be sure. Can someone with more knowledge about windows have a look?

@pprkut Yes, the failures are unrelated to your changes. Our Windows Vagrant boxes were updated to 3004 recently, which have led to these failures.

@noelmcloughlin @vutny Once you're happy with the proposed changes, please feel free to merge.

[noelmcloughlin]

Thanks @vutny for review. Thanks @pprkut for rescuing the PR.

[saltstack-formulas-travis]

:tada: This PR is included in version 1.10.0 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: