search

saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:
https://repo.saltproject.io/
Apache License 2.0
14.15k stars 5.48k forks source link

x509_v2.private_key_managed state fails on Windows minions due to the default mode option #66942

Open Darrenoid opened 2 weeks ago

Darrenoid commented 2 weeks ago

Description of Issue

Trying to create a private key on Windows minions using x509.private_key_managed state fails with:

The 'mode' option is not supported on Windows

The mode is not set in the state file, but according to the x509v2 documentation, it is set to mode: 400 by default if the option is not specified.

Setup

create-private-key.sls:

pki_dir:
  file.directory:
    - name: C:\certs
    - makedirs: True

create_server_key:
  x509.private_key_managed:
    - name: C:\certs\server.key
    - keysize: 4096
    - backup: true
    - require:
      - file: pki_dir

Steps to Reproduce Issue

  1. Configure windows minion with feature: x509v2 and restart minion service
  2. Run state.apply on the minion with the create-private-key.sls state

Versions Report

Master:

Salt Version:
          Salt: 3006.9

Python Version:
        Python: 3.10.14 (main, Jun 26 2024, 11:44:37) [GCC 11.2.0]

Dependency Versions:
          cffi: 1.14.6
      cherrypy: unknown
  cryptography: 42.0.5
      dateutil: 2.8.1
     docker-py: Not Installed
         gitdb: Not Installed
     gitpython: Not Installed
        Jinja2: 3.1.4
       libgit2: Not Installed
  looseversion: 1.0.2
      M2Crypto: Not Installed
          Mako: Not Installed
       msgpack: 1.0.2
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     packaging: 22.0
     pycparser: 2.21
      pycrypto: Not Installed
  pycryptodome: 3.19.1
        pygit2: Not Installed
  python-gnupg: 0.4.8
        PyYAML: 6.0.1
         PyZMQ: 23.2.0
        relenv: 0.17.0
         smmap: Not Installed
       timelib: 0.2.4
       Tornado: 4.5.3
           ZMQ: 4.3.4

Salt Extensions:
        SSEAPE: 8.17.0.6

System Versions:
          dist: rhel 9.4 Plow
        locale: utf-8
       machine: x86_64
       release: 5.14.0-427.31.1.el9_4.x86_64
        system: Linux
       version: Red Hat Enterprise Linux 9.4 Plow

Minion:

Salt Version:
              Salt: 3006.9

    Python Version:
            Python: 3.10.14 (heads/main:9f7d197, Jun 26 2024, 11:42:40) [MSC v.1940 64 bit (AMD64)]

    Dependency Versions:
              cffi: 1.14.6
          cherrypy: 18.6.1
      cryptography: 42.0.5
          dateutil: 2.8.1
         docker-py: Not Installed
             gitdb: 4.0.7
         gitpython: Not Installed
            Jinja2: 3.1.4
           libgit2: Not Installed
      looseversion: 1.0.2
          M2Crypto: Not Installed
              Mako: Not Installed
           msgpack: 1.0.2
      msgpack-pure: Not Installed
      mysql-python: Not Installed
         packaging: 22.0
         pycparser: 2.21
          pycrypto: Not Installed
      pycryptodome: 3.19.1
            pygit2: Not Installed
      python-gnupg: 0.4.8
            PyYAML: 6.0.1
             PyZMQ: 25.0.2
            relenv: 0.17.0
             smmap: 4.0.0
           timelib: 0.2.4
           Tornado: 4.5.3
               ZMQ: 4.3.4

    System Versions:
          dist:
            locale: utf-8
           machine: AMD64
           release: 2022Server
            system: Windows
           version: 2022Server 10.0.20348 SP0 Multiprocessor Free
welcome[bot] commented 2 weeks ago

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey. Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar. If you have additional questions, email us at saltproject@vmware.com. We’re glad you’ve joined our community and look forward to doing awesome things with you!