Generate kafka keystore on changes to kafka.key

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>

salt/kafka/config.sls

@@ -80,10 +80,19 @@ kafka_data_dir:
     - group: 960
     - makedirs: True
 
-kafka_keystore_script:
+kafka_generate_keystore:
   cmd.run:
-    - name: /usr/sbin/so-kafka-generate-keystore
-    - cwd: /opt/so
+    - name: "/usr/sbin/so-kafka-generate-keystore"
+    - onchanges:
+      - x509: /etc/pki/kafka.key
+
+kafka_keystore_perms:
+  file.managed:
+    - replace: False
+    - name: /etc/pki/kafka.jks
+    - mode: 640
+    - user: 960
+    - group: 939
 
 kafka_kraft_server_properties:
   file.managed:

salt/kafka/tools/sbin_jinja/so-kafka-generate-keystore

@@ -7,10 +7,7 @@
 
 . /usr/sbin/so-common
 
-if [ ! -f /etc/pki/kafka.jks ]; then
-    docker run -v /etc/pki/kafka.p12:/etc/pki/kafka.p12 --name so-kafka-keystore --user root --entrypoint keytool {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-kafka:{{ GLOBALS.so_version }} -importkeystore -srckeystore /etc/pki/kafka.p12 -srcstoretype PKCS12 -srcstorepass changeit -destkeystore /etc/pki/kafka.jks -deststoretype JKS -deststorepass changeit -noprompt
-    docker cp so-kafka-keystore:/etc/pki/kafka.jks /etc/pki/kafka.jks
-    docker rm so-kafka-keystore
-else
-    exit 0
-fi
+# Generate a new keystore
+docker run -v /etc/pki/kafka.p12:/etc/pki/kafka.p12 --name so-kafka-keystore --user root --entrypoint keytool {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-kafka:{{ GLOBALS.so_version }} -importkeystore -srckeystore /etc/pki/kafka.p12 -srcstoretype PKCS12 -srcstorepass changeit -destkeystore /etc/pki/kafka.jks -deststoretype JKS -deststorepass changeit -noprompt
+docker cp so-kafka-keystore:/etc/pki/kafka.jks /etc/pki/kafka.jks
+docker rm so-kafka-keystore