From 40b08d737c9025c8c73ba580d1078b474342ee42 Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Thu, 4 Apr 2024 16:16:53 -0400
Subject: [PATCH] Generate kafka keystore on changes to kafka.key

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
---
 salt/kafka/config.sls                             | 15 ++++++++++++---
 .../tools/sbin_jinja/so-kafka-generate-keystore   | 11 ++++-------
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/salt/kafka/config.sls b/salt/kafka/config.sls
index c8d6f66e0..dedc68fe8 100644
--- a/salt/kafka/config.sls
+++ b/salt/kafka/config.sls
@@ -80,10 +80,19 @@ kafka_data_dir:
     - group: 960
     - makedirs: True
 
-kafka_keystore_script:
+kafka_generate_keystore:
   cmd.run:
-    - name: /usr/sbin/so-kafka-generate-keystore
-    - cwd: /opt/so
+    - name: "/usr/sbin/so-kafka-generate-keystore"
+    - onchanges:
+      - x509: /etc/pki/kafka.key
+
+kafka_keystore_perms:
+  file.managed:
+    - replace: False
+    - name: /etc/pki/kafka.jks
+    - mode: 640
+    - user: 960
+    - group: 939
 
 kafka_kraft_server_properties:
   file.managed:
diff --git a/salt/kafka/tools/sbin_jinja/so-kafka-generate-keystore b/salt/kafka/tools/sbin_jinja/so-kafka-generate-keystore
index 26f188377..8ae9d6db2 100644
--- a/salt/kafka/tools/sbin_jinja/so-kafka-generate-keystore
+++ b/salt/kafka/tools/sbin_jinja/so-kafka-generate-keystore
@@ -7,10 +7,7 @@
 
 . /usr/sbin/so-common
 
-if [ ! -f /etc/pki/kafka.jks ]; then
-    docker run -v /etc/pki/kafka.p12:/etc/pki/kafka.p12 --name so-kafka-keystore --user root --entrypoint keytool {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-kafka:{{ GLOBALS.so_version }} -importkeystore -srckeystore /etc/pki/kafka.p12 -srcstoretype PKCS12 -srcstorepass changeit -destkeystore /etc/pki/kafka.jks -deststoretype JKS -deststorepass changeit -noprompt
-    docker cp so-kafka-keystore:/etc/pki/kafka.jks /etc/pki/kafka.jks
-    docker rm so-kafka-keystore
-else
-    exit 0
-fi
+# Generate a new keystore
+docker run -v /etc/pki/kafka.p12:/etc/pki/kafka.p12 --name so-kafka-keystore --user root --entrypoint keytool {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-kafka:{{ GLOBALS.so_version }} -importkeystore -srckeystore /etc/pki/kafka.p12 -srcstoretype PKCS12 -srcstorepass changeit -destkeystore /etc/pki/kafka.jks -deststoretype JKS -deststorepass changeit -noprompt
+docker cp so-kafka-keystore:/etc/pki/kafka.jks /etc/pki/kafka.jks
+docker rm so-kafka-keystore
\ No newline at end of file