so-telegraf-cred: make executable and harden error handling

so-telegraf-cred was committed with mode 644, causing
`so-telegraf-cred add "$MINION_ID"` in so-minion's add_telegraf_to_minion
to fail with "Permission denied" and log "Failed to provision postgres
telegraf cred for <minion>". Mark it executable.

Also bail early in seed_creds_file if mkdir/printf/chmod fail, and in
so-yaml.py loadYaml surface a clear stderr message with the filename
instead of an unhandled FileNotFoundError traceback.

salt/manager/tools/sbin/so-telegraf-cred

@@ -21,11 +21,11 @@ usage() {
 }
 
 seed_creds_file() {
-    mkdir -p "$(dirname "$CREDS")"
+    mkdir -p "$(dirname "$CREDS")" || return 1
     if [[ ! -f "$CREDS" ]]; then
-        (umask 027 && printf 'telegraf:\n  postgres_creds: {}\n' > "$CREDS")
+        (umask 027 && printf 'telegraf:\n  postgres_creds: {}\n' > "$CREDS") || return 1
         chown socore:socore "$CREDS" 2>/dev/null || true
-        chmod 640 "$CREDS"
+        chmod 640 "$CREDS" || return 1
     fi
 }
 
@@ -36,7 +36,7 @@ MID=$2
 case "$OP" in
     add)
         SAFE=$(echo "$MID" | tr '.-' '__' | tr '[:upper:]' '[:lower:]')
-        seed_creds_file
+        seed_creds_file || exit 1
         if so-yaml.py get -r "$CREDS" "telegraf.postgres_creds.${MID}.user" >/dev/null 2>&1; then
             exit 0
         fi

salt/manager/tools/sbin/so-yaml.py

@@ -39,9 +39,16 @@ def showUsage(args):
 
 
 def loadYaml(filename):
-    file = open(filename, "r")
+    try:
-    content = file.read()
+        with open(filename, "r") as file:
-    return yaml.safe_load(content)
+            content = file.read()
+            return yaml.safe_load(content)
+    except FileNotFoundError:
+        print(f"File not found: {filename}", file=sys.stderr)
+        sys.exit(1)
+    except Exception as e:
+        print(f"Error reading file {filename}: {e}", file=sys.stderr)
+        sys.exit(1)
 
 
 def writeYaml(filename, content):