Do not crash on add_key/reject_key if the previous one set the drop file. (#27796)

The umask set does not allow salt-key to overwrite the .dfn file. However, if the master has not yet rotated the key but the rotation was requested, there should be no reason to request a second time.
2025-04-17 10:10:20 +00:00 · 2016-02-08 15:00:26 +01:00 · 2016-02-08 15:00:26 +01:00 · 9602fe2aeb
commit 9602fe2aeb
parent 64125de6c7
1 changed files with 3 additions and 0 deletions
--- a/salt/crypt.py
+++ b/salt/crypt.py
@ -55,6 +55,9 @@ def dropfile(cachedir, user=None):
    mask = os.umask(191)
    try:
        log.info('Rotating AES key')
+        if os.path.isfile(dfn):
+            log.info('AES key rotation already requested')
+            return

        with salt.utils.fopen(dfn, 'wb+') as fp_:
            fp_.write('')