From a277e05c88a447607fdda9cc499d697e84f99448 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20=C3=81lvaro?= <carlos@cdalvaro.io>
Date: Tue, 3 Nov 2020 20:30:36 +0100
Subject: [PATCH] fix: Change certificates ownership

---
 assets/runtime/functions.sh | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/assets/runtime/functions.sh b/assets/runtime/functions.sh
index e8689983..028ed2ce 100755
--- a/assets/runtime/functions.sh
+++ b/assets/runtime/functions.sh
@@ -208,8 +208,10 @@ function configure_salt_api()
   echo "Configuring salt-api service ..."
 
   CERTS_PATH=/etc/pki
+  SALT_API_KEY_FILE='docker-salt-master'
   rm -rf "${CERTS_PATH}/tls/certs/*"
-  salt-call --local tls.create_self_signed_cert cacert_path="${CERTS_PATH}" CN=docker-salt-master
+  salt-call --local tls.create_self_signed_cert cacert_path="${CERTS_PATH}" CN="${SALT_API_KEY_FILE}"
+  chown "${SALT_USER}": "${CERTS_PATH}/tls/certs/${SALT_API_KEY_FILE}".{crt,key}
 
   cat >> "${SALT_ROOT_DIR}/master" <<EOF
 
@@ -221,8 +223,8 @@ api_logfile: ${SALT_LOGS_DIR}/salt/api
 
 rest_cherrypy:
   port: 8000
-  ssl_crt: /etc/pki/tls/certs/docker-salt-master.crt
-  ssl_key: /etc/pki/tls/certs/docker-salt-master.key
+  ssl_crt: ${CERTS_PATH}/tls/certs/${SALT_API_KEY_FILE}.crt
+  ssl_key: ${CERTS_PATH}/tls/certs/${SALT_API_KEY_FILE}.key
 EOF
 
   # configure supervisord to start salt-api