cli - ziti pki create server - always fails unless --allow-overwrite

[qrkourier]

There seems to be a flaw in the logic that determines whether a bundle exists in the CA.

# this fails expectedly because server.key does not yet exist, so let's create it in the next step
❯ ziti pki create server \
      --pki-root pki \
      --ca-name intermediate \
      --key-file server \
      --server-file server \
      --dns ziti.example.com
Using CA name:  intermediate
error: cannot sign: failed fetching private key: failed fetching bundle intermediate within CA server: failed reading pki/intermediate/keys/server.key: open pki/intermediate/keys/server.key: no such file or directory

# create server.key
❯ ziti pki create key \
      --pki-root pki \
      --ca-name intermediate \
      --key-file server
Using CA name:  intermediate
Success

# now server.key exists, but server.cert does not exist yet, so it shouldn't be a "bundle exists" error
❯ tree pki
pki
├── intermediate
│   ├── certs
│   │   ├── intermediate.cert
│   │   └── intermediate.chain.pem
│   ├── crlnumber
│   ├── crls
│   ├── index.txt
│   ├── index.txt.attr
│   ├── keys
│   │   ├── intermediate.key
│   │   └── server.key
│   └── serial
└── root
    ├── certs
    │   ├── intermediate.cert
    │   └── root.cert
    ├── crlnumber
    ├── crls
    ├── index.txt
    ├── index.txt.attr
    ├── keys
    │   ├── intermediate.key
    │   └── root.key
    └── serial

8 directories, 16 files

# try to use server.key, but it always fails unless --allow-overwrite, which I don't want to use unless I'm intending to clobber the cert
❯ ziti pki create server \
      --pki-root ./pki \
      --ca-name intermediate \
      --key-file server \
      --server-file server \
      --dns ziti.example.com
Using CA name:  intermediate
error: cannot sign: failed saving generated bundle: a bundle already exists for the name server within CA intermediate

❯ ziti --version
v0.34.2