Have boot.py verify that the existing instance's service key is valid and regenerate if it is not

This prevents the scenario where a container is restarted after an outage and therefore runs with a bad key

boot.py

@@ -10,7 +10,9 @@ import release
 import os.path
 
 from app import app
+from data.model import ServiceKeyDoesNotExist
 from data.model.release import set_region_release
+from data.model.service_keys import get_service_key
 from util.config.database import sync_database_with_config
 from util.generatepresharedkey import generate_key
 from  _init import CONF_DIR
@@ -44,8 +46,21 @@ def setup_jwt_proxy():
   Creates a service key for quay to use in the jwtproxy and generates the JWT proxy configuration.
   """
   if os.path.exists(os.path.join(CONF_DIR, 'jwtproxy_conf.yaml')):
-    # Proxy is already setup.
+    # Proxy is already setup. Make sure the service key is still valid.
+    try:
+      with open(app.config['INSTANCE_SERVICE_KEY_KID_LOCATION']) as f:
+        quay_key_id = f.read()
+
+      try:
+        get_service_key(quay_key_id, approved_only=False)
+      except ServiceKeyDoesNotExist:
+        logger.exception('Could not find non-expired existing service key %s; creating a new one',
+                         quay_key_id)
+
+      # Found a valid service key, so exiting.
       return
+    except IOError:
+      logger.exception('Could not load existing service key; creating a new one')
 
   # Generate the key for this Quay instance to use.
   minutes_until_expiration = app.config.get('INSTANCE_SERVICE_KEY_EXPIRATION', 120)