salt: saltstack state.apply command showing u.junos.conn error, but CONF is successfully applied to router via netconf

is it possible this could be related to a bug? i am getting the LockError when attempting to run state.apply but the user it is referring to is a super user

/srv/pillar % sudo salt sj1e2 state.apply DrainSJ1SG1secondary

sj1e2:

----------

ID: Drain SJ1SG1 secondary

Function: netconfig.managed

Result: False

Comment: Cannot execute "load_merge_candidate" on *.*.*.* as SALT. Reason: LockError(severity: error, bad_element: lock-configuration, message: permission denied)!

Configuration discarded.

Started: 15:09:34.276672

Duration: 1146.165 ms

Changes:

----------

diff:



Summary for sj1e2

------------

Succeeded: 0 (changed=1)

Failed: 1

------------

Total states run: 1

Total run time: 1.146 s

ERROR: Minions returned with non-zero exit code

This is the juniper device config related to user SALT

set system login user SALT uid 2003

set system login user SALT class super-user

set system services netconf ssh

here is the sj1e2 (proxy-2.sls) and the Top.sls under /srv/pillar

proxy:

proxytype: napalm

driver: junos

host: *.*.*.*

username: SALT

password: ******

port: 830



base:

'sj1e2':

- proxy-2

When running -l debug with the state.apply command there are two things that stick out besides the LockError

State 'netconfig.managed' was not found in SLS 'DrainSJ1SG1secondary'
Reason: 'netconfig' __virtual__ returned False: "netconfig"" (/usr/lib/python2.7/dist-packages/salt/states/netconfig.pyc) cannot be loaded: NAPALM is not installed or not running in a (proxy) minion

but netconfig.managed is in DrainSJ1SG1secondary.sls here

DrainSJ1SG1secondary:
netconfig.managed:
- template_name: salt://DrainSJ1SG1secondary.conf

also napalm is installed on the minion and the master cut a lot of lines out

saltminion% pip install napalm
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Requirement already satisfied: napalm in ./.local/lib/python2.7/site-packages (2.3.3)
Requirement already satisfied: asn1crypto>=0.21.0 in ./.local/lib/python2.7/site-packages (from cryptography>=1.5->paramiko>=1.15.2->junos-eznc>=2.1.5->napalm) (0.24.0)
[2019-01-26 18:18:43-0800] saltminion% salt-minion --version
salt-minion 2018.3.3 (Oxygen)

and above i posted the proxy-2.sls (sj1e2) which shows the proxytype as napalm

which is is the /srv/pillar dir on the master along with the top.sls. also i could do the configure exclusive from the SALT user name on the device cli

SALT> configure exclusive
warning: uncommitted changes will be discarded on exit
Entering configuration mode

{master}[edit]
SALT#

i can run other modules fine but its state.apply that is specifically giving me issues, so connections to the device isnt a issue.

this is from the master

Salt Version:
           Salt: 2018.3.3

Dependency Versions:
           cffi: 1.11.5
       cherrypy: Not Installed
       dateutil: 2.4.2
      docker-py: Not Installed
          gitdb: 0.6.4
      gitpython: 1.0.1
          ioflo: Not Installed
         Jinja2: 2.8
        libgit2: Not Installed
        libnacl: Not Installed
       M2Crypto: Not Installed
           Mako: 1.0.3
   msgpack-pure: Not Installed
 msgpack-python: 0.4.6
   mysql-python: Not Installed
      pycparser: 2.19
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: Not Installed
         Python: 2.7.12 (default, Dec  4 2017, 14:50:18)
   python-gnupg: 0.3.8
         PyYAML: 3.13
          PyZMQ: 17.1.2
           RAET: Not Installed
          smmap: 0.9.0
        timelib: Not Installed
        Tornado: 4.2.1
            ZMQ: 4.2.5

System Versions:
           dist: Ubuntu 16.04 xenial
         locale: ISO-8859-1
        machine: x86_64
        release: 4.4.0-124-generic
         system: Linux
        version: Ubuntu 16.04 xenial