fail the state if it isnt in top

salt/ca/init.sls

@@ -58,4 +58,10 @@ cakeyperms:
     - mode: 640
     - group: 939
 
+{% else %}
+
+ca_state_not_allowed:
+  test.fail_without_changes:
+    - name: ca_state_not_allowed
+
 {% endif %}

salt/common/init.sls

@@ -197,4 +197,10 @@ docker:
   service.running:
     - enable: True
 
+{% else %}
+
+common_state_not_allowed:
+  test.fail_without_changes:
+    - name: common_state_not_allowed
+
 {% endif %}

salt/curator/init.sls

@@ -137,4 +137,10 @@ so-curator:
 # End Curator Cron Jobs
 {% endif %}
 
+{% else %}
+
+curator_state_not_allowed:
+  test.fail_without_changes:
+    - name: curator_state_not_allowed
+
 {% endif %}

salt/docker/init.sls

@@ -10,6 +10,12 @@ installdocker:
 # Make sure Docker is running!
 docker:
   service.running:
-    - enable: TrueA
+    - enable: True
+
+{% else %}
+
+docker_state_not_allowed:
+  test.fail_without_changes:
+    - name: docker_state_not_allowed
 
 {% endif %}

salt/domainstats/init.sls

@@ -56,4 +56,10 @@ so-domainstats:
     - binds:
       - /opt/so/log/domainstats:/var/log/domain_stats
 
+{% else %}
+
+domainstats_state_not_allowed:
+  test.fail_without_changes:
+    - name: domainstats_state_not_allowed
+
 {% endif %}

salt/elastalert/init.sls

@@ -131,4 +131,10 @@ so-elastalert:
       - module: wait_for_elasticsearch
 {% endif %}
 
+{% else %}
+
+elastalert_state_not_allowed:
+  test.fail_without_changes:
+    - name: elastalert_state_not_allowed
+
 {% endif %}

salt/elasticsearch/init.sls

@@ -244,4 +244,10 @@ so-elasticsearch-templates:
     - cwd: /opt/so
 {% endif %}
 
+{% else %}
+
+elasticsearch_state_not_allowed:
+  test.fail_without_changes:
+    - name: elasticsearch_state_not_allowed
+
 {% endif %}

salt/filebeat/init.sls

@@ -75,4 +75,10 @@ so-filebeat:
     - watch:
       - file: /opt/so/conf/filebeat/etc/filebeat.yml
 
+{% else %}
+
+filebeat_state_not_allowed:
+  test.fail_without_changes:
+    - name: filebeat_state_not_allowed
+
 {% endif %}

salt/firewall/init.sls

@@ -134,4 +134,10 @@ iptables_drop_all_the_things:
     - jump: DROP
     - save: True
 
+{% else %}
+
+firewall_state_not_allowed:
+  test.fail_without_changes:
+    - name: firewall_state_not_allowed
+
 {% endif %}

salt/fleet/init.sls

@@ -139,4 +139,10 @@ so-fleet:
 
 {% endif %}
 
+{% else %}
+
+fleet_state_not_allowed:
+  test.fail_without_changes:
+    - name: fleet_state_not_allowed
+
 {% endif %}

salt/freqserver/init.sls

@@ -56,5 +56,11 @@ so-freq:
     - binds:
       - /opt/so/log/freq_server:/var/log/freq_server:rw
 
+{% else %}
+
+freqserver_state_not_allowed:
+  test.fail_without_changes:
+    - name: freqserver_state_not_allowed
+
 {% endif %}
 

salt/grafana/init.sls

@@ -237,4 +237,10 @@ so-grafana:
 
 {% endif %}
 
+{% else %}
+
+grafana_state_not_allowed:
+  test.fail_without_changes:
+    - name: grafana_state_not_allowed
+
 {% endif %}

salt/healthcheck/init.sls

@@ -29,4 +29,10 @@ healthcheck_schedule_{{ STATUS[1] }}:
   schedule.{{ STATUS[1] }}:
     - name: healthcheck
 
+{% else %}
+
+healthcheck_state_not_allowed:
+  test.fail_without_changes:
+    - name: healthcheck_state_not_allowed
+
 {% endif %}

salt/idstools/init.sls

@@ -75,4 +75,10 @@ so-idstools:
     - watch:
       - file: idstoolsetcsync
 
+{% else %}
+
+idstools_state_not_allowed:
+  test.fail_without_changes:
+    - name: idstools_state_not_allowed
+
 {% endif%}

salt/influxdb/init.sls

@@ -47,4 +47,10 @@ so-influxdb:
 
 {% endif %}
 
+{% else %}
+
+influxdb_state_not_allowed:
+  test.fail_without_changes:
+    - name: influxdb_state_not_allowed
+
 {% endif %}

salt/kibana/init.sls

@@ -121,4 +121,10 @@ so-kibana-config-load:
 #    - source: salt://kibana/bin/keepkibanahappy.sh
 #    - template: jinja
 
+{% else %}
+
+kibana_state_not_allowed:
+  test.fail_without_changes:
+    - name: kibana_state_not_allowed
+
 {% endif %}

salt/logstash/init.sls

@@ -201,4 +201,10 @@ so-logstash:
       - file: es_template_{{TEMPLATE.split('.')[0] | replace("/","_") }}
 {% endfor %}
 
+{% else %}
+
+logstash_state_not_allowed:
+  test.fail_without_changes:
+    - name: logstash_state_not_allowed
+
 {% endif %}

salt/manager/init.sls

@@ -82,4 +82,10 @@ so-aptcacherng:
 
 {% endif %}
 
+{% else %}
+
+manager_state_not_allowed:
+  test.fail_without_changes:
+    - name: manager_state_not_allowed
+
 {% endif %}

salt/minio/init.sls

@@ -62,4 +62,10 @@ so-minio:
       - /etc/pki/minio.crt:/.minio/certs/public.crt:ro
     - entrypoint: "/usr/bin/docker-entrypoint.sh server --certs-dir /.minio/certs --address :9595 /data"
 
+{% else %}
+
+minio_state_not_allowed:
+  test.fail_without_changes:
+    - name: minio_state_not_allowed
+
 {% endif %}

salt/motd/init.sls

@@ -9,4 +9,10 @@ so_motd:
     - source: salt://motd/files/so_motd.jinja
     - template: jinja
 
+{% else %}
+
+motd_state_not_allowed:
+  test.fail_without_changes:
+    - name: motd_state_not_allowed
+
 {% endif %}

salt/mysql/init.sls

@@ -99,4 +99,10 @@ so-mysql:
       - docker_container: so-mysql
 {% endif %}
 
+{% else %}
+
+mysql_state_not_allowed:
+  test.fail_without_changes:
+    - name: mysql_state_not_allowed
+
 {% endif %}

salt/nginx/init.sls

@@ -95,4 +95,10 @@ so-nginx:
       - file: nginxconf
       - file: nginxconfdir
 
+{% else %}
+
+nginx_state_not_allowed:
+  test.fail_without_changes:
+    - name: nginx_state_not_allowed
+
 {% endif %}

salt/nodered/init.sls

@@ -79,4 +79,10 @@ so-nodered-flows:
     - name: /usr/sbin/so-nodered-load-flows
     - cwd: /
 
+{% else %}
+
+nodered_state_not_allowed:
+  test.fail_without_changes:
+    - name: nodered_state_not_allowed
+
 {% endif %}

salt/pcap/init.sls

@@ -166,4 +166,10 @@ so-sensoroni:
     - watch:
       - file: /opt/so/conf/sensoroni/sensoroni.json
 
+{% else %}
+
+pcap_state_not_allowed:
+  test.fail_without_changes:
+    - name: pcap_state_not_allowed
+
 {% endif %}

salt/playbook/init.sls

@@ -103,4 +103,10 @@ so-playbookruleupdatecron:
     - minute: '1'
     - hour: '6'
 
+{% else %}
+
+playbook_state_not_allowed:
+  test.fail_without_changes:
+    - name: playbook_state_not_allowed
+
 {% endif %}

salt/redis/init.sls

@@ -70,4 +70,10 @@ so-redis:
     - watch:
       - file: /opt/so/conf/redis/etc
 
+{% else %}
+
+redis_state_not_allowed:
+  test.fail_without_changes:
+    - name: redis_state_not_allowed
+
 {% endif %}

salt/registry/init.sls

@@ -57,4 +57,10 @@ so-dockerregistry:
       - /etc/pki/registry.crt:/etc/pki/registry.crt:ro
       - /etc/pki/registry.key:/etc/pki/registry.key:ro
 
+{% else %}
+
+registry_state_not_allowed:
+  test.fail_without_changes:
+    - name: registry_state_not_allowed
+
 {% endif %}

salt/salt/master.sls

@@ -33,4 +33,10 @@ engines_config:
     - watch_in:
         - service: salt_minion_service
 
+{% else %}
+
+salt_master_state_not_allowed:
+  test.fail_without_changes:
+    - name: salt_master_state_not_allowed
+
 {% endif %}

salt/soc/init.sls

@@ -104,4 +104,10 @@ so-kratos:
     - watch:
       - file: /opt/so/conf/kratos
 
+{% else %}
+
+soc_state_not_allowed:
+  test.fail_without_changes:
+    - name: soc_state_not_allowed
+
 {% endif %}

salt/soctopus/init.sls

@@ -69,4 +69,10 @@ so-soctopus:
     - extra_hosts:
       - {{MANAGER_URL}}:{{MANAGER_IP}}
 
+{% else %}
+
+soctopus_state_not_allowed:
+  test.fail_without_changes:
+    - name: soctopus_state_not_allowed
+
 {% endif %}

salt/ssl/init.sls

@@ -576,4 +576,10 @@ elastickeyperms:
 
 {%- endif %}
 
+{% else %}
+
+ssl_state_not_allowed:
+  test.fail_without_changes:
+    - name: ssl_state_not_allowed
+
 {% endif %}

salt/strelka/init.sls

@@ -145,4 +145,10 @@ strelka_zeek_extracted_sync:
     - name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/ > /dev/null 2>&1'
     - minute: '*'
 
+{% else %}
+
+strelka_state_not_allowed:
+  test.fail_without_changes:
+    - name: strelka_state_not_allowed
+
 {% endif %}

salt/suricata/init.sls

@@ -178,4 +178,10 @@ surilogrotate:
     - month: '*'
     - dayweek: '*'
 
+{% else %}
+
+suricata_state_not_allowed:
+  test.fail_without_changes:
+    - name: suricata_state_not_allowed
+
 {% endif %}

salt/tcpreplay/init.sls

@@ -12,4 +12,10 @@ so-tcpreplay:
     - interactive: True
     - tty: True
 
+{% else %}
+
+tcpreplay_state_not_allowed:
+  test.fail_without_changes:
+    - name: tcpreplay_state_not_allowed
+
 {% endif %}

salt/telegraf/init.sls

@@ -73,4 +73,10 @@ so-telegraf:
       - file: tgrafconf
       - file: tgrafsyncscripts
 
+{% else %}
+
+telegraf_state_not_allowed:
+  test.fail_without_changes:
+    - name: telegraf_state_not_allowed
+
 {% endif %}

salt/thehive/init.sls

@@ -143,4 +143,10 @@ thehivescript:
     - template: jinja
     - hide_output: True
 
+{% else %}
+
+thehive_state_not_allowed:
+  test.fail_without_changes:
+    - name: thehive_state_not_allowed
+
 {% endif %}

salt/utility/init.sls

@@ -25,4 +25,10 @@ fixsearch:
     - template: jinja
 {% endif %}
 
+{% else %}
+
+utility_state_not_allowed:
+  test.fail_without_changes:
+    - name: utility_state_not_allowed
+
 {% endif %}

salt/wazuh/init.sls

@@ -147,4 +147,10 @@ hidsruledir:
   file.symlink:
     - target: /nsm/wazuh/ruleset
 
+{% else %}
+
+wazuh_state_not_allowed:
+  test.fail_without_changes:
+    - name: wazuh_state_not_allowed
+
 {% endif %}

salt/yum/init.sls

@@ -10,4 +10,10 @@ yumconf:
     - mode: 644
     - template: jinja
 
+{% else %}
+
+yum_state_not_allowed:
+  test.fail_without_changes:
+    - name: yum_state_not_allowed
+
 {% endif %}

salt/zeek/init.sls

@@ -196,4 +196,10 @@ so-zeek:
       - file: /opt/so/conf/zeek/policy
       - file: /opt/so/conf/zeek/bpf
 
+{% else %}
+
+zeek_state_not_allowed:
+  test.fail_without_changes:
+    - name: zeek_state_not_allowed
+
 {% endif %}