Merge pull request #6195 from Security-Onion-Solutions/issue/6146

Issue/6146
2025-12-06 17:22:49 +01:00 · 2021-11-11 11:47:33 -05:00
parent f91a6d3cb6 8da2133cff
commit 22959f0260
4 changed files with 15 additions and 2 deletions
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -110,6 +110,9 @@ base:
    - elasticsearch.eval
 {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
    - elasticsearch.auth
 {% endif %}
 {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/kibana/secrets.sls') %}
    - kibana.secrets
 {% endif %}
    - global
    - minions.{{ grains.id }}
--- a/salt/kibana/config.map.jinja
+++ b/salt/kibana/config.map.jinja
@@ -6,8 +6,10 @@
  {% do KIBANACONFIG.kibana.config.xpack.update({'security': {'authc': {'providers': {'anonymous': {'anonymous1': {'order': 0, 'credentials': 'elasticsearch_anonymous_user'}}}}}}) %}
 {% endif %}
-{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/kibana/secrets.sls') %}
+{% if salt['pillar.get']('kibana:secrets') %}
-  {% do KIBANACONFIG.kibana.config.xpack.update({'encryptedSavedObjects': {'encryptionKey': pillar['kibana']['secrets']['encryptedSavedObjects']['encryptionKey'] }}) %}
+  {% do KIBANACONFIG.kibana.config.xpack.update({'encryptedSavedObjects': {'encryptionKey': pillar['kibana']['secrets']['encryptedSavedObjects']['encryptionKey']}}) %}
  {% do KIBANACONFIG.kibana.config.xpack.security.update({'encryptionKey': pillar['kibana']['secrets']['security']['encryptionKey']}) %}
  {% do KIBANACONFIG.kibana.config.xpack.update({'reporting': {'encryptionKey': pillar['kibana']['secrets']['reporting']['encryptionKey']}}) %}
 {% endif %}
 {% set KIBANACONFIG = salt['pillar.get']('kibana:config', default=KIBANACONFIG.kibana.config, merge=True) %}
--- a/salt/kibana/defaults.yaml
+++ b/salt/kibana/defaults.yaml
@@ -30,3 +30,5 @@ kibana:
    xpack:
      ml:
        enabled: False
      security:
        secureCookies: True
--- a/salt/kibana/secrets.sls
+++ b/salt/kibana/secrets.sls
@@ -2,6 +2,8 @@
 {% if sls in allowed_states %}
  {% set kibana_encryptedSavedObjects_encryptionKey = salt['pillar.get']('kibana:secrets:encryptedSavedObjects:encryptionKey', salt['random.get_str'](72)) %}
  {% set kibana_security_encryptionKey = salt['pillar.get']('kibana:secrets:security:encryptionKey', salt['random.get_str'](72)) %}
  {% set kibana_reporting_encryptionKey = salt['pillar.get']('kibana:secrets:reporting:encryptionKey', salt['random.get_str'](72)) %}
 kibana_pillar_directory:
  file.directory:
@@ -17,6 +19,10 @@ kibana_secrets_pillar:
          secrets:
            encryptedSavedObjects:
              encryptionKey: {{ kibana_encryptedSavedObjects_encryptionKey }}
            security:
              encryptionKey: {{ kibana_security_encryptionKey }}
            reporting:
              encryptionKey: {{ kibana_reporting_encryptionKey }}
    - show_changes: False
 {% else %}