From 2a39f5f0b58bf2caa2301d7ceb941787544a5f11 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Fri, 12 May 2023 16:27:18 -0400
Subject: [PATCH] enabled/disable mysql in ui

---
 salt/manager/tools/sbin/so-minion |  11 +++
 salt/mysql/config.sls             |  93 +++++++++++++++++++++
 salt/mysql/defaults.yaml          |   2 +
 salt/mysql/disabled.sls           |  27 ++++++
 salt/mysql/enabled.sls            |  66 +++++++++++++++
 salt/mysql/init.sls               | 132 ++----------------------------
 salt/mysql/map.jinja              |   7 ++
 salt/mysql/soc_mysql.yaml         |   4 +
 salt/mysql/sostatus.sls           |  21 +++++
 9 files changed, 237 insertions(+), 126 deletions(-)
 create mode 100644 salt/mysql/config.sls
 create mode 100644 salt/mysql/defaults.yaml
 create mode 100644 salt/mysql/disabled.sls
 create mode 100644 salt/mysql/enabled.sls
 create mode 100644 salt/mysql/map.jinja
 create mode 100644 salt/mysql/soc_mysql.yaml
 create mode 100644 salt/mysql/sostatus.sls

diff --git a/salt/manager/tools/sbin/so-minion b/salt/manager/tools/sbin/so-minion
index 601a23682..3ec17f79f 100755
--- a/salt/manager/tools/sbin/so-minion
+++ b/salt/manager/tools/sbin/so-minion
@@ -331,6 +331,13 @@ function add_registry_to_minion() {
 	"  " >> $PILLARFILE
 }
 
+function add_mysql_to_minion() {
+    printf '%s\n'\
+    "mysql:"\
+    "  enabled: True"\
+	"  " >> $PILLARFILE
+}
+
 function create_fleet_policy() {
 
 	JSON_STRING=$( jq -n \
@@ -387,6 +394,7 @@ function createEVAL() {
 	add_soctopus_to_minion
 	add_soc_to_minion
 	add_registry_to_minion
+	add_mysql_to_minion
 }
 
 function createSTANDALONE() {
@@ -405,6 +413,7 @@ function createSTANDALONE() {
 	add_soctopus_to_minion
 	add_soc_to_minion
 	add_registry_to_minion
+	add_mysql_to_minion
 }
 
 function createMANAGER() {
@@ -421,6 +430,7 @@ function createMANAGER() {
 	add_soctopus_to_minion
 	add_soc_to_minion
 	add_registry_to_minion
+	add_mysql_to_minion
 }
 
 function createMANAGERSEARCH() {
@@ -437,6 +447,7 @@ function createMANAGERSEARCH() {
 	add_soctopus_to_minion
 	add_soc_to_minion
 	add_registry_to_minion
+	add_mysql_to_minion
 }
 
 function createIMPORT() {
diff --git a/salt/mysql/config.sls b/salt/mysql/config.sls
new file mode 100644
index 000000000..d8788c7c9
--- /dev/null
+++ b/salt/mysql/config.sls
@@ -0,0 +1,93 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls.split('.')[0] in allowed_states %}
+{%   set MYSQLPASS = salt['pillar.get']('secrets:mysql') %}
+
+# MySQL Setup
+mysqlpkgs:
+  pkg.installed:
+    - skip_suggestions: False
+    - pkgs:
+      {% if grains['os'] != 'Rocky' %}
+        {% if grains['oscodename'] == 'bionic' %}
+      - python3-mysqldb
+        {% elif grains['oscodename'] == 'focal' %}
+      - python3-mysqldb
+        {% endif %}
+      {% else %}
+      - python3-mysqlclient
+      {% endif %}
+
+mysqletcdir:
+  file.directory:
+    - name: /opt/so/conf/mysql/etc
+    - user: 939
+    - group: 939
+    - makedirs: True
+
+mysqlpiddir:
+  file.directory:
+    - name: /opt/so/conf/mysql/pid
+    - user: 939
+    - group: 939
+    - makedirs: True
+
+mysqlcnf:
+  file.managed:
+    - name: /opt/so/conf/mysql/etc/my.cnf
+    - source: salt://mysql/etc/my.cnf
+    - user: 939
+    - group: 939
+
+mysqlpass:
+  file.managed:
+    - name: /opt/so/conf/mysql/etc/mypass
+    - source: salt://mysql/etc/mypass
+    - user: 939
+    - group: 939
+    - template: jinja
+    - defaults:
+        MYSQLPASS: {{ MYSQLPASS }}
+
+mysqllogdir:
+  file.directory:
+    - name: /opt/so/log/mysql
+    - user: 939
+    - group: 939
+    - makedirs: True
+
+mysqldatadir:
+  file.directory:
+    - name: /nsm/mysql
+    - user: 939
+    - group: 939
+    - makedirs: True
+
+mysql_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://mysql/tools/sbin
+    - user: 939
+    - group: 939
+    - file_mode: 755
+
+#mysql_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://mysql/tools/sbin_jinja
+#    - user: 939
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+  test.fail_without_changes:
+    - name: {{sls}}_state_not_allowed
+
+{% endif %}
diff --git a/salt/mysql/defaults.yaml b/salt/mysql/defaults.yaml
new file mode 100644
index 000000000..87d8cef25
--- /dev/null
+++ b/salt/mysql/defaults.yaml
@@ -0,0 +1,2 @@
+mysql:
+  enabled: False
diff --git a/salt/mysql/disabled.sls b/salt/mysql/disabled.sls
new file mode 100644
index 000000000..805a755e4
--- /dev/null
+++ b/salt/mysql/disabled.sls
@@ -0,0 +1,27 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls.split('.')[0] in allowed_states %}
+
+include:
+  - mysql.sostatus
+  
+so-mysql:
+  docker_container.absent:
+    - force: True
+
+so-mysql_so-status.disabled:
+  file.comment:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - regex: ^so-mysql$
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+  test.fail_without_changes:
+    - name: {{sls}}_state_not_allowed
+
+{% endif %}
diff --git a/salt/mysql/enabled.sls b/salt/mysql/enabled.sls
new file mode 100644
index 000000000..12112121f
--- /dev/null
+++ b/salt/mysql/enabled.sls
@@ -0,0 +1,66 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls.split('.')[0] in allowed_states %}
+{%   from 'docker/docker.map.jinja' import DOCKER %}
+{%   from 'vars/globals.map.jinja' import GLOBALS %}
+{%   set MYSQLPASS = salt['pillar.get']('secrets:mysql') %}
+
+include:
+  - mysql.config
+  - mysql.sostatus
+
+{% if MYSQLPASS == None %}
+
+mysql_password_none:
+  test.configurable_test_state:
+    - changes: False
+    - result: False
+    - comment: "MySQL Password Error - Not Starting MySQL"
+
+{% else %}
+
+so-mysql:
+  docker_container.running:
+    - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-mysql:{{ GLOBALS.so_version }}
+    - hostname: so-mysql
+    - user: socore
+    - networks:
+      - sobridge:
+        - ipv4_address: {{ DOCKER.containers['so-mysql'].ip }}
+    - extra_hosts:
+      - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
+    - port_bindings:
+      {% for BINDING in DOCKER.containers['so-mysql'].port_bindings %}
+      - {{ BINDING }}
+      {% endfor %}
+    - environment:
+      - MYSQL_ROOT_HOST={{ GLOBALS.so_docker_bip }}
+      - MYSQL_ROOT_PASSWORD=/etc/mypass
+    - binds:
+      - /opt/so/conf/mysql/etc/my.cnf:/etc/my.cnf:ro
+      - /opt/so/conf/mysql/etc/mypass:/etc/mypass
+      - /nsm/mysql:/var/lib/mysql:rw
+      - /opt/so/log/mysql:/var/log/mysql:rw
+    - watch:
+      - /opt/so/conf/mysql/etc
+    - require:
+      - file: mysqlcnf
+      - file: mysqlpass
+{% endif %}
+
+delete_so-mysql_so-status.disabled:
+  file.uncomment:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - regex: ^so-mysql$
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+  test.fail_without_changes:
+    - name: {{sls}}_state_not_allowed
+
+{% endif %}
diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls
index 1c0ca70c0..48e4f558c 100644
--- a/salt/mysql/init.sls
+++ b/salt/mysql/init.sls
@@ -1,134 +1,14 @@
+
 # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
-{% from 'allowed_states.map.jinja' import allowed_states %}
-{% if sls in allowed_states %}
-{% from 'docker/docker.map.jinja' import DOCKER %}
-{% from 'vars/globals.map.jinja' import GLOBALS %}
-{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql') %}
-
-# MySQL Setup
-mysqlpkgs:
-  pkg.installed:
-    - skip_suggestions: False
-    - pkgs:
-      {% if grains['os'] != 'Rocky' %}
-        {% if grains['oscodename'] == 'bionic' %}
-      - python3-mysqldb
-        {% elif grains['oscodename'] == 'focal' %}
-      - python3-mysqldb
-        {% endif %}
-      {% else %}
-      - python3-mysqlclient
-      {% endif %}
-
-mysqletcdir:
-  file.directory:
-    - name: /opt/so/conf/mysql/etc
-    - user: 939
-    - group: 939
-    - makedirs: True
-
-mysqlpiddir:
-  file.directory:
-    - name: /opt/so/conf/mysql/pid
-    - user: 939
-    - group: 939
-    - makedirs: True
-
-mysqlcnf:
-  file.managed:
-    - name: /opt/so/conf/mysql/etc/my.cnf
-    - source: salt://mysql/etc/my.cnf
-    - user: 939
-    - group: 939
-
-mysqlpass:
-  file.managed:
-    - name: /opt/so/conf/mysql/etc/mypass
-    - source: salt://mysql/etc/mypass
-    - user: 939
-    - group: 939
-    - template: jinja
-    - defaults:
-        MYSQLPASS: {{ MYSQLPASS }}
-
-mysqllogdir:
-  file.directory:
-    - name: /opt/so/log/mysql
-    - user: 939
-    - group: 939
-    - makedirs: True
-
-mysqldatadir:
-  file.directory:
-    - name: /nsm/mysql
-    - user: 939
-    - group: 939
-    - makedirs: True
-
-mysql_sbin:
-  file.recurse:
-    - name: /usr/sbin
-    - source: salt://mysql/tools/sbin
-    - user: 939
-    - group: 939
-    - file_mode: 755
-
-#mysql_sbin_jinja:
-#  file.recurse:
-#    - name: /usr/sbin
-#    - source: salt://mysql/tools/sbin_jinja
-#    - user: 939
-#    - group: 939 
-#    - file_mode: 755
-#    - template: jinja
-
-{% if MYSQLPASS == None %}
-
-mysql_password_none:
-  test.configurable_test_state:
-    - changes: False
-    - result: False
-    - comment: "MySQL Password Error - Not Starting MySQL"
+{% from 'mysql/map.jinja' import MYSQLMERGED %}
 
+include:
+{% if MYSQLMERGED.enabled %}
+  - mysql.enabled
 {% else %}
-
-so-mysql:
-  docker_container.running:
-    - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-mysql:{{ GLOBALS.so_version }}
-    - hostname: so-mysql
-    - user: socore
-    - networks:
-      - sobridge:
-        - ipv4_address: {{ DOCKER.containers['so-mysql'].ip }}
-    - extra_hosts:
-      - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }}
-    - port_bindings:
-      {% for BINDING in DOCKER.containers['so-mysql'].port_bindings %}
-      - {{ BINDING }}
-      {% endfor %}
-    - environment:
-      - MYSQL_ROOT_HOST={{ GLOBALS.so_docker_bip }}
-      - MYSQL_ROOT_PASSWORD=/etc/mypass
-    - binds:
-      - /opt/so/conf/mysql/etc/my.cnf:/etc/my.cnf:ro
-      - /opt/so/conf/mysql/etc/mypass:/etc/mypass
-      - /nsm/mysql:/var/lib/mysql:rw
-      - /opt/so/log/mysql:/var/log/mysql:rw
-    - watch:
-      - /opt/so/conf/mysql/etc
-    - require:
-      - file: mysqlcnf
-      - file: mysqlpass
-{% endif %}
-
-{% else %}
-
-{{sls}}_state_not_allowed:
-  test.fail_without_changes:
-    - name: {{sls}}_state_not_allowed
-
+  - mysql.disabled
 {% endif %}
diff --git a/salt/mysql/map.jinja b/salt/mysql/map.jinja
new file mode 100644
index 000000000..dd9a6474e
--- /dev/null
+++ b/salt/mysql/map.jinja
@@ -0,0 +1,7 @@
+{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+   or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+   https://securityonion.net/license; you may not use this file except in compliance with the
+   Elastic License 2.0. #}
+
+{% import_yaml 'mysql/defaults.yaml' as MYSQLDEFAULTS with context %}
+{% set MYSQLMERGED = salt['pillar.get']('mysql', MYSQLDEFAULTS.mysql, merge=True) %}
diff --git a/salt/mysql/soc_mysql.yaml b/salt/mysql/soc_mysql.yaml
new file mode 100644
index 000000000..4be816d90
--- /dev/null
+++ b/salt/mysql/soc_mysql.yaml
@@ -0,0 +1,4 @@
+mysql:
+  enabled:
+    description: You can enable or disable MySQL.
+    advanced: True
diff --git a/salt/mysql/sostatus.sls b/salt/mysql/sostatus.sls
new file mode 100644
index 000000000..2f5dbba06
--- /dev/null
+++ b/salt/mysql/sostatus.sls
@@ -0,0 +1,21 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls.split('.')[0] in allowed_states %}
+
+append_so-mysql_so-status.conf:
+  file.append:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - text: so-mysql
+    - unless: grep -q so-mysql /opt/so/conf/so-status/so-status.conf
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+  test.fail_without_changes:
+    - name: {{sls}}_state_not_allowed
+
+{% endif %}