From 2dfa83dd7da1ec2a0cb87aef8a9cabdc42fc0161 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 9 Apr 2026 14:09:32 -0400 Subject: [PATCH] Wire postgres credentials into SOC module config - Create vars/postgres.map.jinja for postgres auth globals - Add POSTGRES_GLOBALS to all manager-type role vars (manager, eval, standalone, managersearch, import) - Add postgres module config to soc/defaults.yaml - Inject so_postgres credentials from auth pillar into soc/defaults.map.jinja (conditional on auth pillar existing) --- salt/soc/defaults.map.jinja | 4 ++++ salt/soc/defaults.yaml | 8 ++++++++ salt/vars/eval.map.jinja | 2 ++ salt/vars/import.map.jinja | 2 ++ salt/vars/manager.map.jinja | 4 +++- salt/vars/managersearch.map.jinja | 4 +++- salt/vars/postgres.map.jinja | 16 ++++++++++++++++ salt/vars/standalone.map.jinja | 2 ++ 8 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 salt/vars/postgres.map.jinja diff --git a/salt/soc/defaults.map.jinja b/salt/soc/defaults.map.jinja index 2821bb8e5..e823477b0 100644 --- a/salt/soc/defaults.map.jinja +++ b/salt/soc/defaults.map.jinja @@ -24,6 +24,10 @@ {% do SOCDEFAULTS.soc.config.server.modules.elastic.update({'username': GLOBALS.elasticsearch.auth.users.so_elastic_user.user, 'password': GLOBALS.elasticsearch.auth.users.so_elastic_user.pass}) %} +{% if GLOBALS.postgres is defined and GLOBALS.postgres.auth is defined %} +{% do SOCDEFAULTS.soc.config.server.modules.postgres.update({'username': GLOBALS.postgres.auth.users.so_postgres_user.user, 'password': GLOBALS.postgres.auth.users.so_postgres_user.pass}) %} +{% endif %} + {% do SOCDEFAULTS.soc.config.server.modules.influxdb.update({'hostUrl': 'https://' ~ GLOBALS.influxdb_host ~ ':8086'}) %} {% do SOCDEFAULTS.soc.config.server.modules.influxdb.update({'token': INFLUXDB_TOKEN}) %} {% for tool in SOCDEFAULTS.soc.config.server.client.tools %} diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index 0bde8f20e..2bdbbae37 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -1491,6 +1491,14 @@ soc: org: Security Onion bucket: telegraf/so_short_term verifyCert: false + postgres: + hostUrl: so-postgres + port: 5432 + username: + password: + dbname: securityonion + sslMode: require + assistantEnabled: true playbook: autoUpdateEnabled: true playbookImportFrequencySeconds: 86400 diff --git a/salt/vars/eval.map.jinja b/salt/vars/eval.map.jinja index 3c2e66a97..3cba33797 100644 --- a/salt/vars/eval.map.jinja +++ b/salt/vars/eval.map.jinja @@ -1,4 +1,5 @@ {% from 'vars/elasticsearch.map.jinja' import ELASTICSEARCH_GLOBALS %} +{% from 'vars/postgres.map.jinja' import POSTGRES_GLOBALS %} {% from 'vars/sensor.map.jinja' import SENSOR_GLOBALS %} {% set ROLE_GLOBALS = {} %} @@ -6,6 +7,7 @@ {% set EVAL_GLOBALS = [ ELASTICSEARCH_GLOBALS, + POSTGRES_GLOBALS, SENSOR_GLOBALS ] %} diff --git a/salt/vars/import.map.jinja b/salt/vars/import.map.jinja index f9dfa0c25..8dea3ad7d 100644 --- a/salt/vars/import.map.jinja +++ b/salt/vars/import.map.jinja @@ -1,4 +1,5 @@ {% from 'vars/elasticsearch.map.jinja' import ELASTICSEARCH_GLOBALS %} +{% from 'vars/postgres.map.jinja' import POSTGRES_GLOBALS %} {% from 'vars/sensor.map.jinja' import SENSOR_GLOBALS %} {% set ROLE_GLOBALS = {} %} @@ -6,6 +7,7 @@ {% set IMPORT_GLOBALS = [ ELASTICSEARCH_GLOBALS, + POSTGRES_GLOBALS, SENSOR_GLOBALS ] %} diff --git a/salt/vars/manager.map.jinja b/salt/vars/manager.map.jinja index c6b348341..009dd5607 100644 --- a/salt/vars/manager.map.jinja +++ b/salt/vars/manager.map.jinja @@ -1,12 +1,14 @@ {% from 'vars/elasticsearch.map.jinja' import ELASTICSEARCH_GLOBALS %} {% from 'vars/logstash.map.jinja' import LOGSTASH_GLOBALS %} +{% from 'vars/postgres.map.jinja' import POSTGRES_GLOBALS %} {% set ROLE_GLOBALS = {} %} {% set MANAGER_GLOBALS = [ ELASTICSEARCH_GLOBALS, - LOGSTASH_GLOBALS + LOGSTASH_GLOBALS, + POSTGRES_GLOBALS ] %} diff --git a/salt/vars/managersearch.map.jinja b/salt/vars/managersearch.map.jinja index c2a3d9628..369efe5a4 100644 --- a/salt/vars/managersearch.map.jinja +++ b/salt/vars/managersearch.map.jinja @@ -1,12 +1,14 @@ {% from 'vars/elasticsearch.map.jinja' import ELASTICSEARCH_GLOBALS %} {% from 'vars/logstash.map.jinja' import LOGSTASH_GLOBALS %} +{% from 'vars/postgres.map.jinja' import POSTGRES_GLOBALS %} {% set ROLE_GLOBALS = {} %} {% set MANAGERSEARCH_GLOBALS = [ ELASTICSEARCH_GLOBALS, - LOGSTASH_GLOBALS + LOGSTASH_GLOBALS, + POSTGRES_GLOBALS ] %} diff --git a/salt/vars/postgres.map.jinja b/salt/vars/postgres.map.jinja new file mode 100644 index 000000000..ce65d2d1f --- /dev/null +++ b/salt/vars/postgres.map.jinja @@ -0,0 +1,16 @@ +{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one + or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at + https://securityonion.net/license; you may not use this file except in compliance with the + Elastic License 2.0. #} + +{% import 'vars/init.map.jinja' as INIT %} + +{% + set POSTGRES_GLOBALS = { + 'postgres': {} + } +%} + +{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/postgres/auth.sls') %} +{% do POSTGRES_GLOBALS.postgres.update({'auth': INIT.PILLAR.postgres.auth}) %} +{% endif %} diff --git a/salt/vars/standalone.map.jinja b/salt/vars/standalone.map.jinja index 0e49a327d..6488eb998 100644 --- a/salt/vars/standalone.map.jinja +++ b/salt/vars/standalone.map.jinja @@ -1,5 +1,6 @@ {% from 'vars/elasticsearch.map.jinja' import ELASTICSEARCH_GLOBALS %} {% from 'vars/logstash.map.jinja' import LOGSTASH_GLOBALS %} +{% from 'vars/postgres.map.jinja' import POSTGRES_GLOBALS %} {% from 'vars/sensor.map.jinja' import SENSOR_GLOBALS %} {% set ROLE_GLOBALS = {} %} @@ -8,6 +9,7 @@ [ ELASTICSEARCH_GLOBALS, LOGSTASH_GLOBALS, + POSTGRES_GLOBALS, SENSOR_GLOBALS ] %}