From 34db6fb823987361136da15d6b41b4b8b3e8e4f5 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Wed, 28 Jun 2023 15:06:13 -0400
Subject: [PATCH] dont need the unless for ssl since using x509v2 now

---
 salt/ssl/init.sls | 50 -----------------------------------------------
 1 file changed, 50 deletions(-)

diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 4bb706d63..376900f33 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -76,12 +76,6 @@ influxdb_crt:
     - days_remaining: 0
     - days_valid: 820
     - backup: True
-{% if grains.role not in ['so-heavynode'] %}
-    - unless:
-      # https://github.com/saltstack/salt/issues/52167
-      # Will trigger 5 days (432000 sec) from cert expiration
-      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/influxdb.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
-{% endif %}
     - timeout: 30
     - retry:
         attempts: 5
@@ -121,12 +115,6 @@ redis_crt:
     - days_remaining: 0
     - days_valid: 820
     - backup: True
-{% if grains.role not in ['so-heavynode'] %}
-    - unless:
-      # https://github.com/saltstack/salt/issues/52167
-      # Will trigger 5 days (432000 sec) from cert expiration
-      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/redis.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
-{% endif %}
     - timeout: 30
     - retry:
         attempts: 5
@@ -169,12 +157,6 @@ etc_elasticfleet_crt:
     - days_remaining: 0
     - days_valid: 820
     - backup: True
-{% if grains.role not in ['so-heavynode'] %}
-    - unless:
-      # https://github.com/saltstack/salt/issues/52167
-      # Will trigger 5 days (432000 sec) from cert expiration
-      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/elasticfleet.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
-{% endif %}
     - timeout: 30
     - retry:
         attempts: 5
@@ -250,12 +232,6 @@ etc_elasticfleetlogstash_crt:
     - days_remaining: 0
     - days_valid: 820
     - backup: True
-{% if grains.role not in ['so-heavynode'] %}
-    - unless:
-      # https://github.com/saltstack/salt/issues/52167
-      # Will trigger 5 days (432000 sec) from cert expiration
-      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/elasticfleet-logstash.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
-{% endif %}
     - timeout: 30
     - retry:
         attempts: 5
@@ -359,12 +335,6 @@ etc_filebeat_crt:
     - days_remaining: 0
     - days_valid: 820
     - backup: True
-{% if grains.role not in ['so-heavynode'] %}
-    - unless:
-      # https://github.com/saltstack/salt/issues/52167
-      # Will trigger 5 days (432000 sec) from cert expiration
-      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/filebeat.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
-{% endif %}
     - timeout: 30
     - retry:
         attempts: 5
@@ -436,10 +406,6 @@ registry_crt:
     - days_remaining: 0
     - days_valid: 820
     - backup: True
-    - unless:
-      # https://github.com/saltstack/salt/issues/52167
-      # Will trigger 5 days (432000 sec) from cert expiration
-      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/registry.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
     - timeout: 30
     - retry:
         attempts: 5
@@ -478,12 +444,6 @@ regkeyperms:
     - days_remaining: 0
     - days_valid: 820
     - backup: True
-{% if grains.role not in ['so-heavynode'] %}
-    - unless:
-      # https://github.com/saltstack/salt/issues/52167
-      # Will trigger 5 days (432000 sec) from cert expiration
-      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/elasticsearch.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
-{% endif %}
     - timeout: 30
     - retry:
         attempts: 5
@@ -545,12 +505,6 @@ conf_filebeat_crt:
     - days_remaining: 0
     - days_valid: 820
     - backup: True
-{% if grains.role not in ['so-heavynode'] %}
-    - unless:
-      # https://github.com/saltstack/salt/issues/52167
-      # Will trigger 5 days (432000 sec) from cert expiration
-      - 'enddate=$(date -d "$(openssl x509 -in /opt/so/conf/filebeat/etc/pki/filebeat.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
-{% endif %}
     - timeout: 30
     - retry:
         attempts: 5
@@ -605,10 +559,6 @@ chownfilebeatp8:
     - days_remaining: 0
     - days_valid: 820
     - backup: True
-    - unless:
-      # https://github.com/saltstack/salt/issues/52167
-      # Will trigger 5 days (432000 sec) from cert expiration
-      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/elasticsearch.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
     - timeout: 30
     - retry:
         attempts: 5