From 4182ff66a0368a181c79e12c145baa7e5e1c68e3 Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Thu, 11 Jul 2024 16:37:16 -0400
Subject: [PATCH] rearrange kafka pillar, declutters SOC ui

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
---
 salt/kafka/config.map.jinja                               | 4 ++--
 salt/kafka/ssl.sls                                        | 2 +-
 salt/kafka/tools/sbin_jinja/so-kafka-trust                | 2 +-
 .../pipelines/config/so/0800_input_kafka.conf.jinja       | 4 ++--
 salt/manager/tools/sbin/soup                              | 8 +++++++-
 setup/so-functions                                        | 5 +++--
 6 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/salt/kafka/config.map.jinja b/salt/kafka/config.map.jinja
index b054e0656..1e43a3ec7 100644
--- a/salt/kafka/config.map.jinja
+++ b/salt/kafka/config.map.jinja
@@ -6,8 +6,8 @@
 {% from 'vars/globals.map.jinja' import GLOBALS %}
 
 {% set KAFKA_NODES_PILLAR = salt['pillar.get']('kafka:nodes') %}
-{% set KAFKA_PASSWORD = salt['pillar.get']('kafka:password') %}
-{% set KAFKA_TRUSTPASS = salt['pillar.get']('kafka:trustpass') %}
+{% set KAFKA_PASSWORD = salt['pillar.get']('kafka:config:password') %}
+{% set KAFKA_TRUSTPASS = salt['pillar.get']('kafka:config:trustpass') %}
 
 {# Create list of KRaft controllers #}
 {% set controllers = [] %}
diff --git a/salt/kafka/ssl.sls b/salt/kafka/ssl.sls
index 50a01b22c..8604d4e7e 100644
--- a/salt/kafka/ssl.sls
+++ b/salt/kafka/ssl.sls
@@ -6,7 +6,7 @@
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls.split('.')[0] in allowed_states %}
 {%   from 'vars/globals.map.jinja' import GLOBALS %}
-{%   set kafka_password = salt['pillar.get']('kafka:password') %}
+{%   set kafka_password = salt['pillar.get']('kafka:config:password') %}
 
 include:
   - ca.dirs
diff --git a/salt/kafka/tools/sbin_jinja/so-kafka-trust b/salt/kafka/tools/sbin_jinja/so-kafka-trust
index 8d404cb9a..55ba9612e 100644
--- a/salt/kafka/tools/sbin_jinja/so-kafka-trust
+++ b/salt/kafka/tools/sbin_jinja/so-kafka-trust
@@ -4,7 +4,7 @@
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
-{% set TRUSTPASS = salt['pillar.get']('kafka:trustpass') %}
+{% set TRUSTPASS = salt['pillar.get']('kafka:config:trustpass') %}
 
 if [ ! -f /opt/so/saltstack/local/salt/kafka/files/kafka-truststore ]; then
     docker run -v /etc/pki/ca.crt:/etc/pki/ca.crt --name so-kafkatrust --user root --entrypoint /opt/java/openjdk/bin/keytool {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-kafka:{{ GLOBALS.so_version }} -import -file /etc/pki/ca.crt -alias SOS -keystore /etc/pki/kafka-truststore -storepass {{ TRUSTPASS }} -storetype jks -noprompt
diff --git a/salt/logstash/pipelines/config/so/0800_input_kafka.conf.jinja b/salt/logstash/pipelines/config/so/0800_input_kafka.conf.jinja
index 00dd6d530..7478375b0 100644
--- a/salt/logstash/pipelines/config/so/0800_input_kafka.conf.jinja
+++ b/salt/logstash/pipelines/config/so/0800_input_kafka.conf.jinja
@@ -1,5 +1,5 @@
-{%- set kafka_password = salt['pillar.get']('kafka:password') %}
-{%- set kafka_trustpass = salt['pillar.get']('kafka:trustpass') %}
+{%- set kafka_password = salt['pillar.get']('kafka:config:password') %}
+{%- set kafka_trustpass = salt['pillar.get']('kafka:config:trustpass') %}
 {%- set kafka_brokers = salt['pillar.get']('kafka:nodes', {}) %}
 {%- set brokers = [] %}
 
diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 019f29ebb..0ace4a5b2 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -674,7 +674,13 @@ up_to_2.4.80() {
 
 up_to_2.4.90() {
   kafkatrust=$(get_random_value)
-  echo '  trustpass: '$kafkatrust >> /opt/so/saltstack/local/pillar/kafka/soc_kafka.sls
+  # rearranging the kafka pillar to reduce clutter in SOC UI
+  kafkasavedpass=$(so-yaml.py get /opt/so/saltstack/local/pillar/kafka/soc_kafka.sls kafka.password)
+  kafkatrimpass=$(echo $kafkasavedpass | awk '{print $1}')
+  so-yaml.py remove /opt/so/saltstack/local/pillar/kafka/soc_kafka.sls kafka.password
+  echo '  config:' >> /opt/so/saltstack/local/pillar/kafka/soc_kafka.sls
+  echo '    password: '$kafkatrimpass >> /opt/so/saltstack/local/pillar/kafka/soc_kafka.sls
+  echo '    trustpass: '$kafkatrust >> /opt/so/saltstack/local/pillar/kafka/soc_kafka.sls
 
 
   INSTALLEDVERSION=2.4.90
diff --git a/setup/so-functions b/setup/so-functions
index aa9eb1909..02467117e 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1187,8 +1187,9 @@ kafka_pillar() {
 	printf '%s\n'\
 		"kafka:"\
 		"  cluster_id: $KAFKACLUSTERID"\
-		"  password: $KAFKAPASS"\
-		"  trustpass: $KAFKATRUST" > $kafka_pillar_file
+		"  config:"\
+		"    password: $KAFKAPASS"\
+		"    trustpass: $KAFKATRUST" > $kafka_pillar_file
 }
 
 logrotate_pillar() {