Fixin kafka.ssl state and include name for kafka_user

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
2025-12-21 08:23:08 +01:00 · 2024-07-10 16:18:46 -04:00
parent cfe5c1d76a
commit 4a88dedcb8
2 changed files with 14 additions and 8 deletions
--- a/salt/kafka/config.sls
+++ b/salt/kafka/config.sls
@@ -14,6 +14,7 @@ kafka_group:

 kafka_user:
  user.present:
+    - name: kafka
    - uid: 960
    - gid: 960
    - home: /opt/so/conf/kafka
--- a/salt/kafka/ssl.sls
+++ b/salt/kafka/ssl.sls
@@ -4,9 +4,8 @@
 # Elastic License 2.0.

 {% from 'allowed_states.map.jinja' import allowed_states %}
-{% if sls in allowed_states %}
+{% if sls.split('.')[0] in allowed_states %}
 {%   from 'vars/globals.map.jinja' import GLOBALS %}
-
 {%   set kafka_password = salt['pillar.get']('kafka:password') %}

 include:
@@ -20,10 +19,9 @@ include:
    {% endfor %}
    {% set ca_server = global_ca_server[0] %}

-
 {% if GLOBALS.pipeline == "KAFKA" %}

-{%   if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] %}
+{%   if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone'] %}
 kafka_client_key:
  x509.private_key_managed:
    - name: /etc/pki/kafka-client.key
@@ -71,7 +69,7 @@ kafka_client_crt_perms:
    - group: 939
 {%   endif %}

-{%   if grains['role'] in ['so-manager', 'so-managersearch','so-receiver', 'so-standalone'] %}
+{%   if GLOBALS.role in ['so-manager', 'so-managersearch','so-receiver', 'so-standalone'] %}
 kafka_key:
  x509.private_key_managed:
    - name: /etc/pki/kafka.key
@@ -132,7 +130,7 @@ kafka_pkcs12_perms:

 # Standalone needs kafka-logstash for automated testing. Searchnode/manager search need it for logstash to consume from Kafka.
 # Manager will have cert, but be unused until a pipeline is created and logstash enabled.
-{%   if grains['role'] in ['so-standalone', 'so-managersearch', 'so-searchnode', 'so-manager'] %}
+{%   if GLOBALS.role in ['so-standalone', 'so-managersearch', 'so-searchnode', 'so-manager'] %}
 kafka_logstash_key:
  x509.private_key_managed:
    - name: /etc/pki/kafka-logstash.key
@@ -192,5 +190,12 @@ kafka_logstash_pkcs12_perms:
    - group: 939

 {%   endif %}
+{% endif %}
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+  test.fail_without_changes:
+    - name: {{sls}}_state_not_allowed

 {% endif %}