From 4afc986f484789214fd923a9b633c3f06e218f2c Mon Sep 17 00:00:00 2001
From: Josh Patterson <josh.patterson@securityonionsolutions.com>
Date: Fri, 5 Sep 2025 13:14:47 -0400
Subject: [PATCH] firewall and logstash pipeline for managerhype

---
 salt/firewall/defaults.yaml | 16 ++++++++++++++++
 salt/firewall/map.jinja     | 10 +++++-----
 salt/logstash/map.jinja     |  4 ++--
 3 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/salt/firewall/defaults.yaml b/salt/firewall/defaults.yaml
index 0c43b8c0b..a11492e88 100644
--- a/salt/firewall/defaults.yaml
+++ b/salt/firewall/defaults.yaml
@@ -1230,6 +1230,10 @@ firewall:
               portgroups:
                 - elasticsearch_node
                 - elasticsearch_rest
+            managerhype:
+              portgroups:
+                - elasticsearch_node
+                - elasticsearch_rest
             standalone:
               portgroups:
                 - elasticsearch_node
@@ -1377,6 +1381,10 @@ firewall:
               portgroups:
                 - elasticsearch_node
                 - elasticsearch_rest
+            managerhype:
+              portgroups:
+                - elasticsearch_node
+                - elasticsearch_rest
             standalone:
               portgroups:
                 - elasticsearch_node
@@ -1579,6 +1587,9 @@ firewall:
               portgroups:
                 - redis
                 - elastic_agent_data
+            managerhype:
+              portgroups:
+                - elastic_agent_data
             self:
               portgroups:
                 - redis
@@ -1696,6 +1707,9 @@ firewall:
             managersearch:
               portgroups:
                 - openssh
+            managerhype:
+              portgroups:
+                - openssh
             standalone:
               portgroups:
                 - openssh
@@ -1758,6 +1772,8 @@ firewall:
               portgroups: []
             managersearch:
               portgroups: []
+            managerhype:
+              portgroups: []
             standalone:
               portgroups: []
             customhostgroup0:
diff --git a/salt/firewall/map.jinja b/salt/firewall/map.jinja
index 4347d2b31..8bd0512ec 100644
--- a/salt/firewall/map.jinja
+++ b/salt/firewall/map.jinja
@@ -25,7 +25,7 @@
 {%   set KAFKA_EXTERNAL_ACCESS = salt['pillar.get']('kafka:config:external_access:enabled', default=False) %}
 {%   set kafka_node_type = salt['pillar.get']('kafka:nodes:'+ GLOBALS.hostname + ':role') %}
 
-{%   if role in ['manager', 'managersearch', 'standalone'] %}
+{%   if role.startswith('manager') or role == 'standalone' %}
 {%     do FIREWALL_DEFAULT.firewall.role[role].chain["DOCKER-USER"].hostgroups[role].portgroups.append('kafka_controller') %}
 {%     do FIREWALL_DEFAULT.firewall.role[role].chain["DOCKER-USER"].hostgroups.receiver.portgroups.append('kafka_controller') %}
 {%   endif %}
@@ -38,8 +38,8 @@
 {%     do FIREWALL_DEFAULT.firewall.role[role].chain["DOCKER-USER"].hostgroups.receiver.portgroups.append('kafka_controller') %}
 {%   endif %}
 
-{%   if role in ['manager', 'managersearch', 'standalone', 'receiver'] %}
-{%     for r in ['manager', 'managersearch', 'standalone', 'receiver', 'fleet', 'idh', 'sensor', 'searchnode','heavynode', 'elastic_agent_endpoint', 'desktop'] %}
+{%   if role.startswith('manager') or role in ['standalone', 'receiver'] %}
+{%     for r in ['manager', 'managersearch', 'managerhype', 'standalone', 'receiver', 'fleet', 'idh', 'sensor', 'searchnode','heavynode', 'elastic_agent_endpoint', 'desktop'] %}
 {%       if FIREWALL_DEFAULT.firewall.role[role].chain["DOCKER-USER"].hostgroups[r] is defined %}
 {%         do FIREWALL_DEFAULT.firewall.role[role].chain["DOCKER-USER"].hostgroups[r].portgroups.append('kafka_data') %}
 {%       endif %}
@@ -48,11 +48,11 @@
 
 {%   if KAFKA_EXTERNAL_ACCESS %}
 {#     Kafka external access only applies for Kafka nodes with the broker role. #}
-{%     if role in ['manager', 'managersearch', 'standalone', 'receiver'] and 'broker' in kafka_node_type %}
+{%     if role.startswith('manager') or role in ['standalone', 'receiver'] and 'broker' in kafka_node_type %}
 {%       do FIREWALL_DEFAULT.firewall.role[role].chain["DOCKER-USER"].hostgroups.external_kafka.portgroups.append('kafka_external_access') %}
 {%     endif %}
 {%   endif %}
 
 {% endif %}
 
-{% set FIREWALL_MERGED = salt['pillar.get']('firewall', FIREWALL_DEFAULT.firewall, merge=True) %}
\ No newline at end of file
+{% set FIREWALL_MERGED = salt['pillar.get']('firewall', FIREWALL_DEFAULT.firewall, merge=True) %}
diff --git a/salt/logstash/map.jinja b/salt/logstash/map.jinja
index 95ec6b85d..5aad1daa9 100644
--- a/salt/logstash/map.jinja
+++ b/salt/logstash/map.jinja
@@ -17,7 +17,7 @@
 
 {% for node_type, node_details in redis_node_data.items() | sort %}
 {%   if GLOBALS.role in ['so-searchnode', 'so-standalone', 'so-managersearch', 'so-fleet'] %}
-{%     if node_type in ['manager', 'managersearch', 'standalone', 'receiver' ] %}
+{%     if node_type.startswith('manager') or node_type in ['standalone', 'receiver'] %}
 {%       for hostname in redis_node_data[node_type].keys() %}
 {%         do LOGSTASH_REDIS_NODES.append({hostname:node_details[hostname].ip}) %}
 {%       endfor %}
@@ -47,7 +47,7 @@
 {%   endif %}
 {# Disable logstash on manager & receiver nodes unless it has an override configured #}
 {%   if not KAFKA_LOGSTASH %}
-{%     if GLOBALS.role in ['so-manager', 'so-receiver'] and GLOBALS.hostname not in KAFKA_LOGSTASH %}
+{%     if GLOBALS.role in ['so-manager', 'so-managerhype', 'so-receiver'] and GLOBALS.hostname not in KAFKA_LOGSTASH %}
 {%       do LOGSTASH_MERGED.update({'enabled': False}) %}
 {%     endif %}
 {%   endif %}