From 529844eb36398d2a93476bfc04b7879e5059b5b8 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 3 Sep 2024 12:36:03 -0400
Subject: [PATCH] update so-image-common to use es version for es containers

---
 salt/common/tools/sbin/so-common       | 30 ++++++++++++++++++++++++++
 salt/common/tools/sbin/so-image-common | 21 +++++++++++++++++-
 2 files changed, 50 insertions(+), 1 deletion(-)

diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common
index 0be5693ed..5b787e8f5 100755
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -168,6 +168,36 @@ check_salt_minion_status() {
 	return $status
 }
 
+# compare es versions and return the highest version
+compare_es_versions() {
+    # Save the original IFS
+    local OLD_IFS="$IFS"
+
+    IFS=.
+    local i ver1=($1) ver2=($2)
+
+    # Restore the original IFS
+    IFS="$OLD_IFS"
+
+    # Compare each segment of the versions
+    for ((i=0; i<${#ver1[@]}; i++)); do
+        if [[ -z ${ver2[i]} ]]; then
+            ver2[i]=0
+        fi
+        if ((10#${ver1[i]} > 10#${ver2[i]})); then
+            echo "$1"
+            return 0
+        fi
+        if ((10#${ver1[i]} < 10#${ver2[i]})); then
+            echo "$2"
+            return 0
+        fi
+    done
+
+    echo "$1"  # If versions are equal, return either
+    return 0
+}
+
 copy_new_files() {
   # Copy new files over to the salt dir
   cd $UPDATE_DIR
diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common
index 03051cb5f..6846c3e00 100755
--- a/salt/common/tools/sbin/so-image-common
+++ b/salt/common/tools/sbin/so-image-common
@@ -112,6 +112,9 @@ update_docker_containers() {
     container_list
   fi
 
+  # all the containers using ELASTICSEARCHDEFAULTS.elasticsearch.version
+  local CONTAINERS_USING_ES_VERSION=("so-elastic-fleet-package-registry","so-elastic-agent","so-kibana","so-logstash","so-elasticsearch")
+
   rm -rf $SIGNPATH >> "$LOG_FILE" 2>&1 
   mkdir -p $SIGNPATH >> "$LOG_FILE" 2>&1 
 
@@ -139,8 +142,24 @@ update_docker_containers() {
       $PROGRESS_CALLBACK $i
     fi
 
+    # use version defined in elasticsearch defaults.yaml if an es container
+    if [[ ${CONTAINERS_USING_ES_VERSION[*]} =~ (^|[[:space:]])"$i"($|[[:space:]]) ]]; then
+      local UPDATE_DIR='/tmp/sogh/securityonion'
+      local v1=0
+      local v2=0
+      if [[ -f "$UPDATE_DIR/salt/elasticsearch.defaults.yaml" ]]; then
+        v1=$(egrep " +version: " "$UPDATE_DIR/salt/elasticsearch.defaults.yaml" | awk -F: {'print $2'} | tr -d '[:space:]')
+      fi
+      if [[ -f "$DEFAULT_SALT_DIR/salt/elasticsearch.defaults.yaml"]]; then
+        v2=$(egrep " +version: " "$DEFAULT_SALT_DIR/salt/elasticsearch.defaults.yaml" | awk -F: {'print $2'} | tr -d '[:space:]')
+      fi
+      local highest_es_version=$(compare_es_versions "$v1" "$v2")
+      local image=$i:$highest_es_version$IMAGE_TAG_SUFFIX
+    # use the so version for the version
+    else
+      local image=$i:$VERSION$IMAGE_TAG_SUFFIX
+    fi
     # Pull down the trusted docker image
-    local image=$i:$VERSION$IMAGE_TAG_SUFFIX
     run_check_net_err \
     "docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$image" \
     "Could not pull $image, please ensure connectivity to $CONTAINER_REGISTRY" >> "$LOG_FILE" 2>&1