From 5f2ec76ba8a7c163e905a07aaa23b23a9221dbba Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Thu, 23 Apr 2026 09:50:45 -0500
Subject: [PATCH] prevent fleetnode from being able to run elasticfleet.manager
 state manually

---
 salt/allowed_states.map.jinja | 1 +
 salt/elasticfleet/manager.sls | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja
index 1fac0f0e3..ad9b28b28 100644
--- a/salt/allowed_states.map.jinja
+++ b/salt/allowed_states.map.jinja
@@ -33,6 +33,7 @@
     'kratos',
     'hydra',
     'elasticfleet',
+    'elasticfleet.manager',
     'elastic-fleet-package-registry',
     'utility'
 ] %}
diff --git a/salt/elasticfleet/manager.sls b/salt/elasticfleet/manager.sls
index 9fbbff3bc..00fead9cf 100644
--- a/salt/elasticfleet/manager.sls
+++ b/salt/elasticfleet/manager.sls
@@ -4,7 +4,7 @@
 # Elastic License 2.0.
 
 {% from 'allowed_states.map.jinja' import allowed_states %}
-{% if sls.split('.')[0] in allowed_states %}
+{% if sls in allowed_states %}
 {%   from 'elasticfleet/map.jinja' import ELASTICFLEETMERGED %}
 
 include: