From 702ba2e0a4ae276167ebdf5109f5fbae2510c793 Mon Sep 17 00:00:00 2001
From: Josh Patterson <josh.patterson@securityonionsolutions.com>
Date: Wed, 17 Dec 2025 10:08:00 -0500
Subject: [PATCH] only allow ca.remove state to run if so-setup is running

---
 salt/ca/remove.sls | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/salt/ca/remove.sls b/salt/ca/remove.sls
index 7c410a10d..181702b01 100644
--- a/salt/ca/remove.sls
+++ b/salt/ca/remove.sls
@@ -3,6 +3,10 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
+{% set setup_running = salt['cmd.retcode']('pgrep -x so-setup') == 0 %}
+
+{% if setup_running%}
+
 include:
   - ssl.remove
 
@@ -21,3 +25,11 @@ remove_trusttheca:
 remove_pki_public_ca_crt_symlink:
   file.absent:
     - name: /opt/so/saltstack/local/salt/ca/files/ca.crt
+
+{% else %}
+
+so-setup_not_running:
+  test.show_notification:
+    - text: "This state is reserved for usage during so-setup."
+
+{% endif %}