only allow ca.remove state to run if so-setup is running

2025-12-20 16:03:06 +01:00 · 2025-12-17 10:08:00 -05:00
parent c0845e1612
commit 702ba2e0a4
1 changed files with 12 additions and 0 deletions
--- a/salt/ca/remove.sls
+++ b/salt/ca/remove.sls
@@ -3,6 +3,10 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

+{% set setup_running = salt['cmd.retcode']('pgrep -x so-setup') == 0 %}
+
+{% if setup_running%}
+
 include:
  - ssl.remove

@@ -21,3 +25,11 @@ remove_trusttheca:
 remove_pki_public_ca_crt_symlink:
  file.absent:
    - name: /opt/so/saltstack/local/salt/ca/files/ca.crt
+
+{% else %}
+
+so-setup_not_running:
+  test.show_notification:
+    - text: "This state is reserved for usage during so-setup."
+
+{% endif %}