Fix yaml for idh,es,kib,esalert

salt/elastalert/defaults.yaml

@@ -3,8 +3,6 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
-{%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
-{%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
 elastalert:
   config:
     rules_folder: /opt/elastalert/rules/
@@ -16,7 +14,6 @@ elastalert:
       minutes: 10
     old_query_limit:
       minutes: 5
-    es_host: {{salt['pillar.get']('global:managerip', '')}}
     es_port: 9200
     es_conn_timeout: 55
     max_query_size: 5000
@@ -26,8 +23,6 @@ elastalert:
     use_ssl: true
     verify_certs: false
     #es_send_get_body_as: GET
-    es_username: "{{ ES_USER }}"
-    es_password: "{{ ES_PASS }}"
     writeback_index: elastalert_status
     alert_time_limit:
       days: 2

salt/elastalert/elastalert_config.map.jinja

@@ -1,4 +1,8 @@
-{% import_yaml 'elastalert/defaults.yaml' as elastalert_defaults with context %}
+{% import_yaml 'elastalert/defaults.yaml' as ELASTALERT with context %}
 {% set elastalert_pillar = salt['pillar.get']('elastalert:config', {}) %}
 
-{% do salt['defaults.merge'](elastalert_defaults.elastalert.config, elastalert_pillar, in_place=True) %}
+{% do salt['defaults.merge'](ELASTALERT.elastalert.config, elastalert_pillar, in_place=True) %}
+
+{% do ELASTALERT.elastalert.config.update({'es_host': pillar.global.managerip}) %}
+{% do ELASTALERT.elastalert.config.update({'es_username': pillar.elasticsearch.auth.users.so_elastic_user.user}) %}
+{% do ELASTALERT.elastalert.config.update({'es_password': pillar.elasticsearch.auth.users.so_elastic_user.pass}) %}