From 2a5b4ef2762a7e4a2b669f7ae4bdb837008f5908 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 28 Dec 2021 15:19:06 -0500
Subject: [PATCH] add mine function to signing_policies.conf. no longer need to
 check if mine in ca during manager install

---
 salt/ca/files/signing_policies.conf | 3 +++
 setup/so-functions                  | 8 --------
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/salt/ca/files/signing_policies.conf b/salt/ca/files/signing_policies.conf
index b25a9935b..1e05be006 100644
--- a/salt/ca/files/signing_policies.conf
+++ b/salt/ca/files/signing_policies.conf
@@ -1,3 +1,6 @@
+mine_functions:
+  x509.get_pem_entries: [/etc/pki/ca.crt]
+
 x509_signing_policies:
   filebeat:
     - minions: '*'
diff --git a/setup/so-functions b/setup/so-functions
index a5383d9b4..7568bca28 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1438,14 +1438,6 @@ generate_ca() {
 
 		echo " Confirming existence of the CA certificate"
 		openssl x509 -in /etc/pki/ca.crt -noout -subject -issuer -dates
-
-		echo "Confirming salt mine now contains the certificate";
-		salt-call mine.get "$MINION_ID" x509.get_pem_entries | grep -E 'BEGIN CERTIFICATE|END CERTIFICATE';
-		if [ $? -eq 0 ]; then
-			echo "CA in mine"
-		else
-			echo "CA not in mine"
-		fi
 	} >> "$setup_log" 2>&1
 }