From 7c405ff9d73b47ff91a2497b928772d8c1f94821 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 24 Oct 2024 08:47:52 -0400 Subject: [PATCH] connect --- salt/manager/sync_es_users.sls | 3 ++- salt/manager/tools/sbin/so-user | 2 +- salt/soc/config.sls | 6 ++++++ salt/soc/defaults.yaml | 1 + salt/soc/enabled.sls | 3 ++- 5 files changed, 12 insertions(+), 3 deletions(-) diff --git a/salt/manager/sync_es_users.sls b/salt/manager/sync_es_users.sls index 829eeed14..3aebef993 100644 --- a/salt/manager/sync_es_users.sls +++ b/salt/manager/sync_es_users.sls @@ -16,12 +16,13 @@ sync_es_users: - /opt/so/saltstack/local/salt/elasticsearch/files/users - /opt/so/saltstack/local/salt/elasticsearch/files/users_roles - /opt/so/conf/soc/soc_users_roles - - /opt/so/conf/soc/soc_client_roles + - /opt/so/conf/soc/soc_clients_roles - show_changes: False - require: - docker_container: so-kratos - http: wait_for_kratos - file: so-user.lock # require so-user.lock file to be missing + - file: so-client.lock # require so-client.lock file to be missing # we dont want this added too early in setup, so we add the onlyif to verify 'startup_states: highstate' # is in the minion config. That line is added before the final highstate during setup diff --git a/salt/manager/tools/sbin/so-user b/salt/manager/tools/sbin/so-user index 845e1585e..03855f661 100755 --- a/salt/manager/tools/sbin/so-user +++ b/salt/manager/tools/sbin/so-user @@ -136,7 +136,7 @@ bcryptRounds=${BCRYPT_ROUNDS:-12} elasticUsersFile=${ELASTIC_USERS_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users} elasticRolesFile=${ELASTIC_ROLES_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users_roles} socRolesFile=${SOC_ROLES_FILE:-/opt/so/conf/soc/soc_users_roles} -clientRolesFile=${SOC_ROLES_FILE:-/opt/so/conf/soc/soc_client_roles} +clientRolesFile=${SOC_ROLES_FILE:-/opt/so/conf/soc/soc_clients_roles} esUID=${ELASTIC_UID:-930} esGID=${ELASTIC_GID:-930} soUID=${SOCORE_UID:-939} diff --git a/salt/soc/config.sls b/salt/soc/config.sls index 7607da5ff..5174dd94e 100644 --- a/salt/soc/config.sls +++ b/salt/soc/config.sls @@ -176,6 +176,12 @@ socusersroles: - require: - sls: manager.sync_es_users +socclientsroles: + file.exists: + - name: /opt/so/conf/soc/soc_clients_roles + - require: + - sls: manager.sync_es_users + socuploaddir: file.directory: - name: /nsm/soc/uploads diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index f39a72f89..ae5f83edd 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -1403,6 +1403,7 @@ soc: - rbac/custom_roles userFiles: - rbac/users_roles + - rbac/clients_roles strelkaengine: aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources aiRepoBranch: generated-summaries-published diff --git a/salt/soc/enabled.sls b/salt/soc/enabled.sls index ac89a9763..d1582721d 100644 --- a/salt/soc/enabled.sls +++ b/salt/soc/enabled.sls @@ -44,7 +44,7 @@ so-soc: - /opt/so/conf/soc/custom.js:/opt/sensoroni/html/js/custom.js:ro - /opt/so/conf/soc/custom_roles:/opt/sensoroni/rbac/custom_roles:ro - /opt/so/conf/soc/soc_users_roles:/opt/sensoroni/rbac/users_roles:rw - - /opt/so/conf/soc/soc_client_roles:/opt/sensoroni/rbac/client_roles:rw + - /opt/so/conf/soc/soc_clients_roles:/opt/sensoroni/rbac/clients_roles:rw - /opt/so/conf/soc/queue:/opt/sensoroni/queue:rw - /opt/so/saltstack:/opt/so/saltstack:rw - /opt/so/conf/soc/migrations:/opt/so/conf/soc/migrations:rw @@ -83,6 +83,7 @@ so-soc: - file: soccustom - file: soccustomroles - file: socusersroles + - file: socclientroles delete_so-soc_so-status.disabled: file.uncomment: