connect

salt/manager/sync_es_users.sls

@@ -16,12 +16,13 @@ sync_es_users:
       - /opt/so/saltstack/local/salt/elasticsearch/files/users
       - /opt/so/saltstack/local/salt/elasticsearch/files/users_roles
       - /opt/so/conf/soc/soc_users_roles
-      - /opt/so/conf/soc/soc_client_roles
+      - /opt/so/conf/soc/soc_clients_roles
     - show_changes: False
     - require:
       - docker_container: so-kratos
       - http: wait_for_kratos
       - file: so-user.lock # require so-user.lock file to be missing
+      - file: so-client.lock # require so-client.lock file to be missing
 
 # we dont want this added too early in setup, so we add the onlyif to verify 'startup_states: highstate'
 # is in the minion config. That line is added before the final highstate during setup

salt/manager/tools/sbin/so-user

@@ -136,7 +136,7 @@ bcryptRounds=${BCRYPT_ROUNDS:-12}
 elasticUsersFile=${ELASTIC_USERS_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users}
 elasticRolesFile=${ELASTIC_ROLES_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users_roles}
 socRolesFile=${SOC_ROLES_FILE:-/opt/so/conf/soc/soc_users_roles}
-clientRolesFile=${SOC_ROLES_FILE:-/opt/so/conf/soc/soc_client_roles}
+clientRolesFile=${SOC_ROLES_FILE:-/opt/so/conf/soc/soc_clients_roles}
 esUID=${ELASTIC_UID:-930}
 esGID=${ELASTIC_GID:-930}
 soUID=${SOCORE_UID:-939}

salt/soc/config.sls

@@ -176,6 +176,12 @@ socusersroles:
     - require:
       - sls: manager.sync_es_users
 
+socclientsroles:
+  file.exists:
+    - name: /opt/so/conf/soc/soc_clients_roles
+    - require:
+      - sls: manager.sync_es_users
+
 socuploaddir:
   file.directory:
     - name: /nsm/soc/uploads

salt/soc/defaults.yaml

@@ -1403,6 +1403,7 @@ soc:
             - rbac/custom_roles
           userFiles:
             - rbac/users_roles
+            - rbac/clients_roles
         strelkaengine:
           aiRepoUrl: https://github.com/Security-Onion-Solutions/securityonion-resources
           aiRepoBranch: generated-summaries-published

salt/soc/enabled.sls

@@ -44,7 +44,7 @@ so-soc:
       - /opt/so/conf/soc/custom.js:/opt/sensoroni/html/js/custom.js:ro
       - /opt/so/conf/soc/custom_roles:/opt/sensoroni/rbac/custom_roles:ro
       - /opt/so/conf/soc/soc_users_roles:/opt/sensoroni/rbac/users_roles:rw
-      - /opt/so/conf/soc/soc_client_roles:/opt/sensoroni/rbac/client_roles:rw
+      - /opt/so/conf/soc/soc_clients_roles:/opt/sensoroni/rbac/clients_roles:rw
       - /opt/so/conf/soc/queue:/opt/sensoroni/queue:rw
       - /opt/so/saltstack:/opt/so/saltstack:rw
       - /opt/so/conf/soc/migrations:/opt/so/conf/soc/migrations:rw
@@ -83,6 +83,7 @@ so-soc:
       - file: soccustom
       - file: soccustomroles
       - file: socusersroles
+      - file: socclientroles
 
 delete_so-soc_so-status.disabled:
   file.uncomment: