From ccd6b3914cda395999a0fc3819b9ed0cd0ef569d Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 6 Jun 2024 10:33:55 -0400
Subject: [PATCH 1/8] add final msg queue for soup.

---
 salt/manager/tools/sbin/soup | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 02c01920d..258c09ed6 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -19,6 +19,9 @@ SOUP_LOG=/root/soup.log
 WHATWOULDYOUSAYYAHDOHERE=soup
 whiptail_title='Security Onion UPdater'
 NOTIFYCUSTOMELASTICCONFIG=false
+# used to display messages to the user at the end of soup
+declare -a FINAL_MESSAGE_QUEUE=()
+
 
 check_err() {
   local exit_code=$1
@@ -344,6 +347,22 @@ masterunlock() {
   mv -v $BACKUPTOPFILE $TOPFILE
 }
 
+phases_pillar_2_4_80() {
+  echo "Checking if pillar value: elasticsearch.index_settings.global_overrides.index_template.phases exists"
+
+  #so-yaml.py remove /opt/so/saltstack/local/pillar/elasticsearch/soc_elasticsearch.sls elasticsearch.index_settings.global_overrides.index_template.phases
+  #if so-yaml removed stuff add this message to the FINAL_MESSAGE_QUEUE
+  read -r -d '' msg << EOM
+  Found elasticsearch.index_settings.global_overrides.index_template.phases set to:
+  so-yaml removed stuff here
+  A backup of all pillars was saved to /nsm/backup/
+  Removed unused pillar value: elasticsearch.index_settings.global_overrides.index_template.phases
+  If you want to set policies, navigate to the SOC Grid Configuration UI at elasticsearch.index_settings.global_overrides.policy.phases"
+  EOM
+
+  FINAL_MESSAGE_QUEUE+=("$msg")
+}
+
 preupgrade_changes() {
     # This function is to add any new pillar items if needed.
     echo "Checking to see if changes are needed."
@@ -603,7 +622,7 @@ up_to_2.4.70() {
 }
 
 up_to_2.4.80() {
-  echo "Nothing to do for 2.4.80"
+  phases_pillar_2_4_80
   INSTALLEDVERSION=2.4.80
 }
 
@@ -1267,6 +1286,14 @@ EOF
 
   fi
 
+# check if the FINAL_MESSAGE_QUEUE is not empty
+if (( ${#FINAL_MESSAGE_QUEUE[@]} != 0 )); then
+  for m in "${FINAL_MESSAGE_QUEUE[@]}"; do
+    echo "$m"
+    echo
+  done
+fi
+
   echo "### soup has been served at $(date) ###"
 }
 

From 6920b77b4a3425fd3eb8f6a5316d702d5f6cbf1f Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 6 Jun 2024 11:00:43 -0400
Subject: [PATCH 2/8] fix msg

---
 salt/manager/tools/sbin/soup | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 258c09ed6..c510e832b 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -352,13 +352,13 @@ phases_pillar_2_4_80() {
 
   #so-yaml.py remove /opt/so/saltstack/local/pillar/elasticsearch/soc_elasticsearch.sls elasticsearch.index_settings.global_overrides.index_template.phases
   #if so-yaml removed stuff add this message to the FINAL_MESSAGE_QUEUE
-  read -r -d '' msg << EOM
+  read -r -d '' msg << EOF
   Found elasticsearch.index_settings.global_overrides.index_template.phases set to:
   so-yaml removed stuff here
   A backup of all pillars was saved to /nsm/backup/
   Removed unused pillar value: elasticsearch.index_settings.global_overrides.index_template.phases
-  If you want to set policies, navigate to the SOC Grid Configuration UI at elasticsearch.index_settings.global_overrides.policy.phases"
-  EOM
+  If you want to set policies, navigate to the SOC Grid Configuration UI at elasticsearch.index_settings.global_overrides.policy.phases
+EOF
 
   FINAL_MESSAGE_QUEUE+=("$msg")
 }

From a39c88c7b4c678aad35edd9c2c3e1fcff76a1dc4 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 6 Jun 2024 12:56:24 -0400
Subject: [PATCH 3/8] add set to troubleshoot failure

---
 salt/manager/tools/sbin/soup | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index c510e832b..c09db0626 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -350,6 +350,7 @@ masterunlock() {
 phases_pillar_2_4_80() {
   echo "Checking if pillar value: elasticsearch.index_settings.global_overrides.index_template.phases exists"
 
+  set +e
   #so-yaml.py remove /opt/so/saltstack/local/pillar/elasticsearch/soc_elasticsearch.sls elasticsearch.index_settings.global_overrides.index_template.phases
   #if so-yaml removed stuff add this message to the FINAL_MESSAGE_QUEUE
   read -r -d '' msg << EOF
@@ -361,6 +362,7 @@ phases_pillar_2_4_80() {
 EOF
 
   FINAL_MESSAGE_QUEUE+=("$msg")
+  set -e
 }
 
 preupgrade_changes() {

From d3b81babec949fc9631de3be24768ec1971389ea Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 6 Jun 2024 16:15:21 -0400
Subject: [PATCH 4/8] check for phases with so-yaml, remove if exists

---
 salt/manager/tools/sbin/soup | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index c09db0626..1850c2b9b 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -349,20 +349,24 @@ masterunlock() {
 
 phases_pillar_2_4_80() {
   echo "Checking if pillar value: elasticsearch.index_settings.global_overrides.index_template.phases exists"
-
-  set +e
-  #so-yaml.py remove /opt/so/saltstack/local/pillar/elasticsearch/soc_elasticsearch.sls elasticsearch.index_settings.global_overrides.index_template.phases
-  #if so-yaml removed stuff add this message to the FINAL_MESSAGE_QUEUE
-  read -r -d '' msg << EOF
-  Found elasticsearch.index_settings.global_overrides.index_template.phases set to:
-  so-yaml removed stuff here
-  A backup of all pillars was saved to /nsm/backup/
-  Removed unused pillar value: elasticsearch.index_settings.global_overrides.index_template.phases
-  If you want to set policies, navigate to the SOC Grid Configuration UI at elasticsearch.index_settings.global_overrides.policy.phases
+  PHASES=$(so-yaml.py get /opt/so/saltstack/local/pillar/elasticsearch/soc_elasticsearch.sls elasticsearch.index_settings.global_overrides.index_template.phases)
+  case $? in
+    0)
+    so-yaml.py remove /opt/so/saltstack/local/pillar/elasticsearch/soc_elasticsearch.sls elasticsearch.index_settings.global_overrides.index_template.phases
+    set +e
+    read -r -d '' msg << EOF
+    Found elasticsearch.index_settings.global_overrides.index_template.phases was set to:
+    ${PHASES}
+    Removed unused pillar value: elasticsearch.index_settings.global_overrides.index_template.phases
+    If you want to set policies, navigate to the SOC Grid Configuration UI at elasticsearch.index_settings.global_overrides.policy.phases
+    A backup of all pillars was saved to /nsm/backup/
 EOF
-
-  FINAL_MESSAGE_QUEUE+=("$msg")
-  set -e
+    FINAL_MESSAGE_QUEUE+=("$msg")
+    set -e
+    ;;
+    2) echo "Pillar elasticsearch.index_settings.global_overrides.index_template.phases does not exist. No action taken." ;;
+    *) echo "so-yaml.py returned something other than 0 or 2 exit code" ;; # we shouldn't see this
+  esac
 }
 
 preupgrade_changes() {

From d39c8fae54abfb4625a0de35de2d4ee3b0d7ac83 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Fri, 7 Jun 2024 09:01:16 -0400
Subject: [PATCH 5/8] format output

---
 salt/manager/tools/sbin/soup | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 1850c2b9b..81a7545d7 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -354,12 +354,13 @@ phases_pillar_2_4_80() {
     0)
     so-yaml.py remove /opt/so/saltstack/local/pillar/elasticsearch/soc_elasticsearch.sls elasticsearch.index_settings.global_overrides.index_template.phases
     set +e
-    read -r -d '' msg << EOF
-    Found elasticsearch.index_settings.global_overrides.index_template.phases was set to:
-    ${PHASES}
-    Removed unused pillar value: elasticsearch.index_settings.global_overrides.index_template.phases
-    If you want to set policies, navigate to the SOC Grid Configuration UI at elasticsearch.index_settings.global_overrides.policy.phases
-    A backup of all pillars was saved to /nsm/backup/
+    read -r -d '' msg <<- EOF
+        Found elasticsearch.index_settings.global_overrides.index_template.phases was set to:
+        ${PHASES}
+
+        Removed unused pillar value: elasticsearch.index_settings.global_overrides.index_template.phases
+        To set policies, navigate to the SOC Grid Configuration UI at elasticsearch.index_settings.global_overrides.policy.phases
+        A backup of all pillar files was saved to /nsm/backup/
 EOF
     FINAL_MESSAGE_QUEUE+=("$msg")
     set -e

From f5cc35509b48bbb944b4922a94105193c89e545e Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Fri, 7 Jun 2024 11:03:26 -0400
Subject: [PATCH 6/8] fix output alignment

---
 salt/manager/tools/sbin/soup | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 81a7545d7..0ab8d9d46 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -355,12 +355,12 @@ phases_pillar_2_4_80() {
     so-yaml.py remove /opt/so/saltstack/local/pillar/elasticsearch/soc_elasticsearch.sls elasticsearch.index_settings.global_overrides.index_template.phases
     set +e
     read -r -d '' msg <<- EOF
-        Found elasticsearch.index_settings.global_overrides.index_template.phases was set to:
-        ${PHASES}
+Found elasticsearch.index_settings.global_overrides.index_template.phases was set to:
+${PHASES}
 
-        Removed unused pillar value: elasticsearch.index_settings.global_overrides.index_template.phases
-        To set policies, navigate to the SOC Grid Configuration UI at elasticsearch.index_settings.global_overrides.policy.phases
-        A backup of all pillar files was saved to /nsm/backup/
+Removed unused pillar value: elasticsearch.index_settings.global_overrides.index_template.phases
+To set policies, navigate to the SOC Grid Configuration UI at elasticsearch.index_settings.global_overrides.policy.phases
+A backup of all pillar files was saved to /nsm/backup/
 EOF
     FINAL_MESSAGE_QUEUE+=("$msg")
     set -e

From 0139e1827113b3ef81a20487409145116fdd46f6 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Fri, 7 Jun 2024 16:03:21 -0400
Subject: [PATCH 7/8] additional description

---
 salt/manager/tools/sbin/soup | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 0ab8d9d46..6adb39f2f 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -1295,6 +1295,7 @@ EOF
 
 # check if the FINAL_MESSAGE_QUEUE is not empty
 if (( ${#FINAL_MESSAGE_QUEUE[@]} != 0 )); then
+echo "The following additional information specifically applies to your grid:\n"
   for m in "${FINAL_MESSAGE_QUEUE[@]}"; do
     echo "$m"
     echo

From f2f688b9b8b1e5eb1467eb140efbba6df590d87e Mon Sep 17 00:00:00 2001
From: Jason Ertel <jertel@users.noreply.github.com>
Date: Fri, 7 Jun 2024 16:18:09 -0400
Subject: [PATCH 8/8] Update soup

---
 salt/manager/tools/sbin/soup | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 6adb39f2f..0d52e5c16 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -1295,7 +1295,7 @@ EOF
 
 # check if the FINAL_MESSAGE_QUEUE is not empty
 if (( ${#FINAL_MESSAGE_QUEUE[@]} != 0 )); then
-echo "The following additional information specifically applies to your grid:\n"
+  echo "The following additional information applies specifically to your grid:\n"
   for m in "${FINAL_MESSAGE_QUEUE[@]}"; do
     echo "$m"
     echo