From 9b29dff04f782c97ab87d95797c94819256d3cec Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Wed, 29 Jul 2020 11:40:45 -0400
Subject: [PATCH] only generate p8 files if the key used for genetation changes

---
 salt/ssl/init.sls | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index a382a4ed2..82dbb3a7b 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -107,6 +107,8 @@ influxkeyperms:
       - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/filebeat.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
   cmd.run:
     - name: "/usr/bin/openssl pkcs8 -in /etc/pki/filebeat.key -topk8 -out /etc/pki/filebeat.p8 -nocrypt"
+    - onchanges:
+      - x509: /etc/pki/filebeat.key
 
 
 fbperms:
@@ -289,6 +291,8 @@ fbcertdir:
 filebeatpkcs:
   cmd.run:
     - name: "/usr/bin/openssl pkcs8 -in /opt/so/conf/filebeat/etc/pki/filebeat.key -topk8 -out /opt/so/conf/filebeat/etc/pki/filebeat.p8 -passout pass:"
+    - onchanges:
+      - x509: /opt/so/conf/filebeat/etc/pki/filebeat.key
 
 filebeatkeyperms:
   file.managed: