From 9d6fb98e3b1f42f676c9b82dcbd9e5aac4da0c8b Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 9 May 2023 11:13:57 -0400
Subject: [PATCH] move cacertz and capemz to ca state

---
 salt/ca/init.sls              | 16 ++++++++++++++++
 salt/elasticsearch/config.sls | 14 --------------
 2 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/salt/ca/init.sls b/salt/ca/init.sls
index 4c7973cd0..88c32e12a 100644
--- a/salt/ca/init.sls
+++ b/salt/ca/init.sls
@@ -58,6 +58,22 @@ cakeyperms:
     - mode: 640
     - group: 939
 
+{%   if grains.role in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %}
+cacertz:
+  file.managed:
+    - name: /opt/so/conf/ca/cacerts
+    - source: salt://common/cacerts
+    - user: 939
+    - group: 939
+
+capemz:
+  file.managed:
+    - name: /opt/so/conf/ca/tls-ca-bundle.pem
+    - source: salt://common/tls-ca-bundle.pem
+    - user: 939
+    - group: 939
+{%   endif %}
+
 {% else %}
 
 {{sls}}_state_not_allowed:
diff --git a/salt/elasticsearch/config.sls b/salt/elasticsearch/config.sls
index 255d09376..dcd0283c0 100644
--- a/salt/elasticsearch/config.sls
+++ b/salt/elasticsearch/config.sls
@@ -107,20 +107,6 @@ catrustdir:
     - group: 939
     - makedirs: True
 
-cacertz:
-  file.managed:
-    - name: /opt/so/conf/ca/cacerts
-    - source: salt://common/cacerts
-    - user: 939
-    - group: 939
-
-capemz:
-  file.managed:
-    - name: /opt/so/conf/ca/tls-ca-bundle.pem
-    - source: salt://common/tls-ca-bundle.pem
-    - user: 939
-    - group: 939
-
 esingestdir:
   file.directory:
     - name: /opt/so/conf/elasticsearch/ingest