account for salt 3004 adding new chars to random.get_str

2025-12-06 09:12:45 +01:00 · 2022-01-14 17:23:29 -05:00
parent 02ce5c3236
commit a46a740170
2 changed files with 15 additions and 16 deletions
--- a/salt/ca/init.sls
+++ b/salt/ca/init.sls
@@ -45,12 +45,6 @@ pki_public_ca_crt:
        attempts: 5
        interval: 30

-x509_pem_entries:
-  module.run:
-    - mine.send:
-       - name: x509.get_pem_entries
-       - glob_path: /etc/pki/ca.crt
-
 cakeyperms:
  file.managed:
    - replace: False
--- a/salt/elasticsearch/auth.sls
+++ b/salt/elasticsearch/auth.sls
@@ -1,11 +1,16 @@
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls in allowed_states %}

-  {% set so_elastic_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', salt['random.get_str'](72)) %}
-  {% set so_kibana_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:pass', salt['random.get_str'](72)) %}
-  {% set so_logstash_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass', salt['random.get_str'](72)) %}
-  {% set so_beats_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_beats_user:pass', salt['random.get_str'](72)) %}
-  {% set so_monitor_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_monitor_user:pass', salt['random.get_str'](72)) %}
+  {% set DIGITS = "1234567890" %}
+  {% set LOWERCASE = "qwertyuiopasdfghjklzxcvbnm" %}
+  {% set UPPERCASE = "QWERTYUIOPASDFGHJKLZXCVBNM" %}
+  {% set SYMBOLS = "~!@#$%^&*()-_=+[]|;:,.<>?" %}
+  {% set CHARS = DIGITS~LOWERCASE~UPPERCASE~SYMBOLS %}
+  {% set so_elastic_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', salt['random.get_str'](72, chars=CHARS)) %}
+  {% set so_kibana_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_kibana_user:pass', salt['random.get_str'](72, chars=CHARS)) %}
+  {% set so_logstash_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_logstash_user:pass', salt['random.get_str'](72, chars=CHARS)) %}
+  {% set so_beats_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_beats_user:pass', salt['random.get_str'](72, chars=CHARS)) %}
+  {% set so_monitor_user_pass = salt['pillar.get']('elasticsearch:auth:users:so_monitor_user:pass', salt['random.get_str'](72, chars=CHARS)) %}
  {% set auth_enabled = salt['pillar.get']('elasticsearch:auth:enabled', False) %}

 elastic_auth_pillar:
@@ -20,19 +25,19 @@ elastic_auth_pillar:
            users:
              so_elastic_user:
                user: so_elastic
-                pass: {{ so_elastic_user_pass }}
+                pass: "{{ so_elastic_user_pass }}"
              so_kibana_user:
                user: so_kibana
-                pass: {{ so_kibana_user_pass }}
+                pass: "{{ so_kibana_user_pass }}"
              so_logstash_user:
                user: so_logstash
-                pass: {{ so_logstash_user_pass }}
+                pass: "{{ so_logstash_user_pass }}"
              so_beats_user:
                user: so_beats
-                pass: {{ so_beats_user_pass }}
+                pass: "{{ so_beats_user_pass }}"
              so_monitor_user:
                user: so_monitor
-                pass: {{ so_monitor_user_pass }}
+                pass: "{{ so_monitor_user_pass }}"
    - show_changes: False
 {% else %}