From a95c2a690ad0e3583f35d49a58f6b6e6fa14a661 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 27 Oct 2022 10:54:29 -0400
Subject: [PATCH] add defaults and map for patch state

---
 salt/patch/defaults.yaml          | 82 +++++++++++++++++++++++++++++++
 salt/patch/os/schedule.sls        | 72 ++++++---------------------
 salt/patch/os/schedules/map.jinja |  2 +
 3 files changed, 100 insertions(+), 56 deletions(-)
 create mode 100644 salt/patch/defaults.yaml
 create mode 100644 salt/patch/os/schedules/map.jinja

diff --git a/salt/patch/defaults.yaml b/salt/patch/defaults.yaml
new file mode 100644
index 000000000..41297cee1
--- /dev/null
+++ b/salt/patch/defaults.yaml
@@ -0,0 +1,82 @@
+patch:
+  os:
+    enabled: true
+    schedule_to_run: auto
+    schedules:
+      auto:
+        splay: 900
+        schedule:
+          hours: 8
+      monday:
+        splay: 900
+        schedule:
+          Monday:
+            - '08:00'
+      tuesday:
+        splay: 900
+        schedule:
+          Tuesday:
+            - '08:00'
+      wednesday:
+        splay: 900
+        schedule:
+          Wednesday:
+            - '08:00'
+      thursday:
+        splay: 900
+        schedule:
+          Thursday:
+            - '08:00'
+      friday:
+        splay: 900
+        schedule:
+          Friday:
+            - '08:00'
+      saturday:
+        splay: 900
+        schedule:
+          Saturday:
+            - '08:00'
+      sunday:
+        splay: 900
+        schedule:
+          Sunday:
+            - '08:00'
+      daily:
+        splay: 900
+        schedule:
+          Monday:
+            - '08:00'
+          Tuesday:
+            - '08:00'
+          Wednesday:
+            - '08:00'
+          Thursday:
+            - '08:00'
+          Friday:
+            - '08:00'
+          Saturday:
+            - '08:00'
+          Sunday:
+            - '08:00'
+      weekdays:
+        splay: 900
+        schedule:
+          Monday:
+            - '08:00'
+          Tuesday:
+            - '08:00'
+          Wednesday:
+            - '08:00'
+          Thursday:
+            - '08:00'
+          Friday:
+            - '08:00'
+      weekends:
+        splay: 900
+        schedule:
+          Saturday:
+            - '08:00'
+          Sunday:
+            - '08:00'
+
diff --git a/salt/patch/os/schedule.sls b/salt/patch/os/schedule.sls
index 7e5b3d532..4b43c55f3 100644
--- a/salt/patch/os/schedule.sls
+++ b/salt/patch/os/schedule.sls
@@ -1,76 +1,36 @@
-{% if salt['pillar.get']('patch:os:schedule_name') %}
-    {% set patch_os_pillar = salt['pillar.get']('patch:os') %}
-    {% set schedule_name = patch_os_pillar.schedule_name %}
-    {% set splay = patch_os_pillar.get('splay', 300) %}
+{% from 'patch/os/schedules/map.jinja' import PATCHMERGED %}
 
-    {% if schedule_name != 'manual' and schedule_name != 'auto' %}
-      {% import_yaml "patch/os/schedules/"~schedule_name~".yml" as os_schedule %}
-
-      {% if patch_os_pillar.enabled %}
+{% if PATCHMERGED.os.enabled %}
+  {% set SCHEDULE_TO_RUN = PATCHMERGED.os.schedule_to_run %}
 
 patch_os_schedule:
   schedule.present:
     - function: state.sls
     - job_args:
       - patch.os
+    - splay: {{PATCHMERGED.os.schedules[SCHEDULE_TO_RUN].splay}}
+    - return_job: True
+  {# check if *day is in the schedule #}
+  {% if PATCHMERGED.os.schedules[SCHEDULE_TO_RUN].schedule.keys() | select("match", ".*day") | list | length  > 0 %}
+
     - when:
-        {% for days in os_schedule.patch.os.schedule %}
-          {% for day, times in days.items() %}
-            {% for time in times %}
+        {% for day, times in PATCHMERGED.os.schedules[SCHEDULE_TO_RUN].schedule.items() %}
+          {% for time in times %}
         - {{day}} {{time}}
             {% endfor %}
-          {% endfor %}
         {% endfor %}
-    - splay: {{splay}}
-    - return_job: True
+  {# check if days, hours, minutes is in the schedule #}
+  {% elif PATCHMERGED.os.schedules[SCHEDULE_TO_RUN].schedule.keys() | select("match", "days|hours|minutes") | list | length > 0 %}
+    {% set DHM = PATCHMERGED.os.schedules[SCHEDULE_TO_RUN].schedule.keys() | first %}
 
-      {% else %}
+    - {{DHM}}: {{ PATCHMERGED.os.schedules[SCHEDULE_TO_RUN].schedule[DHM] }}
 
-disable_patch_os_schedule:
-  schedule.disabled:
-    - name: patch_os_schedule
+  {% endif %}
 
-      {% endif %}
-
-
-    {% elif schedule_name == 'auto' %}
-
-      {% if patch_os_pillar.enabled %}
-
-patch_os_schedule:
-  schedule.present:
-    - function: state.sls
-    - job_args:
-      - patch.os
-    - hours: {{ patch_os_pillar.get('hours', 8) }} 
-    - splay: {{splay}}
-    - return_job: True
-
-      {% else %}
-
-disable_patch_os_schedule:
-  schedule.disabled:
-    - name: patch_os_schedule
-
-      {% endif %}
-
-    {% elif schedule_name == 'manual' %}
+{% else %}
 
 remove_patch_os_schedule:
   schedule.absent:
     - name: patch_os_schedule
 
-    {% endif %}
-
-{% else %}
-
-no_patch_os_schedule_name_set:
-  test.fail_without_changes:
-    - name: "Set a pillar value for patch:os:schedule_name in this minion's .sls file. If an OS patch schedule is not listed as enabled in show_schedule output below, then OS patches will need to be applied manually until this is corrected."
-
-show_patch_os_schedule:
-  module.run:
-    - schedule.is_enabled:
-      - name: patch_os_schedule
-
 {% endif %}
diff --git a/salt/patch/os/schedules/map.jinja b/salt/patch/os/schedules/map.jinja
new file mode 100644
index 000000000..1329015ce
--- /dev/null
+++ b/salt/patch/os/schedules/map.jinja
@@ -0,0 +1,2 @@
+{% import_yaml 'patch/defaults.yaml' as PATCHDEFAULTS %}
+{% set PATCHMERGED = salt['pillar.get']('patch', PATCHDEFAULTS.patch, merge=true) %}