use global vars in states

salt/soctopus/files/SOCtopus.conf

@@ -1,5 +1,3 @@
-{%- set MANAGER = salt['pillar.get']('global:managerip', '') %}
-{%- set URLBASE = salt['pillar.get']('global:url_base', '') %}
 {%- set HIVEKEY = salt['pillar.get']('global:hivekey', '') %}
 {%- set THEHIVEURL = salt['pillar.get']('global:hiveurl', '') %}
 {%- set CORTEXKEY = salt['pillar.get']('global:cortexorguserkey', '') %}
@@ -8,8 +6,8 @@
 {%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
 
 [es]
-es_url = https://{{MANAGER}}:9200
-es_ip = {{MANAGER}}
+es_url = https://{{ GLOBALS.manager_ip }}:9200
+es_ip = {{ GLOBALS.manager_ip }}
 es_user = {{ ES_USER }}
 es_pass = "{{ ES_PASS }}"
 es_index_pattern = so-*
@@ -65,11 +63,11 @@ slack_url = YOURSLACKWORKSPACE
 slack_webhook = YOURSLACKWEBHOOK
 
 [soc]
-soc_url = http://{{MANAGER}}:9822
+soc_url = http://{{ GLOBALS.manager_ip }}:9822
 
 [playbook]
-playbook_url = http://{{MANAGER}}:3200/playbook
-playbook_ext_url = https://{{URLBASE}}/playbook
+playbook_url = http://{{ GLOBALS.manager_ip }}:3200/playbook
+playbook_ext_url = https://{{ GLOBALS.url_base }}/playbook
 playbook_key = {{ PLAYBOOK_KEY }}
 playbook_verifycert = no
 playbook_unit_test_index = playbook-testing

salt/soctopus/files/templates/es-generic.template

@@ -1,7 +1,5 @@
-{% set ES = salt['pillar.get']('global:managerip', '') %}
-
 alert: modules.so.playbook-es.PlaybookESAlerter
-elasticsearch_host: "{{ ES }}:9200"
+elasticsearch_host: "{{ GLOBALS.manager_ip }}:9200"
 play_title: ""
-play_url: "https://{{ ES }}/playbook/issues/6000"
+play_url: "https://{{ GLOBALS.manager_ip }}/playbook/issues/6000"
 sigma_level: ""

salt/soctopus/files/templates/generic.template

@@ -1,16 +1,14 @@
-{% set es = salt['pillar.get']('global:url_base', '') %}
-
 alert:
 - "modules.so.playbook-es.PlaybookESAlerter"
 
-elasticsearch_host: "{{ es }}:9200"
+elasticsearch_host: "{{ GLOBALS.url_base }}:9200"
 play_title: ""
 play_id: ""
 event.module: "playbook"
 event.dataset: "alert"
 event.severity:
 rule.category: 
-play_url: "https://{{ es }}/playbook/issues/6000"
-kibana_pivot: "https://{{es}}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{[_id]}'),sort:!('@timestamp',desc))"
-soc_pivot: "https://{{es}}/#/hunt"
+play_url: "https://{{ GLOBALS.url_base }}/playbook/issues/6000"
+kibana_pivot: "https://{{ GLOBALS.url_base }}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{[_id]}'),sort:!('@timestamp',desc))"
+soc_pivot: "https://{{ GLOBALS.url_base }}/#/hunt"
 sigma_level: ""

salt/soctopus/files/templates/osquery.template

@@ -1,15 +1,13 @@
-{% set es = salt['pillar.get']('global:url_base', '') %}
-
 alert:
 - "modules.so.playbook-es.PlaybookESAlerter"
  
-elasticsearch_host: "{{ es }}:9200"
+elasticsearch_host: "{{ GLOBALS.url_base }}:9200"
 play_title: ""
 event.module: "playbook"
 event.dataset: "alert"
 event.severity:
 rule.category: 
-play_url: "https://{{ es }}/playbook/issues/6000"
-kibana_pivot: "https://{{es}}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{[_id]}'),sort:!('@timestamp',desc))"
-soc_pivot: "https://{{es}}/#/hunt"
+play_url: "https://{{ GLOBALS.url_base }}/playbook/issues/6000"
+kibana_pivot: "https://{{ GLOBALS.url_base }}/kibana/app/kibana#/discover?_g=()&_a=(columns:!(_source),interval:auto,query:(language:lucene,query:'_id:{[_id]}'),sort:!('@timestamp',desc))"
+soc_pivot: "https://{{ GLOBALS.url_base }}/#/hunt"
 sigma_level: ""

salt/soctopus/init.sls

@@ -1,12 +1,7 @@
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls in allowed_states %}
 
-{% set VERSION = salt['pillar.get']('global:soversion') %}
-{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
-{% set MANAGER = salt['grains.get']('master') %}
-{% set MANAGER_URL = salt['pillar.get']('global:url_base') %}
-{% set MANAGER_IP = salt['pillar.get']('global:managerip') %}
-{% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
+{% from 'vars/globals.map.jinja' import GLOBALS %}
 
 include:
   - nginx
@@ -35,6 +30,8 @@ soctopusconf:
     - mode: 600
     - template: jinja
     - show_changes: False
+    - defaults:
+        GLOBALS: {{ GLOBALS }}
 
 soctopuslogdir:
   file.directory:
@@ -56,10 +53,12 @@ playbookrulessync:
     - user: 939
     - group: 939
     - template: jinja
+    - defaults:
+        GLOBALS: {{ GLOBALS }}
 
 so-soctopus:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soctopus:{{ VERSION }}
+    - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-soctopus:{{ GLOBALS.so_version }}
     - hostname: soctopus
     - name: so-soctopus
     - binds:
@@ -68,13 +67,13 @@ so-soctopus:
       - /opt/so/rules/elastalert/playbook:/etc/playbook-rules:rw
       - /opt/so/conf/navigator/nav_layer_playbook.json:/etc/playbook/nav_layer_playbook.json:rw
       - /opt/so/conf/soctopus/sigma-import/:/SOCtopus/sigma-import/:rw    
-      {% if ISAIRGAP is sameas true %}
+      {% if GLOBALS.airgap %}
       - /nsm/repo/rules/sigma:/soctopus/sigma
       {% endif %}
     - port_bindings:
       - 0.0.0.0:7000:7000
     - extra_hosts:
-      - {{MANAGER_URL}}:{{MANAGER_IP}}
+      - {{GLOBALS.url_base}}:{{GLOBALS.manager_ip}}
     - require:
       - file: soctopusconf
       - file: navigatordefaultlayer