Move Elastic Fleet logic in so-common to so-elastic-fleet-common

2025-12-06 09:12:45 +01:00 · 2023-05-30 18:43:56 +00:00
parent e5117a343d
commit b6e090f29f
14 changed files with 92 additions and 13 deletions
--- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-delete
+++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-delete
@@ -4,7 +4,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-. /usr/sbin/so-common
+. /usr/sbin/so-elastic-fleet-common

 POLICY_ID=$1

--- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-list
+++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-list
@@ -4,7 +4,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-. /usr/sbin/so-common
+. /usr/sbin/so-elastic-fleet-common

 # Let's snag a cookie from Kibana
 SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
--- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-view
+++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-agent-policy-view
@@ -4,7 +4,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-. /usr/sbin/so-common
+. /usr/sbin/so-elastic-fleet-common

 POLICY_ID=$1

--- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-common
+++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-common
@@ -0,0 +1,79 @@
+#!/bin/bash
+#
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+DEFAULT_SALT_DIR=/opt/so/saltstack/default
+
+if [ -z $NOROOT ]; then
+        # Check for prerequisites
+        if [ "$(id -u)" -ne 0 ]; then
+                echo "This script must be run using sudo!"
+                exit 1
+        fi
+fi
+
+# Ensure /usr/sbin is in path
+if ! echo "$PATH" | grep -q "/usr/sbin"; then
+  export PATH="$PATH:/usr/sbin"
+fi
+
+# Define a banner to separate sections
+banner="========================================================================="
+
+elastic_fleet_integration_check() {
+
+    AGENT_POLICY=$1
+
+    JSON_STRING=$2
+
+    NAME=$(jq -r .name $JSON_STRING)
+
+    INTEGRATION_ID=$(/usr/sbin/so-elastic-fleet-agent-policy-view "$AGENT_POLICY" | jq -r '.item.package_policies[] | select(.name=="'"$NAME"'") | .id')
+
+}
+
+elastic_fleet_integration_create() {
+
+    JSON_STRING=$1
+
+    curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/package_policies" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING"
+}
+
+elastic_fleet_integration_update() {
+
+    UPDATE_ID=$1
+
+    JSON_STRING=$2
+
+    curl -K /opt/so/conf/elasticsearch/curl.config -L -X PUT "localhost:5601/api/fleet/package_policies/$UPDATE_ID" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING"
+}
+
+elastic_fleet_policy_create() {
+
+    NAME=$1
+    DESC=$2
+    FLEETSERVER=$3
+        TIMEOUT=$4
+
+    JSON_STRING=$( jq -n \
+                    --arg NAME "$NAME" \
+                    --arg DESC "$DESC" \
+                    --arg TIMEOUT $TIMEOUT \
+                    --arg FLEETSERVER "$FLEETSERVER" \
+                    '{"name": $NAME,"id":$NAME,"description":$DESC,"namespace":"default","monitoring_enabled":["logs"],"inactivity_timeout":$TIMEOUT,"has_fleet_server":$FLEETSERVER}'
+                    )
+    # Create Fleet Policy
+    curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/agent_policies" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING"
+
+}
+
+elastic_fleet_policy_update() {
+
+    POLICYID=$1
+    JSON_STRING=$2
+
+    curl -K /opt/so/conf/elasticsearch/curl.config -L -X PUT "localhost:5601/api/fleet/agent_policies/$POLICYID" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d "$JSON_STRING"
+}
--- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-data-streams-list
+++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-data-streams-list
@@ -4,7 +4,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-. /usr/sbin/so-common
+. /usr/sbin/so-elastic-fleet-common

 # Let's snag a cookie from Kibana
 SESSIONCOOKIE=$(curl -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
--- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-bulk-delete
+++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-bulk-delete
@@ -4,7 +4,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-. /usr/sbin/so-common
+. /usr/sbin/so-elastic-fleet-common

 POLICY_ID=$1

--- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-delete
+++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-delete
@@ -4,7 +4,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-. /usr/sbin/so-common
+. /usr/sbin/so-elastic-fleet-common

 POLICY_ID=$1

--- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-list
+++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-list
@@ -4,7 +4,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-. /usr/sbin/so-common
+. /usr/sbin/so-elastic-fleet-common

 # Let's snag a cookie from Kibana
 SESSIONCOOKIE=$(curl -s -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/ | grep sid | awk '{print $7}')
--- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-load
+++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-policy-load
@@ -4,7 +4,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.

-. /usr/sbin/so-common
+. /usr/sbin/so-elastic-fleet-common

 RETURN_CODE=0

--- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-restart
+++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-restart
@@ -7,6 +7,6 @@



-. /usr/sbin/so-common
+. /usr/sbin/so-elastic-fleet-common

 /usr/sbin/so-restart elastic-fleet $1
--- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-start
+++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-start
@@ -7,6 +7,6 @@



-. /usr/sbin/so-common
+. /usr/sbin/so-elastic-fleet-common

 /usr/sbin/so-start elastic-fleet $1
--- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-stop
+++ b/salt/elasticfleet/tools/sbin/so-elastic-fleet-stop
@@ -7,6 +7,6 @@



-. /usr/sbin/so-common
+. /usr/sbin/so-elastic-fleet-common

 /usr/sbin/so-stop elastic-fleet $1
--- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers
+++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers
@@ -8,7 +8,7 @@

 {% from 'vars/globals.map.jinja' import GLOBALS %}

-. /usr/sbin/so-common
+. /usr/sbin/so-elastic-fleet-common

 #FLEETHOST="https://{{ GLOBALS.manager_ip }}:8220"

--- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup
+++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup
@@ -6,7 +6,7 @@
 # this file except in compliance with the Elastic License 2.0.
 {% from 'vars/globals.map.jinja' import GLOBALS %}

-. /usr/sbin/so-common
+. /usr/sbin/so-elastic-fleet-common

 printf "\n### Create ES Token ###\n"
 ESTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/service_tokens" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' |  jq -r .value)