From c014508519d024ce6425955bdc1512f22991a22d Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Fri, 12 Apr 2024 13:50:25 -0400
Subject: [PATCH] need /opt/so/conf/ca/cacerts on receiver for kafka to run

---
 salt/allowed_states.map.jinja | 3 ++-
 salt/elasticsearch/ca.sls     | 2 +-
 salt/kafka/enabled.sls        | 1 +
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja
index 091cb3786..57cff5b4f 100644
--- a/salt/allowed_states.map.jinja
+++ b/salt/allowed_states.map.jinja
@@ -191,7 +191,8 @@
           'firewall',
           'schedule',
           'docker_clean',
-          'kafka'
+          'kafka',
+          'elasticsearch.ca'
           ],
       'so-desktop': [
           'ssl',
diff --git a/salt/elasticsearch/ca.sls b/salt/elasticsearch/ca.sls
index 5485bb676..188450311 100644
--- a/salt/elasticsearch/ca.sls
+++ b/salt/elasticsearch/ca.sls
@@ -4,7 +4,7 @@
 # Elastic License 2.0.
 
 {% from 'allowed_states.map.jinja' import allowed_states %}
-{% if sls.split('.')[0] in allowed_states %}
+{% if sls.split('.')[0] in allowed_states or sls in allowed_states %}
 {%   from 'vars/globals.map.jinja' import GLOBALS %}
 
 # Move our new CA over so Elastic and Logstash can use SSL with the internal CA
diff --git a/salt/kafka/enabled.sls b/salt/kafka/enabled.sls
index ed26297b3..a42b6f18b 100644
--- a/salt/kafka/enabled.sls
+++ b/salt/kafka/enabled.sls
@@ -10,6 +10,7 @@
 {%   set KAFKANODES = salt['pillar.get']('kafka:nodes', {}) %}
 
 include:
+  - elasticsearch.ca
   - kafka.sostatus
   - kafka.config
   - kafka.storage