From cbdd369a1882d902f837c4e17244de3259d7a17d Mon Sep 17 00:00:00 2001
From: Josh Patterson <josh.patterson@securityonionsolutions.com>
Date: Mon, 25 Aug 2025 08:39:55 -0400
Subject: [PATCH] ensure x509 in mine

---
 salt/libvirt/bridge.sls | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/salt/libvirt/bridge.sls b/salt/libvirt/bridge.sls
index 5ff5d670c..c9e8650a3 100644
--- a/salt/libvirt/bridge.sls
+++ b/salt/libvirt/bridge.sls
@@ -3,6 +3,8 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
+# We do not import GLOBALS in this state because it is called during setup
+
 {%  from 'libvirt/map.jinja' import LIBVIRTMERGED %}
 {%  from 'salt/map.jinja' import SYSTEMD_UNIT_FILE %}
 
@@ -38,6 +40,10 @@ update_mine_functions:
         mine_functions:
           network.ip_addrs:
             - interface: br0
+        {%- if role in ['so-eval','so-import','so-manager','so-managerhype','so-managersearch','so-standalone'] %}
+          x509.get_pem_entries:
+            - glob_path: '/etc/pki/ca.crt'
+        {% endif %}
     - onchanges:
       - cmd: wait_for_br0_ip