diff --git a/salt/airgap/init.sls b/salt/airgap/init.sls
index b7ad3da1b..818bb3a3b 100644
--- a/salt/airgap/init.sls
+++ b/salt/airgap/init.sls
@@ -1,3 +1,6 @@
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
+
{% set MANAGER = salt['grains.get']('master') %}
airgapyum:
file.managed:
@@ -57,4 +60,12 @@ agssrepo:
agwazrepo:
file.absent:
- - name: /etc/yum.repos.d/wazuh.repo
\ No newline at end of file
+ - name: /etc/yum.repos.d/wazuh.repo
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+ test.fail_without_changes:
+ - name: {{sls}}_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja
new file mode 100644
index 000000000..920a60aab
--- /dev/null
+++ b/salt/allowed_states.map.jinja
@@ -0,0 +1,297 @@
+{% set ZEEKVER = salt['pillar.get']('global:mdengine', '') %}
+{% set WAZUH = salt['pillar.get']('global:wazuh', '0') %}
+{% set THEHIVE = salt['pillar.get']('manager:thehive', '0') %}
+{% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
+{% set FREQSERVER = salt['pillar.get']('manager:freq', '0') %}
+{% set DOMAINSTATS = salt['pillar.get']('manager:domainstats', '0') %}
+{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %}
+{% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %}
+{% set ELASTALERT = salt['pillar.get']('elastalert:enabled', True) %}
+{% set ELASTICSEARCH = salt['pillar.get']('elasticsearch:enabled', True) %}
+{% set FILEBEAT = salt['pillar.get']('filebeat:enabled', True) %}
+{% set KIBANA = salt['pillar.get']('kibana:enabled', True) %}
+{% set LOGSTASH = salt['pillar.get']('logstash:enabled', True) %}
+{% set CURATOR = salt['pillar.get']('curator:enabled', True) %}
+{% set REDIS = salt['pillar.get']('redis:enabled', True) %}
+{% set STRELKA = salt['pillar.get']('strelka:enabled', '0') %}
+{% set ISAIRGAP = salt['pillar.get']('global:airgap', False) %}
+{% import_yaml 'salt/minion.defaults.yaml' as saltversion %}
+{% set saltversion = saltversion.salt.minion.version %}
+
+{# this is the list we are returning from this map file, it gets built below #}
+{% set allowed_states= [] %}
+
+{% if grains.saltversion | string == saltversion | string %}
+
+ {% set allowed_states= salt['grains.filter_by']({
+ 'so-eval': [
+ 'salt.master',
+ 'ca',
+ 'ssl',
+ 'registry',
+ 'manager',
+ 'nginx',
+ 'telegraf',
+ 'influxdb',
+ 'grafana',
+ 'soc',
+ 'firewall',
+ 'idstools',
+ 'suricata.manager',
+ 'healthcheck',
+ 'pcap',
+ 'suricata',
+ 'utility',
+ 'schedule',
+ 'soctopus',
+ 'tcpreplay',
+ 'docker_clean'
+ ],
+ 'so-heavynode': [
+ 'ca',
+ 'ssl',
+ 'nginx',
+ 'telegraf',
+ 'firewall',
+ 'pcap',
+ 'suricata',
+ 'schedule',
+ 'tcpreplay',
+ 'docker_clean'
+ ],
+ 'so-helixsensor': [
+ 'salt.master',
+ 'ca',
+ 'ssl',
+ 'registry',
+ 'telegraf',
+ 'firewall',
+ 'idstools',
+ 'suricata.manager',
+ 'zeek',
+ 'redis',
+ 'elasticsearch',
+ 'logstash',
+ 'schedule',
+ 'tcpreplay',
+ 'docker_clean'
+ ],
+ 'so-fleet': [
+ 'ca',
+ 'ssl',
+ 'nginx',
+ 'telegraf',
+ 'firewall',
+ 'mysql',
+ 'redis',
+ 'fleet',
+ 'fleet.install_package',
+ 'filebeat',
+ 'schedule',
+ 'docker_clean'
+ ],
+ 'so-import': [
+ 'salt.master',
+ 'ca',
+ 'ssl',
+ 'registry',
+ 'manager',
+ 'nginx',
+ 'soc',
+ 'firewall',
+ 'idstools',
+ 'suricata.manager',
+ 'pcap',
+ 'utility',
+ 'suricata',
+ 'zeek',
+ 'schedule',
+ 'tcpreplay',
+ 'docker_clean'
+ ],
+ 'so-manager': [
+ 'salt.master',
+ 'ca',
+ 'ssl',
+ 'registry',
+ 'manager',
+ 'nginx',
+ 'telegraf',
+ 'influxdb',
+ 'grafana',
+ 'soc',
+ 'firewall',
+ 'idstools',
+ 'suricata.manager',
+ 'utility',
+ 'schedule',
+ 'soctopus',
+ 'docker_clean'
+ ],
+ 'so-managersearch': [
+ 'salt.master',
+ 'ca',
+ 'ssl',
+ 'registry',
+ 'nginx',
+ 'telegraf',
+ 'influxdb',
+ 'grafana',
+ 'soc',
+ 'firewall',
+ 'manager',
+ 'idstools',
+ 'suricata.manager',
+ 'utility',
+ 'schedule',
+ 'soctopus',
+ 'docker_clean'
+ ],
+ 'so-searchnode': [
+ 'ca',
+ 'ssl',
+ 'nginx',
+ 'telegraf',
+ 'firewall',
+ 'schedule',
+ 'docker_clean'
+ ],
+ 'so-standalone': [
+ 'salt.master',
+ 'ca',
+ 'ssl',
+ 'registry',
+ 'manager',
+ 'nginx',
+ 'telegraf',
+ 'influxdb',
+ 'grafana',
+ 'soc',
+ 'firewall',
+ 'idstools',
+ 'suricata.manager',
+ 'pcap',
+ 'suricata',
+ 'utility',
+ 'schedule',
+ 'soctopus',
+ 'tcpreplay',
+ 'docker_clean'
+ ],
+ 'so-sensor': [
+ 'ca',
+ 'ssl',
+ 'telegraf',
+ 'firewall',
+ 'nginx',
+ 'pcap',
+ 'suricata',
+ 'healthcheck',
+ 'wazuh',
+ 'filebeat',
+ 'schedule',
+ 'tcpreplay',
+ 'docker_clean'
+ ],
+ }, grain='role') %}
+
+ {% if FILEBEAT and grains.role in ['so-helixsensor', 'so-eval', 'so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode', 'so-import'] %}
+ {% do allowed_states.append('filebeat') %}
+ {% endif %}
+
+ {% if ((FLEETMANAGER or FLEETNODE) or PLAYBOOK != 0) and grains.role in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone'] %}
+ {% do allowed_states.append('mysql') %}
+ {% endif %}
+
+ {% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-sensor', 'so-eval', 'so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode'] %}
+ {% do allowed_states.append('fleet.install_package') %}
+ {% endif %}
+
+ {% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-heavynode'] %}
+ {% do allowed_states.append('fleet') %}
+ {% endif %}
+
+ {% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-eval'] %}
+ {% do allowed_states.append('redis') %}
+ {% endif %}
+
+ {%- if ZEEKVER != 'SURICATA' and grains.role in ['so-sensor', 'so-eval', 'so-standalone', 'so-heavynode'] %}
+ {% do allowed_states.append('zeek') %}
+ {%- endif %}
+
+ {% if STRELKA and grains.role in ['so-sensor', 'so-eval', 'so-standalone', 'so-heavynode'] %}
+ {% do allowed_states.append('strelka') %}
+ {% endif %}
+
+ {% if WAZUH and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode']%}
+ {% do allowed_states.append('wazuh') %}
+ {% endif %}
+
+ {% if ELASTICSEARCH and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode', 'so-import'] %}
+ {% do allowed_states.append('elasticsearch') %}
+ {% endif %}
+
+ {% if KIBANA and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %}
+ {% do allowed_states.append('kibana') %}
+ {% endif %}
+
+ {% if CURATOR and grains.role in ['so-eval', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode'] %}
+ {% do allowed_states.append('curator') %}
+ {% endif %}
+
+ {% if ELASTALERT and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
+ {% do allowed_states.append('elastalert') %}
+ {% endif %}
+
+ {% if (THEHIVE != 0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
+ {% do allowed_states.append('thehive') %}
+ {% endif %}
+
+ {% if (PLAYBOOK !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
+ {% do allowed_states.append('playbook') %}
+ {% endif %}
+
+ {% if (PLAYBOOK !=0) and grains.role in ['so-eval'] %}
+ {% do allowed_states.append('redis') %}
+ {% endif %}
+
+ {% if (FREQSERVER !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
+ {% do allowed_states.append('freqserver') %}
+ {% endif %}
+
+ {% if (DOMAINSTATS !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
+ {% do allowed_states.append('domainstats') %}
+ {% endif %}
+
+ {% if LOGSTASH and grains.role in ['so-helixsensor', 'so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode'] %}
+ {% do allowed_states.append('logstash') %}
+ {% endif %}
+
+ {% if REDIS and grains.role in ['so-manager', 'so-standalone', 'so-managersearch', 'so-heavynode'] %}
+ {% do allowed_states.append('redis') %}
+ {% endif %}
+
+ {% if grains.os == 'CentOS' %}
+ {% if not ISAIRGAP %}
+ {% do allowed_states.append('yum') %}
+ {% endif %}
+ {% do allowed_states.append('yum.packages') %}
+ {% endif %}
+
+ {# all nodes on the right salt version can run the following states #}
+ {% do allowed_states.append('common') %}
+ {% do allowed_states.append('patch.os.schedule') %}
+ {% do allowed_states.append('motd') %}
+ {% do allowed_states.append('salt.minion-check') %}
+ {% do allowed_states.append('sensoroni') %}
+ {% do allowed_states.append('salt.lasthighstate') %}
+
+{% endif %}
+
+
+{% if ISAIRGAP %}
+ {% do allowed_states.append('airgap') %}
+{% endif %}
+
+{# all nodes can always run salt.minion state #}
+{% do allowed_states.append('salt.minion') %}
\ No newline at end of file
diff --git a/salt/ca/init.sls b/salt/ca/init.sls
index 84c74ef3d..07cb75f31 100644
--- a/salt/ca/init.sls
+++ b/salt/ca/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'ca' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set manager = salt['grains.get']('master') %}
/etc/salt/minion.d/signing_policies.conf:
@@ -60,8 +58,8 @@ cakeyperms:
{% else %}
-ca_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: ca_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/common/init.sls b/salt/common/init.sls
index 337103fd9..60ff87fd4 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'common' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set role = grains.id.split('_') | last %}
@@ -260,8 +258,8 @@ docker:
{% else %}
-common_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: common_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/curator/init.sls b/salt/curator/init.sls
index 2f0147794..245b700d0 100644
--- a/salt/curator/init.sls
+++ b/salt/curator/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'curator' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -145,8 +143,8 @@ append_so-curator_so-status.conf:
{% else %}
-curator_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: curator_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/docker/init.sls b/salt/docker/init.sls
index 273dbae91..c01bb8e67 100644
--- a/salt/docker/init.sls
+++ b/salt/docker/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'docker' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
installdocker:
pkg.installed:
@@ -14,8 +12,8 @@ docker:
{% else %}
-docker_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: docker_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/docker_clean/init.sls b/salt/docker_clean/init.sls
index 9c5ce0d17..21e672c00 100644
--- a/salt/docker_clean/init.sls
+++ b/salt/docker_clean/init.sls
@@ -1,3 +1,6 @@
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
+
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% set MANAGER = salt['grains.get']('master') %}
{% set OLDVERSIONS = ['2.0.0-rc.1','2.0.1-rc.1','2.0.2-rc.1','2.0.3-rc.1','2.1.0-rc.2','2.2.0-rc.3','2.3.0','2.3.1','2.3.2']%}
@@ -43,3 +46,11 @@ remove_images_{{ VERSION }}:
- '{{ MANAGER }}:5000/{{ IMAGEREPO }}/so-wazuh:{{ VERSION }}'
- '{{ MANAGER }}:5000/{{ IMAGEREPO }}/so-zeek:{{ VERSION }}'
{% endfor %}
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+ test.fail_without_changes:
+ - name: {{sls}}_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/domainstats/init.sls b/salt/domainstats/init.sls
index 965d87426..da9c2926c 100644
--- a/salt/domainstats/init.sls
+++ b/salt/domainstats/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'domainstats' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -63,8 +61,8 @@ append_so-domainstats_so-status.conf:
{% else %}
-domainstats_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: domainstats_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls
index 7caef532f..fcab3f57c 100644
--- a/salt/elastalert/init.sls
+++ b/salt/elastalert/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'elastalert' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -131,8 +129,8 @@ append_so-elastalert_so-status.conf:
{% else %}
-elastalert_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: elastalert_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index 2d83f9882..089a21e1c 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'elasticsearch' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -265,8 +263,8 @@ so-elasticsearch-templates:
{% else %}
-elasticsearch_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: elasticsearch_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %} {# if 'elasticsearch' in top_states #}
diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index 98229ca35..47dc2f3a9 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -11,10 +11,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'filebeat' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -93,8 +91,8 @@ append_so-filebeat_so-status.conf:
{% else %}
-filebeat_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: filebeat_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index 27f04bee0..687774a58 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'firewall' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
# Firewall Magic for the grid
{% from 'firewall/map.jinja' import hostgroups with context %}
@@ -138,8 +136,8 @@ iptables_drop_all_the_things:
{% else %}
-firewall_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: firewall_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/fleet/init.sls b/salt/fleet/init.sls
index db3414a18..f286af347 100644
--- a/salt/fleet/init.sls
+++ b/salt/fleet/init.sls
@@ -1,3 +1,4 @@
+{# this state can run regardless if in allowed_states or not #}
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
{%- set FLEETPASS = salt['pillar.get']('secrets:fleet', None) -%}
{%- set FLEETJWT = salt['pillar.get']('secrets:fleet_jwt', None) -%}
diff --git a/salt/freqserver/init.sls b/salt/freqserver/init.sls
index f514353a1..36a17b6aa 100644
--- a/salt/freqserver/init.sls
+++ b/salt/freqserver/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'freqserver' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -63,9 +61,9 @@ append_so-freq_so-status.conf:
{% else %}
-freqserver_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: freqserver_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls
index 9c596ca98..4a0cc7b08 100644
--- a/salt/grafana/init.sls
+++ b/salt/grafana/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'grafana' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
{% set MANAGER = salt['grains.get']('master') %}
@@ -281,8 +279,8 @@ append_so-grafana_so-status.conf:
{% else %}
-grafana_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: grafana_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/healthcheck/init.sls b/salt/healthcheck/init.sls
index af1de6d83..610891980 100644
--- a/salt/healthcheck/init.sls
+++ b/salt/healthcheck/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'healthcheck' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set CHECKS = salt['pillar.get']('healthcheck:checks', {}) %}
{% set ENABLED = salt['pillar.get']('healthcheck:enabled', False) %}
@@ -31,8 +29,8 @@ healthcheck_schedule_{{ STATUS[1] }}:
{% else %}
-healthcheck_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: healthcheck_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/idstools/init.sls b/salt/idstools/init.sls
index 2aacb973d..56f15a93d 100644
--- a/salt/idstools/init.sls
+++ b/salt/idstools/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'idstools' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -83,8 +81,8 @@ append_so-idstools_so-status.conf:
{% else %}
-idstools_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: idstools_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif%}
diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls
index 9dc7ee692..61b97fc56 100644
--- a/salt/influxdb/init.sls
+++ b/salt/influxdb/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'influxdb' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
{% set MANAGER = salt['grains.get']('master') %}
@@ -63,8 +61,8 @@ append_so-influxdb_so-status.conf:
{% else %}
-influxdb_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: influxdb_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls
index 02e76495d..7d6b541cd 100644
--- a/salt/kibana/init.sls
+++ b/salt/kibana/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'kibana' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -128,8 +126,8 @@ so-kibana-config-load:
{% else %}
-kibana_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: kibana_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls
index e23e4eef2..61f533865 100644
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'logstash' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -209,8 +207,8 @@ append_so-logstash_so-status.conf:
{% else %}
-logstash_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: logstash_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/manager/init.sls b/salt/manager/init.sls
index 597ca3c43..908ef4502 100644
--- a/salt/manager/init.sls
+++ b/salt/manager/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'manager' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -110,8 +108,8 @@ strelka_yara_update:
- minute: '1'
{% else %}
-manager_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: manager_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/minio/init.sls b/salt/minio/init.sls
index 484eac1f9..f61209c8b 100644
--- a/salt/minio/init.sls
+++ b/salt/minio/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'minio' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set access_key = salt['pillar.get']('minio:access_key', '') %}
{% set access_secret = salt['pillar.get']('minio:access_secret', '') %}
@@ -69,8 +67,8 @@ append_so-minio_so-status.conf:
{% else %}
-minio_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: minio_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/motd/init.sls b/salt/motd/init.sls
index bf9d276a6..c3b9c0209 100644
--- a/salt/motd/init.sls
+++ b/salt/motd/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'motd' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
so_motd:
file.managed:
@@ -11,8 +9,8 @@ so_motd:
{% else %}
-motd_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: motd_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls
index 5fb187ab8..be44b652c 100644
--- a/salt/mysql/init.sls
+++ b/salt/mysql/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'mysql' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) %}
{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
@@ -112,8 +110,8 @@ append_so-mysql_so-status.conf:
{% else %}
-mysql_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: mysql_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/nginx/init.sls b/salt/nginx/init.sls
index 8d6dd46f7..15c1acc8e 100644
--- a/salt/nginx/init.sls
+++ b/salt/nginx/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'nginx' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %}
{% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %}
@@ -105,8 +103,8 @@ append_so-nginx_so-status.conf:
{% else %}
-nginx_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: nginx_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/nodered/init.sls b/salt/nodered/init.sls
index c4fb8cb37..58145a6b7 100644
--- a/salt/nodered/init.sls
+++ b/salt/nodered/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'nodered' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -86,8 +84,8 @@ so-nodered-flows:
{% else %}
-nodered_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: nodered_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls
index b8580fd86..06ff30972 100644
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'pcap' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -150,8 +148,8 @@ delete_so-steno_so-status.disabled:
{% else %}
-pcap_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: pcap_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls
index dca898eec..ef538e5f6 100644
--- a/salt/playbook/init.sls
+++ b/salt/playbook/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'playbook' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set MANAGERIP = salt['pillar.get']('manager:mainip', '') %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
@@ -114,8 +112,8 @@ so-playbookruleupdatecron:
{% else %}
-playbook_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: playbook_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/redis/init.sls b/salt/redis/init.sls
index 57f189865..d28aa57c3 100644
--- a/salt/redis/init.sls
+++ b/salt/redis/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'redis' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -77,8 +75,8 @@ append_so-redis_so-status.conf:
{% else %}
-redis_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: redis_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/registry/init.sls b/salt/registry/init.sls
index 43b9d8fa6..d733b6f54 100644
--- a/salt/registry/init.sls
+++ b/salt/registry/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'registry' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
# Create the config directory for the docker registry
dockerregistryconfdir:
@@ -64,8 +62,8 @@ append_so-dockerregistry_so-status.conf:
{% else %}
-registry_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: registry_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/salt/master.sls b/salt/salt/master.sls
index 442a9d240..3c23bbb36 100644
--- a/salt/salt/master.sls
+++ b/salt/salt/master.sls
@@ -1,10 +1,8 @@
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
+
{% from 'salt/map.jinja' import COMMON with context %}
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'salt.master' in top_states %}
-
include:
- salt.minion
@@ -37,8 +35,8 @@ engines_config:
{% else %}
-salt_master_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: salt_master_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/soc/init.sls b/salt/soc/init.sls
index 0f58aab32..d31898e72 100644
--- a/salt/soc/init.sls
+++ b/salt/soc/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'soc' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -141,8 +139,8 @@ append_so-kratos_so-status.conf:
{% else %}
-soc_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: soc_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls
index 2137a4511..c2c8dc1ac 100644
--- a/salt/soctopus/init.sls
+++ b/salt/soctopus/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'soctopus' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -80,8 +78,8 @@ append_so-soctopus_so-status.conf:
{% else %}
-soctopus_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: soctopus_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 221c58c93..d6c06d6fd 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'ssl' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set manager = salt['grains.get']('master') %}
{% set managerip = salt['pillar.get']('global:managerip', '') %}
@@ -578,8 +576,8 @@ elastickeyperms:
{% else %}
-ssl_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: ssl_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls
index 1bd9e3aad..315486519 100644
--- a/salt/strelka/init.sls
+++ b/salt/strelka/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'strelka' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set MANAGER = salt['grains.get']('master') %}
{% set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
@@ -194,8 +192,8 @@ strelka_zeek_extracted_sync:
{% else %}
-strelka_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: strelka_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index 99609be32..0452364c5 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'suricata' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
{% set ZEEKVER = salt['pillar.get']('global:mdengine', '') %}
@@ -193,8 +191,8 @@ surilogrotate:
{% else %}
-suricata_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: suricata_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/suricata/manager.sls b/salt/suricata/manager.sls
index 5998a484b..c196c5cae 100644
--- a/salt/suricata/manager.sls
+++ b/salt/suricata/manager.sls
@@ -1,3 +1,6 @@
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
+
surilocaldir:
file.directory:
- name: /opt/so/saltstack/local/salt/suricata
@@ -16,4 +19,12 @@ refresh_salt_master_fileserver_suricata_ruleslink:
salt.runner:
- name: fileserver.update
- onchanges:
- - file: ruleslink
\ No newline at end of file
+ - file: ruleslink
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+ test.fail_without_changes:
+ - name: {{sls}}_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/tcpreplay/init.sls b/salt/tcpreplay/init.sls
index a684d2fef..0fa853d22 100644
--- a/salt/tcpreplay/init.sls
+++ b/salt/tcpreplay/init.sls
@@ -1,4 +1,6 @@
-{% if grains['role'] == 'so-sensor' or grains['role'] == 'so-eval' or grains['role'] == 'so-standalone' %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
+
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% set MANAGER = salt['grains.get']('master') %}
@@ -17,8 +19,8 @@ so-tcpreplay:
{% else %}
-tcpreplay_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: tcpreplay_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls
index 1ff34ceae..fb4cacbc6 100644
--- a/salt/telegraf/init.sls
+++ b/salt/telegraf/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'telegraf' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set MANAGER = salt['grains.get']('master') %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
@@ -81,8 +79,8 @@ append_so-telegraf_so-status.conf:
{% else %}
-telegraf_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: telegraf_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/thehive/init.sls b/salt/thehive/init.sls
index 6c3d4d5ac..d1ee8a4bf 100644
--- a/salt/thehive/init.sls
+++ b/salt/thehive/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'thehive' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set MANAGERIP = salt['pillar.get']('manager:mainip', '') %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
@@ -152,8 +150,8 @@ thehivescript:
{% else %}
-thehive_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: thehive_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/top.sls b/salt/top.sls
index 18dd1b61a..68c392c25 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -292,47 +292,6 @@ base:
{%- endif %}
- docker_clean
- # Search node logic
-
- '*_node and I@node:node_type:parser and G@saltversion:{{saltversion}}':
- - match: compound
- - firewall
- {%- if LOGSTASH %}
- - logstash
- {%- endif %}
- {%- if FLEETMANAGER or FLEETNODE %}
- - fleet.install_package
- {%- endif %}
- - schedule
- - docker_clean
-
- '*_node and I@node:node_type:hot and G@saltversion:{{saltversion}}':
- - match: compound
- - firewall
- {%- if LOGSTASH %}
- - logstash
- {%- endif %}
- {%- if CURATOR %}
- - curator
- {%- endif %}
- {%- if FLEETMANAGER or FLEETNODE %}
- - fleet.install_package
- {%- endif %}
- - schedule
- - docker_clean
-
- '*_node and I@node:node_type:warm and G@saltversion:{{saltversion}}':
- - match: compound
- - firewall
- {%- if ELASTICSEARCH %}
- - elasticsearch
- {%- endif %}
- {%- if FLEETMANAGER or FLEETNODE %}
- - fleet.install_package
- {%- endif %}
- - schedule
- - docker_clean
-
'*_searchnode and G@saltversion:{{saltversion}}':
- match: compound
- ca
@@ -361,21 +320,6 @@ base:
- schedule
- docker_clean
- '*_managersensor and G@saltversion:{{saltversion}}':
- - match: compound
- - nginx
- - telegraf
- - influxdb
- - grafana
- - firewall
- - sensor
- - manager
- {%- if FLEETMANAGER or FLEETNODE %}
- - fleet.install_package
- {%- endif %}
- - schedule
- - docker_clean
-
'*_managersearch and G@saltversion:{{saltversion}}':
- match: compound
- salt.master
@@ -494,6 +438,7 @@ base:
- fleet
- fleet.install_package
- filebeat
+ - schedule
- docker_clean
'*_import and G@saltversion:{{saltversion}}':
diff --git a/salt/utility/init.sls b/salt/utility/init.sls
index d18ad5e1c..d8b8539fa 100644
--- a/salt/utility/init.sls
+++ b/salt/utility/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'utility' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
# This state is for checking things
{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] %}
@@ -27,8 +25,8 @@ fixsearch:
{% else %}
-utility_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: utility_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls
index 3cad6c367..089b60846 100644
--- a/salt/wazuh/init.sls
+++ b/salt/wazuh/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'wazuh' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{%- set HOSTNAME = salt['grains.get']('host', '') %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
@@ -164,8 +162,8 @@ hidsruledir:
{% else %}
-wazuh_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: wazuh_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/yum/init.sls b/salt/yum/init.sls
index b8a4df9ee..339a6f2a7 100644
--- a/salt/yum/init.sls
+++ b/salt/yum/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'yum' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
yumconf:
file.managed:
@@ -12,8 +10,8 @@ yumconf:
{% else %}
-yum_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: yum_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index 6fa289d5c..8cb9f5d21 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'zeek' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% from "zeek/map.jinja" import START with context %}
@@ -211,8 +209,8 @@ disable_so-zeek_so-status.conf:
{% else %}
-zeek_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: zeek_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file