From ed8c85df2ba86a18166d21d1803d95db23a076f0 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Tue, 1 Jun 2021 10:26:33 -0400
Subject: [PATCH] Only sync web users if teh sqlite db exists

---
 salt/common/tools/sbin/so-user | 48 ++++++++++++++++++----------------
 1 file changed, 26 insertions(+), 22 deletions(-)

diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user
index d8d8fe34a..cc3a0756c 100755
--- a/salt/common/tools/sbin/so-user
+++ b/salt/common/tools/sbin/so-user
@@ -185,29 +185,33 @@ function syncElastic() {
   syncElasticSystemRole "$authPillarJson" "so_monitor_user"  "remote_monitoring_collector" "$rolesFileTmp"
   syncElasticSystemRole "$authPillarJson" "so_monitor_user"  "remote_monitoring_agent" "$rolesFileTmp"
 
-  # Generate the new users file
-  echo "select '{\"user\":\"' || ici.identifier || '\", \"data\":' || ic.config || '}'" \
-    "from identity_credential_identifiers ici, identity_credentials ic " \
-    "where ici.identity_credential_id=ic.id and ic.config like '%hashed_password%' " \
-    "order by ici.identifier;" | \
-    sqlite3 "$databasePath" | \
-    jq -r '.user + ":" + .data.hashed_password' \
-    >> "$usersFileTmp"
-  [[ $? != 0 ]] && fail "Unable to read credential hashes from database"
-  mv -f "$usersFileTmp" "$elasticUsersFile"
-  [[ $? != 0 ]] && fail "Unable to create users file: $elasticUsersFile"
+  if [[ -f "$databasePath" ]]; then
+    # Generate the new users file
+    echo "select '{\"user\":\"' || ici.identifier || '\", \"data\":' || ic.config || '}'" \
+      "from identity_credential_identifiers ici, identity_credentials ic " \
+      "where ici.identity_credential_id=ic.id and ic.config like '%hashed_password%' " \
+      "order by ici.identifier;" | \
+      sqlite3 "$databasePath" | \
+      jq -r '.user + ":" + .data.hashed_password' \
+      >> "$usersFileTmp"
+    [[ $? != 0 ]] && fail "Unable to read credential hashes from database"
+    mv -f "$usersFileTmp" "$elasticUsersFile"
+    [[ $? != 0 ]] && fail "Unable to create users file: $elasticUsersFile"
 
-  # Generate the new users_roles file
-  
-  echo "select 'superuser:' || ici.identifier " \
-    "from identity_credential_identifiers ici, identity_credentials ic " \
-    "where ici.identity_credential_id=ic.id and ic.config like '%hashed_password%' " \
-    "order by ici.identifier;" | \
-    sqlite3 "$databasePath" \
-    >> "$rolesFileTmp"
-  [[ $? != 0 ]] && fail "Unable to read credential IDs from database"
-  mv -f "$rolesFileTmp" "$elasticRolesFile"
-  [[ $? != 0 ]] && fail "Unable to create users file: $elasticRolesFile"
+    # Generate the new users_roles file
+    
+    echo "select 'superuser:' || ici.identifier " \
+      "from identity_credential_identifiers ici, identity_credentials ic " \
+      "where ici.identity_credential_id=ic.id and ic.config like '%hashed_password%' " \
+      "order by ici.identifier;" | \
+      sqlite3 "$databasePath" \
+      >> "$rolesFileTmp"
+    [[ $? != 0 ]] && fail "Unable to read credential IDs from database"
+    mv -f "$rolesFileTmp" "$elasticRolesFile"
+    [[ $? != 0 ]] && fail "Unable to create users file: $elasticRolesFile"
+  else
+    info "Database file does not exist yet, skipping users export"
+  fi
 }
 
 function syncAll() {