From f93c6146f5ebe1a41fdb9addcb80d460d1e6e970 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 21 Oct 2021 15:24:55 -0400
Subject: [PATCH] docker binds requires

---
 salt/ca/init.sls            |  5 +++--
 salt/domainstats/init.sls   |  4 +++-
 salt/elastalert/init.sls    |  4 ++++
 salt/elasticsearch/init.sls | 21 ++++++++++++++++++++-
 salt/ssl/init.sls           |  3 +++
 5 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/salt/ca/init.sls b/salt/ca/init.sls
index 485b01d3e..9c30b5c5e 100644
--- a/salt/ca/init.sls
+++ b/salt/ca/init.sls
@@ -24,8 +24,9 @@ pki_private_key:
       - x509: /etc/pki/ca.crt
     {%- endif %}
 
-/etc/pki/ca.crt:
+pki_public_ca_crt:
   x509.certificate_managed:
+    - name: /etc/pki/ca.crt
     - signing_private_key: /etc/pki/ca.key
     - CN: {{ manager }}
     - C: US
@@ -66,4 +67,4 @@ cakeyperms:
   test.fail_without_changes:
     - name: {{sls}}_state_not_allowed
 
-{% endif %}
\ No newline at end of file
+{% endif %}
diff --git a/salt/domainstats/init.sls b/salt/domainstats/init.sls
index 72ccf2f76..225db7e72 100644
--- a/salt/domainstats/init.sls
+++ b/salt/domainstats/init.sls
@@ -53,6 +53,8 @@ so-domainstats:
     - user: domainstats
     - binds:
       - /opt/so/log/domainstats:/var/log/domain_stats
+    - require:
+      - file: dstatslogdir
 
 append_so-domainstats_so-status.conf:
   file.append:
@@ -65,4 +67,4 @@ append_so-domainstats_so-status.conf:
   test.fail_without_changes:
     - name: {{sls}}_state_not_allowed
 
-{% endif %}
\ No newline at end of file
+{% endif %}
diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls
index a5c3a3b67..f94e0c1d0 100644
--- a/salt/elastalert/init.sls
+++ b/salt/elastalert/init.sls
@@ -122,6 +122,10 @@ so-elastalert:
       - {{MANAGER_URL}}:{{MANAGER_IP}}
     - require:
       - cmd: wait_for_elasticsearch
+      - file: elastarules
+      - file: elastalogdir
+      - file: elastacustmodulesdir
+      - file: elastaconf
     - watch:
       - file: elastaconf
 
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index 9f475c2c3..f3908fd60 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -15,7 +15,8 @@
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls in allowed_states %}
 
-
+include:
+  - ssl
 
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -280,6 +281,24 @@ so-elasticsearch:
       - file: esyml
       - file: esingestconf
       - file: so-elasticsearch-pipelines-file
+    - require:
+      - file: esyml
+      - file: eslog4jfile
+      - file: nsmesdir
+      - file: eslogdir
+      - file: cacertz
+      - file: /etc/pki/elasticsearch.crt
+      - file: /etc/pki/elasticsearch.key
+      - file: elasticp12perms
+      {% if ismanager %}
+      - file: pki_public_ca_crt
+      {% else %}
+      - file: trusttheca
+      {% endif %}
+      {% if salt['pillar.get']('elasticsearch:auth:enabled', False) %}
+      - cmd: auth_users_roles_inode
+      - cmd: auth_users_inode
+      {% endif %}
 
 append_so-elasticsearch_so-status.conf:
   file.append:
diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 5690691fc..8ec404a5b 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -30,6 +30,9 @@
     {% set ca_server = global_ca_server[0] %}
 {% endif %}
 
+include:
+  - ca
+
 # Trust the CA
 trusttheca:
   x509.pem_managed: