update license

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
2025-12-06 17:22:49 +01:00 · 2024-06-04 12:33:51 -04:00
parent d9c58d9333
commit fb1d4fdd3c
5 changed files with 42 additions and 5 deletions
--- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-outputs-update
+++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-outputs-update
@@ -131,9 +131,10 @@ if [ "$NEW_HASH" = "$CURRENT_HASH" ]; then
    # Since output can be KAFKA or LOGSTASH, we need to check if the policy set as default matches the value set in GLOBALS.pipeline and update if needed
    printf "Checking if the correct output policy is set as default\n"
    OUTPUT_DEFAULT=$(jq -r '.item.is_default' <<< $RAW_JSON)
-    if [ "$OUTPUT_DEFAULT" = "false" ]; then
+    OUTPUT_DEFAULT_MONITORING=$(jq -r '.item.is_default_monitoring' <<< $RAW_JSON)
+    if [[ "$OUTPUT_DEFAULT" = "false" || "$OUTPUT_DEFAULT_MONITORING" = "false" ]]; then
      printf "Default output policy needs to be updated.\n"
-    {%- if GLOBALS.pipeline == "KAFKA" %}
+    {%- if GLOBALS.pipeline == "KAFKA" and 'gmd' in salt['pillar.get']('features', []) %}
      update_kafka_outputs
    {%- else %}
      update_logstash_outputs
@@ -145,7 +146,7 @@ if [ "$NEW_HASH" = "$CURRENT_HASH" ]; then
 else
    printf "\nHashes don't match - update needed.\n"
    printf "Current List: $CURRENT_LIST\nNew List: $NEW_LIST_JSON\n"
-    {%- if GLOBALS.pipeline == "KAFKA" %}
+    {%- if GLOBALS.pipeline == "KAFKA" and 'gmd' in salt['pillar.get']('features', []) %}
    update_kafka_outputs
    {%- else %}
    update_logstash_outputs
--- a/salt/kafka/disabled.sls
+++ b/salt/kafka/disabled.sls
@@ -14,3 +14,11 @@ so-kafka_so-status.disabled:
  file.comment:
    - name: /opt/so/conf/so-status/so-status.conf
    - regex: ^so-kafka$
+
+{% if grains.role in ['so-manager','so-managersearch','so-standalone'] %}
+ensure_default_pipeline:
+  cmd.run:
+    - name: |
+        /usr/sbin/so-yaml.py replace /opt/so/saltstack/local/pillar/kafka/soc_kafka.sls kafka.enabled False;
+        /usr/sbin/so-yaml.py replace /opt/so/saltstack/local/pillar/global/soc_global.sls global.pipeline REDIS
+{% endif %}
--- a/salt/kafka/elasticfleet.sls
+++ b/salt/kafka/elasticfleet.sls
@@ -4,6 +4,8 @@
 # Elastic License 2.0.

 {%   from 'vars/globals.map.jinja' import GLOBALS %}
+include:
+  - elasticfleet.enabled

 {# Create Kafka output policy if it doesn't exist #}
 update_kafka_output_policy_script:
--- a/salt/kafka/enabled.sls
+++ b/salt/kafka/enabled.sls
@@ -2,12 +2,19 @@
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
+#
+# Note: Per the Elastic License 2.0, the second limitation states:
+#
+#   "You may not move, change, disable, or circumvent the license key functionality
+#    in the software, and you may not remove or obscure any functionality in the
+#    software that is protected by the license key."

 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls.split('.')[0] in allowed_states %}
 {%   from 'vars/globals.map.jinja' import GLOBALS %}
 {%   from 'docker/docker.map.jinja' import DOCKER %}
 {%   set KAFKANODES = salt['pillar.get']('kafka:nodes') %}
+{%   if 'gmd' in salt['pillar.get']('features', []) %}

 include:
  - elasticsearch.ca
@@ -61,6 +68,19 @@ delete_so-kafka_so-status.disabled:

 {%   else %}

+{{sls}}_no_license_detected:
+  test.fail_without_changes:
+    - name: {{sls}}_no_license_detected
+    - comment:
+      - "Kafka for Guaranteed Message Delivery is a feature supported only for customers with a valid license.
+      Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com
+      for more information about purchasing a license to enable this feature."
+include:
+  - kafka.disabled
+{%   endif %}
+
+{% else %}
+
 {{sls}}_state_not_allowed:
  test.fail_without_changes:
    - name: {{sls}}_state_not_allowed
--- a/salt/kafka/init.sls
+++ b/salt/kafka/init.sls
@@ -2,6 +2,12 @@
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
+#
+# Note: Per the Elastic License 2.0, the second limitation states:
+#
+#   "You may not move, change, disable, or circumvent the license key functionality
+#    in the software, and you may not remove or obscure any functionality in the
+#    software that is protected by the license key."

 {% from 'kafka/map.jinja' import KAFKAMERGED %}
 {% from 'vars/globals.map.jinja' import GLOBALS %}