From fdfca469cc823ccff1c0a1f9658a12d9a920a202 Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Thu, 23 Apr 2026 09:53:07 -0500
Subject: [PATCH] prevent non-manager nodes from running elasticsearch.cluster
 state manually

---
 salt/allowed_states.map.jinja  | 1 +
 salt/elasticsearch/cluster.sls | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja
index ad9b28b28..3a6aa2f6a 100644
--- a/salt/allowed_states.map.jinja
+++ b/salt/allowed_states.map.jinja
@@ -34,6 +34,7 @@
     'hydra',
     'elasticfleet',
     'elasticfleet.manager',
+    'elasticsearch.cluster',
     'elastic-fleet-package-registry',
     'utility'
 ] %}
diff --git a/salt/elasticsearch/cluster.sls b/salt/elasticsearch/cluster.sls
index 7a8a6675c..e25aed36a 100644
--- a/salt/elasticsearch/cluster.sls
+++ b/salt/elasticsearch/cluster.sls
@@ -4,7 +4,7 @@
 # Elastic License 2.0.
 
 {% from 'allowed_states.map.jinja' import allowed_states %}
-{% if sls.split('.')[0] in allowed_states %}
+{% if sls in allowed_states %}
 {%   from 'vars/globals.map.jinja' import GLOBALS %}
 {%   from 'elasticsearch/config.map.jinja' import ELASTICSEARCHMERGED %}
 {%   from 'elasticsearch/template.map.jinja' import ES_INDEX_SETTINGS, SO_MANAGED_INDICES %}