CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 10:42:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
c73cd78f0819b7e3b2001c110fb6be1ff379b616
securityonion/salt/firewall/map.jinja
Josh Patterson 5e32e333c4 remove minion hg
2022-09-23 08:37:59 -04:00

75 lines
3.4 KiB
Django/Jinja
Raw Blame History

{% set role = grains.id.split('_') | last %}
{% set translated_pillar_assigned_hostgroups = {} %}
{% import_yaml 'firewall/ports/ports.yaml' as default_portgroups %}
{% set default_portgroups = default_portgroups.firewall.ports %}
{% import_yaml 'firewall/portgroups.local.yaml' as local_portgroups %}
{% if local_portgroups.firewall.ports %}
{% set local_portgroups = local_portgroups.firewall.ports %}
{% else %}
{% set local_portgroups = {} %}
{% endif %}
{% set portgroups = salt['defaults.merge'](default_portgroups, local_portgroups, in_place=False) %}
{% set defined_portgroups = portgroups %}
{% import_yaml 'firewall/hostgroups.yaml' as default_hostgroups %}
{#% import_yaml 'firewall/hostgroups.local.yaml' as local_hostgroups %#}
{% set local_hostgroups = {'firewall': {'hostgroups': {}}} %}
{% set hostgroup_list = [
'analyst',
'analyst_workstations',
'eval',
'heavynodes',
'idh',
'manager',
'receivers',
'searchnodes',
'sensors',
'standalone',
'beats_endpoint',
'beats_endpoint_ssl',
'elasticsearch_rest',
'elastic_agent_endpoint',
'endgame',
'strelka_frontend',
'syslog'
]
%}
{% for hg in hostgroup_list %}
{% import_text 'firewall/hostgroups/' ~ hg as hg_ips %}
{% do local_hostgroups.firewall.hostgroups.update({hg: {'ips': {'insert': hg_ips.split(), 'delete': []}}}) %}
{% endfor %}
{% set hostgroups = salt['defaults.merge'](default_hostgroups.firewall.hostgroups, local_hostgroups.firewall.hostgroups, in_place=False) %}
{# This block translate the portgroups defined in the pillar to what is defined my portgroups.yaml and portgroups.local.yaml #}
{% if salt['pillar.get']('firewall:assigned_hostgroups:chain') %}
{% set translated_pillar_assigned_hostgroups = {'chain': {}} %}
{% for chain, hg in salt['pillar.get']('firewall:assigned_hostgroups:chain').items() %}
{% for pillar_hostgroup, pillar_portgroups in salt['pillar.get']('firewall:assigned_hostgroups:chain')[chain].hostgroups.items() %}
{% if translated_pillar_assigned_hostgroups.chain[chain] is defined %}
{% do translated_pillar_assigned_hostgroups.chain[chain].hostgroups.update({pillar_hostgroup: {"portgroups": []}}) %}
{% else %}
{% do translated_pillar_assigned_hostgroups.chain.update({chain: {"hostgroups": {pillar_hostgroup: {"portgroups": []}}}}) %}
{% endif %}
{% for pillar_portgroup in pillar_portgroups.portgroups %}
{% set pillar_portgroup = pillar_portgroup.split('.') | last %}
{% do translated_pillar_assigned_hostgroups.chain[chain].hostgroups[pillar_hostgroup].portgroups.append(defined_portgroups[pillar_portgroup]) %}
{% endfor %}
{% endfor %}
{% endfor %}
{% endif %}
{% import_yaml 'firewall/assigned_hostgroups.map.yaml' as default_assigned_hostgroups %}
{% import_yaml 'firewall/assigned_hostgroups.local.map.yaml' as local_assigned_hostgroups %}
{% if local_assigned_hostgroups.role.get(role, False) %}
{% set assigned_hostgroups = salt['defaults.merge'](local_assigned_hostgroups.role[role], default_assigned_hostgroups.role[role], merge_lists=False, in_place=False) %}
{% else %}
{% set assigned_hostgroups = default_assigned_hostgroups.role[role] %}
{% endif %}
{% if translated_pillar_assigned_hostgroups %}
{% do salt['defaults.merge'](assigned_hostgroups, translated_pillar_assigned_hostgroups, merge_lists=True, in_place=True) %}
{% endif %}
Reference in New Issue View Git Blame Copy Permalink