From bd4f0146d48862dd8408a4cc7fe38ab7c6cb8757 Mon Sep 17 00:00:00 2001
From: poloz <polozfr@laposte.net>
Date: Thu, 4 Aug 2022 13:22:39 +0200
Subject: [PATCH] Add possibility to use system CA

---
 manifests/dashboard.pp            | 1 +
 manifests/filebeat_oss.pp         | 1 +
 templates/filebeat_oss_yml.erb    | 2 ++
 templates/wazuh_dashboard_yml.erb | 2 ++
 4 files changed, 6 insertions(+)

diff --git a/manifests/dashboard.pp b/manifests/dashboard.pp
index 89d46fe45..15637cd6f 100644
--- a/manifests/dashboard.pp
+++ b/manifests/dashboard.pp
@@ -26,6 +26,7 @@
   ],
 
   $manage_certs = true,
+  $use_system_ca = false,
 ) {
   # assign version according to the package manager
   case $facts['os']['family'] {
diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp
index a7d8ef1a3..f68edaee1 100644
--- a/manifests/filebeat_oss.pp
+++ b/manifests/filebeat_oss.pp
@@ -19,6 +19,7 @@
   $filebeat_path_certs = '/etc/filebeat/certs',
 
   $manage_certs = true,
+  $use_system_ca = false,
 ) {
   include wazuh::repo_elastic_oss
 
diff --git a/templates/filebeat_oss_yml.erb b/templates/filebeat_oss_yml.erb
index e904e3545..45f028bd8 100644
--- a/templates/filebeat_oss_yml.erb
+++ b/templates/filebeat_oss_yml.erb
@@ -17,8 +17,10 @@ output.elasticsearch:
   username: <%= @filebeat_oss_elastic_user %>
   password: <%= @filebeat_oss_elastic_password %>
   protocol: https
+<% if not @use_system_ca -%>
   ssl.certificate_authorities:
     - /etc/filebeat/certs/root-ca.pem
+<% end -%>
   ssl.certificate: "/etc/filebeat/certs/filebeat.pem"
   ssl.key: "/etc/filebeat/certs/filebeat-key.pem"
 
diff --git a/templates/wazuh_dashboard_yml.erb b/templates/wazuh_dashboard_yml.erb
index 387b2836a..e65085db1 100644
--- a/templates/wazuh_dashboard_yml.erb
+++ b/templates/wazuh_dashboard_yml.erb
@@ -12,6 +12,8 @@ opensearch_security.readonly_mode.roles: ["kibana_read_only"]
 server.ssl.enabled: true
 server.ssl.key: "<%= @dashboard_path_certs %>/dashboard-key.pem"
 server.ssl.certificate: "<%= @dashboard_path_certs %>/dashboard.pem"
+<% if not @use_system_ca -%>
 opensearch.ssl.certificateAuthorities: ["<%= @dashboard_path_certs %>/root-ca.pem"]
+<% end -%>
 uiSettings.overrides.defaultRoute: /app/wazuh