saltstack-formulas/firewalld-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: do not error on unknown os_family grain

Browse Source 
If the formula was ran on a system that reported an os_family that
wasn't one of "Debian", "RedHat", "Arch", "Suse" then the map.jinja
template would fail to render with "'NoneType' is not iterable.

This occurs because grains.filter_by will return None when it fails
match the grain to the input dictionary. The value is then blindly
passed into a dict.update() which causes the failure.

In this patch we ensure that the default values, as defined in
defaults.yaml, are always applied when grain matching fails.
This commit is contained in:
Steven Daniele 2020-04-09 10:52:33 -04:00 committed by Imran Iqbal
parent 80587f9671
commit 94d2b0b97c
No known key found for this signature in database
GPG Key ID: 6D8629439D2B7819
3 changed files with 34 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
firewalld/defaults.yaml
View File

@ -1,18 +1,19 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
firewalld:
enabled: true
package: firewalld
service: firewalld
config: /etc/firewalld.conf
default:
firewalld:
enabled: true
package: firewalld
service: firewalld
config: /etc/firewalld.conf
ipset:
manage: false
pkg: ipset
ipset:
manage: false
pkg: ipset
backend:
manage: false
pkg: nftables
backend:
manage: false
pkg: nftables
ipsets: {}
ipsets: {}

23
firewalld/map.jinja
View File

@ -3,25 +3,18 @@
{#- Start with defaults from defaults.yaml #}
{% import_yaml "firewalld/defaults.yaml" as default_settings %}
{% import_yaml "firewalld/osfamilymap.yaml" as osfamilymap %}
{#-
Setup variable using grains['os_family'] based logic, only add key:values here
that differ from whats in defaults.yaml
#}
{% set os_family_map = salt['grains.filter_by']({
'Debian': {},
'RedHat': {},
'Arch': {},
'Suse': {},
}, grain='os_family', merge=salt['pillar.get']('firewalld:lookup'))
%}
{#- Merge the flavor_map to the default settings #}
{% do default_settings.firewalld.update(os_family_map) %}
{% set platform_defaults = salt['grains.filter_by'](default_settings,
default='default',
merge=salt['grains.filter_by'](osfamilymap, grain='os_family',
merge=salt['pillar.get']('firewalld:lookup')
)
) %}
{#- Merge in salt:lookup pillar #}
{% set firewalld = salt['pillar.get'](
'firewalld',
default=default_settings.firewalld,
default=platform_defaults.firewalld,
merge=True)
%}

13
firewalld/osfamilymap.yaml Normal file
View File

@ -0,0 +1,13 @@
# -*- coding: utf-8 -*-
# # vim: ft=yaml
# os_family defaults
# only add key:values here that differ from whats in defaults.yaml
---
Debian:
firewalld: {}
RedHat:
firewalld: {}
Arch:
firewalld: {}
Suse:
firewalld: {}