fix: do not error on unknown os_family grain

If the formula was ran on a system that reported an os_family that wasn't one of "Debian", "RedHat", "Arch", "Suse" then the map.jinja template would fail to render with "'NoneType' is not iterable. This occurs because grains.filter_by will return None when it fails match the grain to the input dictionary. The value is then blindly passed into a dict.update() which causes the failure. In this patch we ensure that the default values, as defined in defaults.yaml, are always applied when grain matching fails.
saltstack-formulas · Apr 18, 2020 · 94d2b0b · 94d2b0b
1 parent 80587f9
commit 94d2b0b
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 27 deletions.
diff --git a/firewalld/defaults.yaml b/firewalld/defaults.yaml
@@ -1,18 +1,19 @@
 # -*- coding: utf-8 -*-
 # vim: ft=yaml
 ---
-firewalld:
-  enabled: true
-  package: firewalld
-  service: firewalld
-  config: /etc/firewalld.conf
+default:
+  firewalld:
+    enabled: true
+    package: firewalld
+    service: firewalld
+    config: /etc/firewalld.conf
 
-  ipset:
-    manage: false
-    pkg: ipset
+    ipset:
+      manage: false
+      pkg: ipset
 
-  backend:
-    manage: false
-    pkg: nftables
+    backend:
+      manage: false
+      pkg: nftables
 
-  ipsets: {}
+    ipsets: {}
diff --git a/firewalld/map.jinja b/firewalld/map.jinja
@@ -3,25 +3,18 @@
 
 {#- Start with  defaults from defaults.yaml #}
 {% import_yaml "firewalld/defaults.yaml" as default_settings %}
+{% import_yaml "firewalld/osfamilymap.yaml" as osfamilymap %}
 
-{#-
-Setup variable using grains['os_family'] based logic, only add key:values here
-that differ from whats in defaults.yaml
-#}
-{% set os_family_map = salt['grains.filter_by']({
-    'Debian': {},
-    'RedHat': {},
-    'Arch': {},
-    'Suse': {},
-  }, grain='os_family', merge=salt['pillar.get']('firewalld:lookup'))
-%}
-
-{#- Merge the flavor_map to the default settings #}
-{% do default_settings.firewalld.update(os_family_map) %}
+{% set platform_defaults = salt['grains.filter_by'](default_settings,
+    default='default',
+    merge=salt['grains.filter_by'](osfamilymap, grain='os_family',
+      merge=salt['pillar.get']('firewalld:lookup')
+    )
+) %}
 
 {#- Merge in salt:lookup pillar #}
 {% set firewalld = salt['pillar.get'](
     'firewalld',
-    default=default_settings.firewalld,
+    default=platform_defaults.firewalld,
     merge=True)
 %}
diff --git a/firewalld/osfamilymap.yaml b/firewalld/osfamilymap.yaml
@@ -0,0 +1,13 @@
+# -*- coding: utf-8 -*-
+# # vim: ft=yaml
+# os_family defaults
+# only add key:values here that differ from whats in defaults.yaml
+---
+Debian:
+  firewalld: {}
+RedHat:
+  firewalld: {}
+Arch:
+  firewalld: {}
+Suse:
+  firewalld: {}