fix(_mapdata): ensure map data is directly under values

firewalld/_mapdata/init.sls

@@ -6,9 +6,7 @@
 {%- from tplroot ~ "/map.jinja" import firewalld with context %}
 
 {%- set _mapdata = {
-      "values": {
-        "firewalld": firewalld,
-      }
+      "values": firewalld,
     } %}
 {%- do salt["log.debug"]("### MAP.JINJA DUMP ###\n" ~ _mapdata | yaml(False)) %}
 

test/integration/default/files/_mapdata/amazonlinux-1.yaml

@@ -2,160 +2,159 @@
 # Amazon Linux AMI-2018
 ---
 values:
-  firewalld:
-    AllowZoneDrifting: 'no'
-    AutomaticHelpers: system
-    FirewallBackend: nftables
-    FlushAllOnReload: 'yes'
-    IndividualCalls: 'no'
-    LogDenied: 'off'
-    RFC3964_IPv4: 'yes'
-    arch: amd64
-    backend:
-      manage: true
-      pkg: nftables
-    config: /etc/firewalld.conf
-    default_zone: public
-    direct:
-      chain:
-        MYCHAIN:
-          ipv: ipv4
-          table: raw
-      passthrough:
-        MYPASSTHROUGH:
-          args: -t raw -A MYCHAIN -j DROP
-          ipv: ipv4
-      rule:
-        INTERNETACCESS:
-          args: -i iintern -o iextern -s 192.168.1.0/24 -m conntrack --ctstate NEW,RELATED,ESTABLISHED
-            -j ACCEPT
-          chain: FORWARD
-          ipv: ipv4
-          priority: '0'
-          table: filter
-    enabled: true
-    ipset:
-      manage: true
-      pkg: ipset
-    ipsets:
-      fail2ban-ssh:
-        description: fail2ban-ssh ipset
-        entries:
-        - 10.0.0.1
-        options:
-          hashsize:
-          - 1024
-          maxelem:
-          - 65536
-          timeout:
-          - 300
-        short: fail2ban-ssh
-        type: hash:ip
-      fail2ban-ssh-ipv6:
-        description: fail2ban-ssh-ipv6 ipset
-        entries:
-        - 2a01::1
-        options:
-          family:
-          - inet6
-          hashsize:
-          - 1024
-          maxelem:
-          - 65536
-          timeout:
-          - 300
-        short: fail2ban-ssh-ipv6
-        type: hash:ip
-    package: firewalld
-    service: firewalld
-    services:
-      salt-minion:
-        description: salt-minion
-        ports:
-          tcp:
-          - '8000'
-        short: salt-minion
-      sshcustom:
-        description: SSH on port 3232 and 5252. Secure Shell (SSH) is a protocol for
-          logging into and executing commands on remote machines. It provides secure
-          encrypted communications. If you plan on accessing your machine remotely
-          via SSH over a firewalled interface, enable this option. You need the openssh-server
-          package installed for this option to be useful.
-        destinations:
-          ipv4:
-          - 224.0.0.251
-          - 224.0.0.252
-          ipv6:
-          - ff02::fb
-          - ff02::fc
-        modules:
-        - some_module_to_load
-        ports:
-          tcp:
-          - 3232
-          - 5252
-        protocols:
-        - igmp
-        short: sshcustom
-        source_ports:
-          tcp:
-          - 21
-      zabbixcustom:
-        description: zabbix custom rule
-        ports:
-          tcp:
-          - '10051'
-        short: Zabbixcustom
-    zones:
-      public:
-        description: For use in public areas. You do not trust the other computers
-          on networks to not harm your computer. Only selected incoming connections
-          are accepted.
-        other_services:
-        - zabbixcustom
-        ports:
-        - comment: zabbix-agent
-          port: 10050
-          protocol: tcp
-        - comment: bacula-client
-          port: 9102
-          protocol: tcp
-        - comment: vsftpd
-          port: 21
-          protocol: tcp
-        protocols:
-        - igmp
-        rich_rules:
-        - accept: true
-          family: ipv4
-          source:
-            address: 8.8.8.8/24
-        - family: ipv4
-          ipset:
-            name: fail2ban-ssh
-          reject:
-            type: icmp-port-unreachable
-        services:
-        - http
-        - https
-        - ssh
-        - salt-minion
-        short: Public
-        source_ports:
-        - comment: something
-          port: 2222
-          protocol: tcp
-        - comment: something_else
-          port: 4444
-          protocol: tcp
-      rich_public:
-        description: Example
-        rich_rules:
-          ssh-csg:
-            accept: true
-            ipsets:
-            - fail2ban-ssh
-            - other-ipset
-            services:
-            - ssh
-        short: rich_public
+  AllowZoneDrifting: 'no'
+  AutomaticHelpers: system
+  FirewallBackend: nftables
+  FlushAllOnReload: 'yes'
+  IndividualCalls: 'no'
+  LogDenied: 'off'
+  RFC3964_IPv4: 'yes'
+  arch: amd64
+  backend:
+    manage: true
+    pkg: nftables
+  config: /etc/firewalld.conf
+  default_zone: public
+  direct:
+    chain:
+      MYCHAIN:
+        ipv: ipv4
+        table: raw
+    passthrough:
+      MYPASSTHROUGH:
+        args: -t raw -A MYCHAIN -j DROP
+        ipv: ipv4
+    rule:
+      INTERNETACCESS:
+        args: -i iintern -o iextern -s 192.168.1.0/24 -m conntrack --ctstate NEW,RELATED,ESTABLISHED
+          -j ACCEPT
+        chain: FORWARD
+        ipv: ipv4
+        priority: '0'
+        table: filter
+  enabled: true
+  ipset:
+    manage: true
+    pkg: ipset
+  ipsets:
+    fail2ban-ssh:
+      description: fail2ban-ssh ipset
+      entries:
+      - 10.0.0.1
+      options:
+        hashsize:
+        - 1024
+        maxelem:
+        - 65536
+        timeout:
+        - 300
+      short: fail2ban-ssh
+      type: hash:ip
+    fail2ban-ssh-ipv6:
+      description: fail2ban-ssh-ipv6 ipset
+      entries:
+      - 2a01::1
+      options:
+        family:
+        - inet6
+        hashsize:
+        - 1024
+        maxelem:
+        - 65536
+        timeout:
+        - 300
+      short: fail2ban-ssh-ipv6
+      type: hash:ip
+  package: firewalld
+  service: firewalld
+  services:
+    salt-minion:
+      description: salt-minion
+      ports:
+        tcp:
+        - '8000'
+      short: salt-minion
+    sshcustom:
+      description: SSH on port 3232 and 5252. Secure Shell (SSH) is a protocol for
+        logging into and executing commands on remote machines. It provides secure
+        encrypted communications. If you plan on accessing your machine remotely
+        via SSH over a firewalled interface, enable this option. You need the openssh-server
+        package installed for this option to be useful.
+      destinations:
+        ipv4:
+        - 224.0.0.251
+        - 224.0.0.252
+        ipv6:
+        - ff02::fb
+        - ff02::fc
+      modules:
+      - some_module_to_load
+      ports:
+        tcp:
+        - 3232
+        - 5252
+      protocols:
+      - igmp
+      short: sshcustom
+      source_ports:
+        tcp:
+        - 21
+    zabbixcustom:
+      description: zabbix custom rule
+      ports:
+        tcp:
+        - '10051'
+      short: Zabbixcustom
+  zones:
+    public:
+      description: For use in public areas. You do not trust the other computers
+        on networks to not harm your computer. Only selected incoming connections
+        are accepted.
+      other_services:
+      - zabbixcustom
+      ports:
+      - comment: zabbix-agent
+        port: 10050
+        protocol: tcp
+      - comment: bacula-client
+        port: 9102
+        protocol: tcp
+      - comment: vsftpd
+        port: 21
+        protocol: tcp
+      protocols:
+      - igmp
+      rich_rules:
+      - accept: true
+        family: ipv4
+        source:
+          address: 8.8.8.8/24
+      - family: ipv4
+        ipset:
+          name: fail2ban-ssh
+        reject:
+          type: icmp-port-unreachable
+      services:
+      - http
+      - https
+      - ssh
+      - salt-minion
+      short: Public
+      source_ports:
+      - comment: something
+        port: 2222
+        protocol: tcp
+      - comment: something_else
+        port: 4444
+        protocol: tcp
+    rich_public:
+      description: Example
+      rich_rules:
+        ssh-csg:
+          accept: true
+          ipsets:
+          - fail2ban-ssh
+          - other-ipset
+          services:
+          - ssh
+      short: rich_public