We are actually happily using this formula, but we are facing a new need, to dynamically generate a parameter with the salt mine.
If we want to maintain firewall of S to only open port P, we could use a pillar like this
shorewall:
rules:
NEW:
- action: ACCEPT
- source $S_CLIENTS
- dest: $FW
- proto: tcp
- destport: P
shorewall:
params:
- key: S_CLIENTS
value: 10.10.10.1,10.10.10.2,10.10.10.3
The only solution I see, would be to let shorewall:params manage (in addition to actual static values) mine queries. Something like what mysql-formula already implements. New pillar could look like
shorewall:
params:
- key: S_CLIENTS
mine:
target: I@UseService
function: <mine function to retrieve public IP>
expr_form: compound
I already have some code to implement this idea (which still needs work before any PR), but I would like to know what users think about this idea.