Hello,

We are actually happily using this formula, but we are facing a new need, to dynamically generate a parameter with the salt mine.

Our situation looks like:

• a server S which provides a service on port P
• a bunch of 'client' servers C, they need to access the service on S
• C are tagged/identified/configured with a pillar UseService: True

If we want to maintain firewall of S to only open port P, we could use a pillar like this

shorewall:
  rules:
    NEW:
      - action: ACCEPT
      - source $S_CLIENTS
      - dest: $FW
      - proto: tcp
      - destport: P

But the param S_CLIENTS can only be specified statically with

shorewall:
  params:
    - key: S_CLIENTS
      value: 10.10.10.1,10.10.10.2,10.10.10.3

The only solution I see, would be to let shorewall:params manage (in addition to actual static values) mine queries. Something like what mysql-formula already implements. New pillar could look like

shorewall:
  params:
    - key: S_CLIENTS
      mine: 
        target: I@UseService
        function: <mine function to retrieve public IP>
        expr_form: compound

I already have some code to implement this idea (which still needs work before any PR), but I would like to know what users think about this idea.

Hi,
this looks to be really interesting.

Have you already a proof on concept?
If you want help/reviews/opinions just write me about it!

@Sjd-Risca my code is here https://github.com/daks/shorewall-formula/tree/dynamic-params.

I think that the only thing missing is the possibility to specify what you want to do with the data retrieved from the salt mine. E.g in my code https://github.com/daks/shorewall-formula/blob/dynamic-params/shorewall/files/params.jinja#L46

{{ result[0] }}{%- if not loop.last -%}{{','}}{%- endif -%}

but I'm not sure there could not be other requests which results needs a different processing.

code has been merged