Merge "Optimize kitchen tests for Travis CI"

commit: d2b9d4165e25ab4c2fbb792eaa7085d195af00d2 [log] [tgz]
author: Petr Michalec <pmichalec@mirantis.com> Wed Jan 10 09:39:59 2018 +0000
committer: Gerrit Code Review <gerrit2@e9aa877068d1> Wed Jan 10 09:39:59 2018 +0000
tree: 62db7f5d77ab9c424e30969b0df6a690b1a6195a
parent: 8227efbf22953d97bade349d6f41416580f4f97e [diff]
parent: 9c7f9752823831539fade8b928beff94f4cc37f8 [diff]
diff --git a/README.rst b/README.rst
index 7fbd803..c0a25af 100644
--- a/README.rst
+++ b/README.rst

@@ -90,6 +90,30 @@
                   jump: ACCEPT
                   comment: Blah
 
+Support logging with custom prefix and log level
+
+.. code-block:: yaml
+
+    parameters:
+      iptables:
+        service:
+          chain:
+            POSTROUTING:
+              rules:
+                - table: nat
+                  protocol: tcp
+                  match: multiport
+                  destination_ports:
+                    - 21
+                    - 80
+                    - 443
+                    - 2220
+                  source_network: '10.20.30.0/24'
+                  log_level: 7
+                  log_prefix: 'iptables-logging: '
+                  jump: LOG
+
+
 IPv6 is supported as well
 
 .. code-block:: yaml

diff --git a/iptables/_rule.sls b/iptables/_rule.sls
index b08fbb0..3fea39c 100644
--- a/iptables/_rule.sls
+++ b/iptables/_rule.sls

@@ -32,6 +32,12 @@
   {%- if rule.destination_port is defined %}
   - dport: {{ rule.destination_port }}
   {%- endif %}
+  {%- if rule.destination_ports is defined %}
+  - dports:
+  {%- for port in rule.destination_ports %}
+    - {{ port }}
+  {% endfor %}
+  {%- endif %}
   {%- if rule.source_port is defined %}
   - sport: {{ rule.source_port }}
   {%- endif %}
@@ -56,6 +62,15 @@
   {%-  if rule.destination_network is defined %}
   - destination: {{ rule.destination_network }}
   {%- endif %}
+  {%-  if rule.log_prefix is defined %}
+  - log-prefix: '{{ rule.log_prefix }}'
+  {%- endif %}
+  {%-  if rule.log_level is defined %}
+  - log-level: {{ rule.log_level }}
+  {%- endif %}
+  {%-  if rule.limit is defined %}
+  - limit: '{{ rule.limit }}'
+  {%- endif %}
   {%- if chain.policy is defined %}
   - require_in:
     - iptables: iptables_{{ chain_name }}_policy

diff --git a/iptables/rules.sls b/iptables/rules.sls
index 4e9e6e2..54fbbc4 100644
--- a/iptables/rules.sls
+++ b/iptables/rules.sls

@@ -48,6 +48,7 @@
 {%- endif %}
 
 {%- for service_name, service in pillar.items() %}
+{%- if service is mapping %}
 {%- if service.get('_support', {}).get('iptables', {}).get('enabled', False) %}
 
 {%- set grains_fragment_file = service_name+'/meta/iptables.yml' %}
@@ -60,6 +61,7 @@
 {%- endfor %}
 
 {%- endif %}
+{%- endif %}
 {%- endfor %}
 
 {%- for rule in chain.get('rules', []) %}

diff --git a/tests/run_tests.sh b/tests/run_tests.sh
index 29fb975..4ee4e0f 100755
--- a/tests/run_tests.sh
+++ b/tests/run_tests.sh

@@ -124,7 +124,7 @@
 }
 
 salt_run() {
-    [ -e ${VEN_DIR}/bin/activate ] && source ${VENV_DIR}/bin/activate
+    [ -e ${VENV_DIR}/bin/activate ] && source ${VENV_DIR}/bin/activate
     salt-call ${SALT_OPTS} $*
 }
commit	d2b9d4165e25ab4c2fbb792eaa7085d195af00d2	[log] [tgz]
author	Petr Michalec <pmichalec@mirantis.com>	Wed Jan 10 09:39:59 2018 +0000
committer	Gerrit Code Review <gerrit2@e9aa877068d1>	Wed Jan 10 09:39:59 2018 +0000
tree	62db7f5d77ab9c424e30969b0df6a690b1a6195a
parent	8227efbf22953d97bade349d6f41416580f4f97e [diff]
parent	9c7f9752823831539fade8b928beff94f4cc37f8 [diff]