Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / iptables / refs/heads/release/2019.101.1^! / .
commitc60cebc2e56a93543ed8cf7ca6b3605a9ae9975c[log] [tgz]
authorDmitry Teselkin <dteselkin@mirantis.com>Wed Nov 21 13:42:36 2018 +0300
committerDmitry Teselkin <dteselkin@mirantis.com>Wed Nov 21 14:22:42 2018 +0300
tree39939e977e3c7d0a996a901f07f675efcdb86127
parent6be73f6522266f19b779bb37cae2f22fb5ad4716 [diff]
Sort rules numerically

Each iptable rule defined in reclass has its own numeric rule ID.
These rule IDs are used later when iptables rules in plain text
are generated.

Unfortunately, it turned out that these rule IDs are stored as
string values internally, so we've got wrong ordering when doing
sort / dictsort.

This commit casts keys to numeric, creating a copy of input dict.

Related-Prod: PROD-25163

Change-Id: I4d9d726c1ae6588e7be2aac3fad0de64f5dc2d9c

diff --git a/iptables/macro.jinja b/iptables/macro.jinja
new file mode 100644
index 0000000..a821e23
--- /dev/null
+++ b/iptables/macro.jinja

@@ -0,0 +1,6 @@
+{%- macro cast_dict_keys(output, input) %}
+  {%- for key, value in input.items() %}
+    {%- set int_key = key | int %}
+    {%- do output.update({int_key: value}) %}
+  {%- endfor %}
+{%- endmacro %}

diff --git a/iptables/v1/files/v4_rules b/iptables/v1/files/v4_rules
index e34b09f..cb4b266 100644
--- a/iptables/v1/files/v4_rules
+++ b/iptables/v1/files/v4_rules

@@ -1,4 +1,5 @@
 {%- from "iptables/map.jinja" import defaults,service,tables with context %}
+{%- from "iptables/macro.jinja" import cast_dict_keys %}
 {%- if service.v4.enabled -%}
 # Generated by salt v{{ grains['saltversion'] }}
 {%- if not defaults.v4.metadata_rules %}
@@ -51,7 +52,9 @@
 :{{ c_name }} {{ policy }}
   {%- endfor %}
   {%- for c_name, c in t.chains.items() %}
-    {%- for rule_id, r in c.get('ruleset', {}).items()|sort %}
+    {%- set ruleset = {} %}
+    {{- cast_dict_keys(ruleset, c.get('ruleset', {})) }}
+    {%- for rule_id, r in ruleset|dictsort %}
       {%- set rule = r.get('rule', defaults.v4.ruleset.rule) %}
       {%- set action = r.get('action', defaults.v4.ruleset.action) %}
       {%- set params = r.get('params', defaults.v4.ruleset.params) %}

diff --git a/iptables/v1/files/v6_rules b/iptables/v1/files/v6_rules
index 7ba8c73..d07aa6a 100644
--- a/iptables/v1/files/v6_rules
+++ b/iptables/v1/files/v6_rules

@@ -1,4 +1,5 @@
 {%- from "iptables/map.jinja" import defaults,service,tables with context %}
+{%- from "iptables/macro.jinja" import cast_dict_keys %}
 {%- if service.v6.enabled -%}
 # Generated by salt v{{ grains['saltversion'] }}
 {%- if not defaults.v6.metadata_rules %}
@@ -51,7 +52,9 @@
 :{{ c_name }} {{ policy }}
   {%- endfor %}
   {%- for c_name, c in t.chains.items() %}
-    {%- for rule_id, r in c.get('ruleset', {}).items()|sort %}
+    {%- set ruleset = {} %}
+    {{- cast_dict_keys(ruleset, c.get('ruleset', {})) }}
+    {%- for rule_id, r in ruleset|dictsort %}
       {%- set rule = r.get('rule', defaults.v6.ruleset.rule) %}
       {%- set action = r.get('action', defaults.v6.ruleset.action) %}
       {%- set params = r.get('params', defaults.v6.ruleset.params) %}