improvements to formula with defaults.yaml

firewalld/_config.sls

-# == State: firewalld._config
-#
-# This state configures firewalld.
-#
-
-/etc/firewalld/:
-  file.directory:            # make sure this is a directory
-    - user: root
-    - group: root
-    - mode: 750
-    - require:
-      - pkg: firewalld       # make sure package is installed
-    - watch_in:
-      - service: firewalld   # restart service
-
-/etc/firewalld/firewalld.conf:
-  file:
-    - managed
-    - name: /etc/firewalld/firewalld.conf
-    - user: root
-    - group: root
-    - mode: 640
-    - source: salt://firewalld/files/firewalld.conf
-    - template: jinja
-    - require:
-      - pkg: firewalld       # make sure package is installed
-    - watch_in: 
-      - service: firewalld   # restart service
-

firewalld/config.sls

+# == State: firewalld._config
+#
+# This state configures firewalld.
+#
+{% from "firewalld/map.jinja" import firewalld with context %}
+
+directory_firewalld:
+  file.directory:            # make sure this is a directory
+    - name: /etc/firewalld
+    - user: root
+    - group: root
+    - mode: 750
+    - require:
+      - pkg: package_firewalld # make sure package is installed
+    - listen_in:
+      - service: service_firewalld # restart service
+
+config_firewalld:
+  file.managed:
+    - name: /etc/firewalld/firewalld.conf
+    - user: root
+    - group: root
+    - mode: 640
+    - source: salt://firewalld/files/firewalld.conf
+    - template: jinja
+    - require:
+      - pkg: package_firewalld # make sure package is installed
+      - file: directory_firewalld
+    - listen_in: 
+      - service: service_firewalld # restart service
+

firewalld/defaults.yaml

+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+firewalld:
+  package: firewalld
+  service: firewalld
+  config: /etc/firewalld.conf

firewalld/init.sls

 #
 # This state installs/runs firewalld.
 #
-
+{% from "firewalld/map.jinja" import firewalld with context %}
 
 {% if salt['pillar.get']('firewalld:enabled') %}
 include:
-  - firewalld._config
-  - firewalld._service
-  - firewalld._zone
+  - firewalld.config
+  - firewalld.services
+  - firewalld.zones
 
 # iptables service that comes with rhel/centos
 iptables:
-  service:
-    - disabled
+  service.disabled:
     - enable: False
     
 ip6tables:
-  service:
-    - disabled
+  service.disabled:
     - enable: False
 
-firewalld:
-  pkg:
-    - installed
-  service:
-    - running              # ensure it's running
+package_firewalld:
+  pkg.installed:
+    - name: {{ firewalld.package }}
+
+service_firewalld:
+  service.running:
+    - name: {{ firewalld.service }}
     - enable: True         # start on boot
     - require:
-      - pkg: firewalld
-      - file: /etc/firewalld/firewalld.conf # require this file
-      - service: iptables         # ensure it's stopped
-      - service: ip6tables        # ensure it's stopped
+      - pkg: package_firewalld
+      - file: config_firewalld
+      - service: iptables  # ensure it's stopped
+      - service: ip6tables # ensure it's stopped
 {% else %}
-firewalld:
-  service:
-    - dead                 # ensure it's not running
-    - enable: False        # don't start on boot
-{% endif %}
+service_firewalld:
+  service.dead:
+    - name: {{ firewalld.service }}
+    - enable: False # don't start on boot
+{% endif %}

firewalld/map.jinja

+# -*- coding: utf-8 -*-
+# vim: ft=jinja
+
+{## Start with  defaults from defaults.yaml ##}
+{% import_yaml "firewalld/defaults.yaml" as default_settings %}
+
+{##
+Setup variable using grains['os_family'] based logic, only add key:values here
+that differ from whats in defaults.yaml
+##}
+{% set os_family_map = salt['grains.filter_by']({
+    'Debian': {},
+    'RedHat': {},
+    'Arch': {},
+  }, grain='os_family', merge=salt['pillar.get']('firewalld:lookup')) 
+%}
+
+{## Merge the flavor_map to the default settings ##}
+{% do default_settings.firewalld.update(os_family_map) %}
+
+{## Merge in salt:lookup pillar ##}
+{% set firewalld = salt['pillar.get'](
+    'firewalld',
+    default=default_settings.firewalld,
+    merge=True)
+%}

firewalld/_service.sls → firewalld/services.sls

-# == State: firewalld._service
+# == State: firewalld.services
 #
 # This state ensures that /etc/firewalld/services/ exists.
 #
-/etc/firewalld/services:
+{% from "firewalld/map.jinja" import firewalld with context %}
+
+directory_firewalld_services:
   file.directory:            # make sure this is a directory
+    - name: /etc/firewalld/services
     - user: root
     - group: root
     - mode: 750
     - require:
-      - pkg: firewalld       # make sure package is installed
-    - watch_in:
-      - service: firewalld   # restart service
+      - pkg: package_firewalld # make sure package is installed
+    - listen_in:
+      - service: service_firewalld # restart service
 
 
-# == Define: firewalld._service
+# == Define: firewalld.services
 #
 # This defines a service configuration, see firewalld.service (5) man page.
 # You usually don't need this, you can simply add ports to zone.
     - source: salt://firewalld/files/service.xml
     - template: jinja
     - require:
-      - pkg: firewalld       # make sure package is installed
-    - watch_in: 
-      - service: firewalld   # restart service
+      - pkg: package_firewalld # make sure package is installed
+      - file: directory_firewalld_services
+    - listen_in: 
+      - service: service_firewalld # restart service
     - context:
         name: {{ s_name }}
         service: {{ v }}

firewalld/_zone.sls → firewalld/zones.sls

-# == State: firewalld._zone
+# == State: firewalld.zones
 #
 # This state ensures that /etc/firewalld/zones/ exists.
 #
-/etc/firewalld/zones:
+{% from "firewalld/map.jinja" import firewalld with context %}
+
+directory_firewalld_zones:
   file.directory:            # make sure this is a directory
+    - name: /etc/firewalld/zones
     - user: root
     - group: root
     - mode: 750
     - require:
-      - pkg: firewalld       # make sure package is installed
-    - watch_in:
-      - service: firewalld   # restart service
+      - pkg: package_firewalld # make sure package is installed
+    - listen_in:
+      - service: service_firewalld # restart service
       
 
-# == Define: firewalld._zone
+# == Define: firewalld.zones
 #
 # This defines a zone configuration, see firewalld.zone (5) man page.
 #
 {% set z_name = v.name|default(k) %}
 
 /etc/firewalld/zones/{{ z_name }}.xml:
-  file:
-    - managed
+  file.managed:
     - name: /etc/firewalld/zones/{{ z_name }}.xml
     - user: root
     - group: root
     - source: salt://firewalld/files/zone.xml
     - template: jinja
     - require:
-      - pkg: firewalld       # make sure package is installed
-    - watch_in: 
-      - service: firewalld   # restart service
+      - pkg: package_firewalld # make sure package is installed
+      - file: directory_firewalld_zones
+    - listen_in: 
+      - service: service_firewalld   # restart service
     - context:
         name: {{ z_name }}
         zone: {{ v }}