feat(map): `config.get` lookups from configurable roots

We avoid compatibility break with user pillars by looking up
configuration values using `config.get` in configurable roots.

We provide a new parameter `map_jinja:config_get_roots` in the formula
`parameters/defaults.yaml`to retrives values not only from
`tplroot=openssh` but from `sshd_config` and `ssh_config` too.

We need to update the `_mapdata` reference files to include the new
`map_jinja:config_get_roots`.

openssh/map.jinja

@@ -47,6 +47,31 @@
       ~ map_sources
     ) %}
 
+{#- Lookup with `config.get` from configurable roots #}
+{%- do salt["log.debug"](
+      "map.jinja: initialise 'config.get' roots with 'tplroot' "
+      ~ tplroot
+    ) %}
+{%- set config_get_roots = [tplroot] %}
+{#- Configure `config.get` from defaults.yaml #}
+{%- set config_get_roots = default_settings | traverse(
+      "values:map_jinja:config_get_roots",
+      config_get_roots
+    ) %}
+{#- Lookup global `config.get` roots #}
+{%- set config_get_roots = salt["config.get"](
+      "map_jinja:config_get_roots",
+      config_get_roots
+    ) %}
+{#- Lookup per formula `config.get` roots #}
+{%- set config_get_roots = salt["config.get"](
+      tplroot ~ ":map_jinja:config_get_roots",
+      config_get_roots,
+    ) %}
+{%- do salt["log.debug"](
+      "map.jinja: load parameters with 'config.get' from roots "
+      ~ config_get_roots
+    ) %}
 
 {#- Work around assignment inside for loop #}
 {#- load configuration values used in `config.get` merging strategies #}
@@ -85,47 +110,50 @@
 {#- process each `map.jinja` source #}
 {%- for map_source in map_sources %}
 {%-   if map_source  in ["config_get", "config_get_lookup"] %}
-{%-     set _config_key = {
-          "config_get": tplroot,
-          "config_get_lookup": tplroot ~ ":lookup",
-        }.get(map_source) %}
-{%-     set _config_type = {
-          "config_get": "configuration",
-          "config_get_lookup": "lookup",
-        }.get(map_source) %}
-
-{%-     do salt["log.debug"](
-          "map.jinja: retrieve formula "
-          ~ _config_type
-          ~ " with 'config.get'"
-          ~ _config["merge_msg"]
-        ) %}
-{%-     set _config_get = salt["config.get"](
-          _config_key, default={}, **_config["merge_opt"]
-        ) %}
+{%-     for _config_root in config_get_roots %}
+{%-       set _config_key = {
+            "config_get": _config_root,
+            "config_get_lookup": _config_root ~ ":lookup",
+          }.get(map_source) %}
+
+{%-       do salt["log.debug"](
+            "map.jinja: retrieve '"
+            ~ _config_key
+            ~ "' with 'config.get'"
+            ~ _config["merge_msg"]
+          ) %}
+{%-       set _config_get = salt["config.get"](
+            _config_key, default={}, **_config["merge_opt"]
+          ) %}
 
-{#-     `slsutil.merge` defaults to `smart` instead of `None` for `config.get` #}
-{%-     set _strategy = _config["merge_strategy"] | default("smart", boolean=True) %}
-{%-     do salt["log.debug"](
-          "map.jinja: merge formula "
-          ~ _config_type
-          ~ " retrieved with 'config.get'"
-          ~ ", merge: strategy='"
-          ~ _strategy
-          ~ "', lists='"
-          ~ _config["merge_lists"]
-          ~ "'"
-        ) %}
-{%-     do _config.update(
-          {
-            "stack": salt["slsutil.merge"](
-              _config["stack"],
-              _config_get,
-              strategy=_strategy,
-              merge_lists=_config["merge_lists"],
-            )
-          }
-        ) %}
+{#-       `slsutil.merge` defaults to `smart` instead of `None` for `config.get` #}
+{%-       set _strategy = _config["merge_strategy"] | default("smart", boolean=True) %}
+{%-       do salt["log.debug"](
+            "map.jinja: merge '"
+            ~ _config_key
+            ~ "' retrieved with 'config.get'"
+            ~ ", merge: strategy='"
+            ~ _strategy
+            ~ "', lists='"
+            ~ _config["merge_lists"]
+            ~ "'"
+          ) %}
+
+{#-       Keep values under each root key when there are more than one #}
+{%-       if config_get_roots|length > 1 %}
+{%-         set _config_get = { _config_root: _config_get } %}
+{%-       endif %}
+{%-       do _config.update(
+            {
+              "stack": salt["slsutil.merge"](
+                _config["stack"],
+                _config_get,
+                strategy=_strategy,
+                merge_lists=_config["merge_lists"],
+              )
+            }
+          ) %}
+{%-     endfor %}
 {%-   else %}
 {#-     Lookup the grain/pillar/... #}
 {#-     Fallback to use the source name as a direct filename #}

openssh/parameters/defaults.yaml

@@ -2,6 +2,12 @@
 # vim: ft=yaml
 ---
 values:
+  map_jinja:
+    config_get_roots:
+      - openssh
+      - sshd_config
+      - ssh_config
+
   openssh:
     sshd_enable: true
     sshd_binary: /usr/sbin/sshd

test/integration/default/files/_mapdata/amazonlinux-1.yaml

@@ -1,6 +1,11 @@
 # yamllint disable rule:indentation rule:line-length
 # Amazon Linux AMI-2018
 ---
+map_jinja:
+  config_get_roots:
+  - openssh
+  - sshd_config
+  - ssh_config
 openssh:
   absent_dsa_keys: false
   absent_ecdsa_keys: false

test/integration/default/files/_mapdata/amazonlinux-2.yaml

@@ -1,6 +1,11 @@
 # yamllint disable rule:indentation rule:line-length
 # Amazon Linux-2
 ---
+map_jinja:
+  config_get_roots:
+  - openssh
+  - sshd_config
+  - ssh_config
 openssh:
   absent_dsa_keys: false
   absent_ecdsa_keys: false

test/integration/default/files/_mapdata/arch-base-latest.yaml

@@ -1,6 +1,11 @@
 # yamllint disable rule:indentation rule:line-length
 # Arch
 ---
+map_jinja:
+  config_get_roots:
+  - openssh
+  - sshd_config
+  - ssh_config
 openssh:
   absent_dsa_keys: false
   absent_ecdsa_keys: false

test/integration/default/files/_mapdata/centos-6.yaml

@@ -1,6 +1,11 @@
 # yamllint disable rule:indentation rule:line-length
 # CentOS-6
 ---
+map_jinja:
+  config_get_roots:
+  - openssh
+  - sshd_config
+  - ssh_config
 openssh:
   absent_dsa_keys: false
   absent_ecdsa_keys: false

test/integration/default/files/_mapdata/centos-7.yaml

@@ -1,6 +1,11 @@
 # yamllint disable rule:indentation rule:line-length
 # CentOS Linux-7
 ---
+map_jinja:
+  config_get_roots:
+  - openssh
+  - sshd_config
+  - ssh_config
 openssh:
   absent_dsa_keys: false
   absent_ecdsa_keys: false

test/integration/default/files/_mapdata/centos-8.yaml

@@ -1,6 +1,11 @@
 # yamllint disable rule:indentation rule:line-length
 # CentOS Linux-8
 ---
+map_jinja:
+  config_get_roots:
+  - openssh
+  - sshd_config
+  - ssh_config
 openssh:
   absent_dsa_keys: false
   absent_ecdsa_keys: false

test/integration/default/files/_mapdata/debian-10.yaml

@@ -1,6 +1,11 @@
 # yamllint disable rule:indentation rule:line-length
 # Debian-10
 ---
+map_jinja:
+  config_get_roots:
+  - openssh
+  - sshd_config
+  - ssh_config
 openssh:
   absent_dsa_keys: false
   absent_ecdsa_keys: false

test/integration/default/files/_mapdata/debian-9.yaml

@@ -1,6 +1,11 @@
 # yamllint disable rule:indentation rule:line-length
 # Debian-9
 ---
+map_jinja:
+  config_get_roots:
+  - openssh
+  - sshd_config
+  - ssh_config
 openssh:
   absent_dsa_keys: false
   absent_ecdsa_keys: false

test/integration/default/files/_mapdata/fedora-31.yaml

@@ -1,6 +1,11 @@
 # yamllint disable rule:indentation rule:line-length
 # Fedora-31
 ---
+map_jinja:
+  config_get_roots:
+  - openssh
+  - sshd_config
+  - ssh_config
 openssh:
   absent_dsa_keys: false
   absent_ecdsa_keys: false

test/integration/default/files/_mapdata/fedora-32.yaml

@@ -1,6 +1,11 @@
 # yamllint disable rule:indentation rule:line-length
 # Fedora-32
 ---
+map_jinja:
+  config_get_roots:
+  - openssh
+  - sshd_config
+  - ssh_config
 openssh:
   absent_dsa_keys: false
   absent_ecdsa_keys: false

test/integration/default/files/_mapdata/opensuse-15.yaml

@@ -1,6 +1,11 @@
 # yamllint disable rule:indentation rule:line-length
 # Leap-15
 ---
+map_jinja:
+  config_get_roots:
+  - openssh
+  - sshd_config
+  - ssh_config
 openssh:
   absent_dsa_keys: false
   absent_ecdsa_keys: false

test/integration/default/files/_mapdata/ubuntu-16.yaml

@@ -1,6 +1,11 @@
 # yamllint disable rule:indentation rule:line-length
 # Ubuntu-16.04
 ---
+map_jinja:
+  config_get_roots:
+  - openssh
+  - sshd_config
+  - ssh_config
 openssh:
   absent_dsa_keys: false
   absent_ecdsa_keys: false

test/integration/default/files/_mapdata/ubuntu-18.yaml

@@ -1,6 +1,11 @@
 # yamllint disable rule:indentation rule:line-length
 # Ubuntu-18.04
 ---
+map_jinja:
+  config_get_roots:
+  - openssh
+  - sshd_config
+  - ssh_config
 openssh:
   absent_dsa_keys: false
   absent_ecdsa_keys: false

test/integration/default/files/_mapdata/ubuntu-20.yaml

@@ -1,6 +1,11 @@
 # yamllint disable rule:indentation rule:line-length
 # Ubuntu-20.04
 ---
+map_jinja:
+  config_get_roots:
+  - openssh
+  - sshd_config
+  - ssh_config
 openssh:
   absent_dsa_keys: false
   absent_ecdsa_keys: false