From 2ee68bf9a713d5f4b5b6b73c40633627fb905d6c Mon Sep 17 00:00:00 2001 From: Grzegorz Grasza Date: Fri, 12 Mar 2021 15:04:01 +0100 Subject: [PATCH] Fix memcached firewall condition The conditions should have used map_merge, this simplifies them a lot, by passing a list to dport key. Change-Id: I15cb1f3bbc9e1be90265feab5bfed7f28c1cb1f3 Closes-Bug: #1918891 Co-authored-By: yatinkarel --- .../memcached/memcached-container-puppet.yaml | 39 +++++++------------ 1 file changed, 14 insertions(+), 25 deletions(-) diff --git a/deployment/memcached/memcached-container-puppet.yaml b/deployment/memcached/memcached-container-puppet.yaml index 100db412d9..ad887b80ce 100644 --- a/deployment/memcached/memcached-container-puppet.yaml +++ b/deployment/memcached/memcached-container-puppet.yaml @@ -137,36 +137,25 @@ outputs: - {get_param: [ServiceNetMap, MemcachedNetwork]} template: '121 memcached <%net_cidr%>': - dport: {get_param: MemcachedPort} + dport: + list_concat: + - - {get_param: MemcachedPort} + - if: + - enable_non_tls_port + - [11211] + - [] proto: 'tcp' source: <%net_cidr%> - '121 memcached': - dport: {get_param: MemcachedPort} + dport: + list_concat: + - - {get_param: MemcachedPort} + - if: + - enable_non_tls_port + - [11211] + - [] proto: 'tcp' source: {get_param: MemcachedIpSubnet} - if: - - and: [memcached_network_unset, enable_non_tls_port] - - map_merge: - repeat: - for_each: - <%net_cidr%>: - get_param: - - ServiceData - - net_cidr_map - - {get_param: [ServiceNetMap, MemcachedNetwork]} - template: - '121 memcached <%net_cidr%>': - dport: 11211 - proto: 'tcp' - source: <%net_cidr%> - - {} - if: - - and: [{not: memcached_network_unset}, enable_non_tls_port] - - '121 memcached': - dport: 11211 - proto: 'tcp' - source: {get_param: MemcachedIpSubnet} - - {} monitoring_subscription: {get_param: MonitoringSubscriptionMemcached} config_settings: map_merge: