Automate fastly ip addresses (#295)

* Automate Fastly_Ip * Manage key errors * re-address salt-lint 219 * Address salt-lint 219 * Remove vagrant-ssh
python · Jan 17, 2023 · 24f6a26 · 24f6a26
1 parent 0b1f199
commit 24f6a26
Showing 1 changed file with 13 additions and 64 deletions.
diff --git a/pillar/base/firewall/fastly-logging.sls b/pillar/base/firewall/fastly-logging.sls
@@ -1,66 +1,15 @@
+# See https://developer.fastly.com/reference/api/utils/public-ip-list/
+{% set fastly_ip_ranges = salt['http.query']('https://api.fastly.com/public-ip-list', decode=True) %}
+
 firewall:
-  # See https://developer.fastly.com/reference/api/utils/public-ip-list/
-  fastly_syslog_ipv4_a:
-    source: 23.235.32.0/20
-    port: 514
-  fastly_syslog_ipv4_b:
-    source: 43.249.72.0/22
-    port: 514
-  fastly_syslog_ipv4_c:
-    source: 103.244.50.0/24
-    port: 514
-  fastly_syslog_ipv4_d:
-    source: 103.245.222.0/23
-    port: 514
-  fastly_syslog_ipv4_e:
-    source: 103.245.224.0/24
-    port: 514
-  fastly_syslog_ipv4_f:
-    source: 104.156.80.0/20
-    port: 514
-  fastly_syslog_ipv4_g:
-    source: 140.248.64.0/18
-    port: 514
-  fastly_syslog_ipv4_h:
-    source: 140.248.128.0/17
-    port: 514
-  fastly_syslog_ipv4_i:
-    source: 146.75.0.0/17
-    port: 514
-  fastly_syslog_ipv4_j:
-    source: 151.101.0.0/16
-    port: 514
-  fastly_syslog_ipv4_k:
-    source: 157.52.64.0/18
-    port: 514
-  fastly_syslog_ipv4_l:
-    source: 167.82.0.0/17
-    port: 514
-  fastly_syslog_ipv4_m:
-    source: 167.82.128.0/20
-    port: 514
-  fastly_syslog_ipv4_n:
-    source: 167.82.160.0/20
-    port: 514
-  fastly_syslog_ipv4_o:
-    source: 167.82.224.0/20
-    port: 514
-  fastly_syslog_ipv4_p:
-    source: 172.111.64.0/18
-    port: 514
-  fastly_syslog_ipv4_q:
-    source: 185.31.16.0/22
-    port: 514
-  fastly_syslog_ipv4_s:
-    source: 199.27.72.0/21
-    port: 514
-  fastly_syslog_ipv4_t:
-    source: 199.232.0.0/16
-    port: 514
+{% for address in fastly_ip_ranges.get('dict', {}).get('addresses', []) %}
+  fastly_syslog_ipv4_{{ loop.index }}:
+      source: {{ address }}
+      port: 514
+{% endfor %}
 
-  fastly_syslog_ipv6_a:
-    source6: 2a04:4e40::/32
-    port: 514
-  fastly_syslog_ipv6_b:
-    source6: 2a04:4e42::/32
-    port: 514
+{% for address in fastly_ip_ranges.get('dict', {}).get('ipv6_addresses', []) %}
+  fastly_syslog_ipv6_{{ loop.index }}:
+      source6: {{ address }}
+      port: 514
+{% endfor %}