fixes for rule logging

ansibleguy · May 5, 2024 · 1b07336 · 1b07336
1 parent 16e158d
commit 1b07336
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 13 deletions.
diff --git a/filter_plugins/rules.py b/filter_plugins/rules.py
@@ -133,12 +133,13 @@ def _translate_rule(
         if config['drop_log'] and 'action' in translation and \
                 translation['action'] == 'drop' and 'log prefix' not in mapping:
             if 'comment' in translation:
-                _comment = translation['comment'].replace('comment ', '')
+                _log = translation['comment'].replace('comment ', '')
+                _log = f"\"{config['drop_log_prefix']} {_log[1:-1]} \""
 
             else:
-                _comment = f"\"{config['drop_log_prefix']}\""
+                _log = f"\"{config['drop_log_prefix']} \""
 
-            translation['log prefix'] = f"log prefix {_comment}"
+            translation['log prefix'] = f"log prefix {_log}"
 
             if log_group not in NONE_VALUES and str(log_group).isnumeric():
                 translation['log prefix'] = f"{translation['log prefix']} group {log_group}"

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -136,10 +136,10 @@
     loop_var: nft_table_item
   with_dict: "{{ NFT_CONFIG.tables }}"
   no_log: true  # less verbose output
-  tags: config
+  tags: [config, config_table]
   args:
     apply:
-      tags: config
+      tags: [config, config_table]
 
 - name: NFTables | Installing bash-completion
   ansible.builtin.package:

diff --git a/tasks/table.yml b/tasks/table.yml
@@ -6,7 +6,6 @@
       - nft_table.type in NFT_HC.choices.table.types
   ignore_errors: true
   register: nft_config_check_table
-  tags: [config, purge]
 
 - name: "NFTables | Table '{{ nft_table_name }}' | Informing user"
   ansible.builtin.fail:
@@ -16,7 +15,6 @@
   when:
     - nft_config_check_table.failed is defined
     - nft_config_check_table.failed
-  tags: config
 
 - name: "NFTables | Table '{{ nft_table_name }}' | Chains"
   ansible.builtin.include_tasks: chain.yml
@@ -29,10 +27,9 @@
     loop_var: nft_chain_item
   with_dict: "{{ nft_table.chains }}"
   no_log: true  # less verbose output
-  tags: config
   args:
     apply:
-      tags: config
+      tags: [config, config_table]
 
 - name: "NFTables | Table '{{ nft_table_name }}' | Copying table config"
   ansible.builtin.template:
@@ -45,7 +42,6 @@
   notify: Reload-nftables
   ignore_errors: true
   register: nft_config_table
-  tags: config
 
 - name: "NFTables | Table '{{ nft_table_name }}' | Copying table config for debugging (/tmp/nftables_{{ nft_table_name }}.nft)"
   ansible.builtin.template:
@@ -57,18 +53,15 @@
   when:
     - nft_config_table.failed is defined
     - nft_config_table.failed
-  tags: config
 
 - name: "NFTables | Table '{{ nft_table_name }}' | Failing"
   ansible.builtin.fail:
     msg: "Config of table {{ nft_table_name }} is invalid!"
   when:
     - nft_config_table.failed is defined
     - nft_config_table.failed
-  tags: config
 
 - name: "NFTables | Table '{{ nft_table_name }}' | Removing debugging-config"
   ansible.builtin.file:
     state: absent
     path: '/tmp/nftables_{{ nft_table_name }}.nft'
-  tags: config