---
{%- from "apparmor/map.jinja" import apparmor with context %}
{%- if apparmor.enabled is defined and apparmor.enabled %}
{%- for cfg in apparmor.configs %}
apparmor-{{ cfg }}:
  file.managed:
    - name: "/etc/apparmor.d/{{ cfg }}"
    - source: "salt://apparmor/{{ cfg }}.j2"
    - user: root
    - group: root
    - mode: "0644"
    - template: jinja
    - watch_in:
      - service: apparmor-reload
{%- endfor %}

apparmor-reload:
  service.running:
    - name: apparmor
    - enable: true
{%- endif %}