From bcb95be48ac57f79ef1bf0e6e66c89045bbb6402 Mon Sep 17 00:00:00 2001 From: Lennart Betz Date: Mon, 1 Jul 2024 09:50:56 +0000 Subject: [PATCH] Readd param manage_selinux, but set default ro true --- REFERENCE.md | 10 ++++++++++ manifests/init.pp | 5 +++++ manifests/install.pp | 3 ++- spec/classes/icinga2_spec.rb | 20 +++++++++++++++++++- 4 files changed, 36 insertions(+), 2 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index d3f95de8..9120611a 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -202,6 +202,7 @@ The following parameters are available in the `icinga2` class: * [`enable`](#-icinga2--enable) * [`manage_repos`](#-icinga2--manage_repos) * [`manage_packages`](#-icinga2--manage_packages) +* [`manage_selinux`](#-icinga2--manage_selinux) * [`manage_service`](#-icinga2--manage_service) * [`features`](#-icinga2--features) * [`purge_features`](#-icinga2--purge_features) @@ -243,6 +244,15 @@ If set to false packages aren't managed. Default value: `true` +##### `manage_selinux` + +Data type: `Boolean` + +If set to true the icinga selinux package is installed if selinux is enabled. Also requires a +`selinux_package_name` (icinga2::globals) and `manage_packages` has to be set to true. + +Default value: `true` + ##### `manage_service` Data type: `Boolean` diff --git a/manifests/init.pp b/manifests/init.pp index c04a3ee8..1bdff57a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -85,6 +85,10 @@ # @param manage_packages # If set to false packages aren't managed. # +# @param manage_selinux +# If set to true the icinga selinux package is installed if selinux is enabled. Also requires a +# `selinux_package_name` (icinga2::globals) and `manage_packages` has to be set to true. +# # @param manage_service # If set to true the service is managed otherwise the service also # isn't restarted if a config file changed. @@ -114,6 +118,7 @@ Boolean $enable = true, Boolean $manage_repos = false, Boolean $manage_packages = true, + Boolean $manage_selinux = true, Boolean $manage_service = true, Boolean $purge_features = true, Hash $constants = {}, diff --git a/manifests/install.pp b/manifests/install.pp index 51335910..7f4cd4b2 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -9,6 +9,7 @@ $package_name = $icinga2::globals::package_name $manage_packages = $icinga2::manage_packages + $manage_selinux = $icinga2::manage_selinux $selinux_package_name = $icinga2::globals::selinux_package_name $cert_dir = $icinga2::globals::cert_dir $conf_dir = $icinga2::globals::conf_dir @@ -23,7 +24,7 @@ before => File[$cert_dir, $conf_dir], } - if fact('os.selinux.enabled') and $facts['os']['selinux']['enabled'] and $selinux_package_name { + if $manage_selinux and fact('os.selinux.enabled') and $facts['os']['selinux']['enabled'] and $selinux_package_name { package { $selinux_package_name: ensure => installed, require => Package[$package_name], diff --git a/spec/classes/icinga2_spec.rb b/spec/classes/icinga2_spec.rb index a555d2fa..8c434b27 100644 --- a/spec/classes/icinga2_spec.rb +++ b/spec/classes/icinga2_spec.rb @@ -43,12 +43,30 @@ it { is_expected.to contain_icinga2__feature('notification').with({ 'ensure' => 'present' }) } end + if facts[:os]['family'] == 'RedHat' + context 'with fact os.selinux.enabled => false' do + let(:facts) do + super().merge({ os: { family: 'RedHat', selinux: { enabled: false } } }) + end + + it { is_expected.not_to contain_package('icinga2-selinux') } + end + + context 'with manage_selinux => false' do + let(:params) do + { manage_selinux: false } + end + + it { is_expected.not_to contain_package('icinga2-selinux') } + end + end + context 'with manage_packages => false' do let(:params) do { manage_packages: false } end - it { is_expected.not_to contain_package('icinga2').with({ 'ensure' => 'installed' }) } + it { is_expected.not_to contain_package('icinga2') } end context 'with confd => false' do