1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Commit graph

1296 commits

Author SHA1 Message Date
LanceNero
bf780ea738
terraform: remote state file exists check issue (#6296)
* remote state file exists check

In the official CLI implementation of Terraform, if the state file does not exist, a new one will be created, and there is no need to check that the state file already exists and with an error if file not exists.

```bash
# Test command
terraform apply -state test.tfstate. # if state file not exists ,terraform will create a new one
terraform destroy -state test1.tfstate  ### Terraform will not throw any error, the command will succeed execute, only report no resource has destroy
```

* Update terraform.py

add 1 blank line to function end

* Create 6296-LanceNero-Terraform_statefile_check

remove file exists check (https://github.com/ansible-collections/community.general/pull/6296)

* resolve if case issue

* Add blank line

* Update 6296-LanceNero-Terraform_statefile_check

* Update changelogs/fragments/6296-LanceNero-Terraform_statefile_check

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>

* update code style

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>

* Update suffix to correct CI issue

* Update Code Style

* Update bug-fix to feature release

---------

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
2023-04-13 06:55:52 +02:00
Jonathan Kamens
a5765143f1
dconf: three minor but useful fixes (#6206)
* dconf: Correctly handle setting a key that has no value in DB

We need to check if the value in the database is None before we try to
parse it, because the GVariant parser won't accept None as an input
value. By definition if the value is None, i.e., there's no value in
the database, than any value the user is trying to set is a change, so
just indicate that it's a change without trying to compare the None to
whatever the user specified as the value.x

* dconf: Give a more useful error when writing a key fails

if writing a key fails, then include in the error that is returned the
exact key and value aguments that were given to the dconf command, to
assist in diagnosing failures caused by providing the key or value in
the wrong format.x

* dconf: Convert boolean values into the format that dconf expects

Even though we warn users to be careful to specify GVariant strings
for values, a common error is to be trying to specify a boolean string
which ends up getting converted into a boolean by the YAML parser or
Ansible. Then it gets converted to "True" or "False", the string
representations of Python booleans, which are not valid GVariants.

Rather than just failing with an obscure error when this happens,
let's be more user-friendly and detect when the user has specified a
boolean and convert it into the correct GVariant forms, "true" or
"false", so it just works. There's no good reason to be more pedantic
than that.
2023-04-13 06:52:14 +02:00
Claude Becker
6c5c05dfdc
homebrew: respect greedy flag for cask upgrade_all (#6267)
* homebrew: respect greedy flag for cask upgrade_all

* homebrew: implement feedback from code review
2023-04-13 06:41:23 +02:00
Jon-Paul Lindquist
ea8720f572
Add skip_tags option to Puppet module (#6293)
* Add Puppet skip_tags option

* Include changelog fragment

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-04-13 06:40:54 +02:00
Nils Meyer
14b19afc9a
archive: Generate crc32 over 16MiB chunks (#6274)
* archive: Generate crc32 over 16MiB chunks

Running crc32 over the whole content of the compressed file potentially
requires a lot of RAM. The crc32 function in zlib allows for calculating
the checksum in chunks. This changes the code to calculate the checksum
over 16 MiB chunks instead. 16 MiB is the value also used by
shutil.copyfileobj().

* Update changelogs/fragments/6199-archive-generate-checksum-in-chunks.yml

Change the type of change to bugfix

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update changelogs/fragments/6199-archive-generate-checksum-in-chunks.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-04-13 06:40:16 +02:00
Paul Aurich
f93a1bf5ec
pipx: Add support for system_site_packages (#6308)
* pipx: Add support for system_site_packages

* Add changelog fragment
2023-04-10 09:10:32 +02:00
Alexei Znamensky
a64e36820f
mksysb: improve visibility on the output (#6269)
* mksysb: improve visibility on the output

* add changelog frag
2023-04-05 13:55:49 +02:00
Lorenzo Tanganelli
cee5f31b70
Add support to topics on Gitlab Project module (#6278)
* add topics to gitlab_project.py

* add chngelog fragment

* fix lint error

* Update changelogs/fragments/6277-add-topics-gitlab-project.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-04-03 22:02:20 +02:00
Pino Toscano
c280b793de
redhat_subscription: fix D-Bus option for environments on CentOS (#6275)
Factorize the current logic to determine whether use 'environments' as
D-Bus registration option (rather than 'environment') in an own
function, so it is easier to read it and maintain it.

With the small helper function in place, extend the logic to support
CentOS: it is in practice the same as the RHEL one, with an additional
check to support CentOS Stream 8 (which is a rolling release, and not
versioned).
2023-04-03 21:26:56 +02:00
Pino Toscano
c9e11e5c0c
redhat_subscription: manually unregister only when registered (#6259)
When registering using D-Bus and using a version of subscription-manager
with an unimplemented 'force' option, then unregister manually the
system only if it is registered. 'subscription-manager unregister'
errors out when trying to unregister an already unregistered system.
2023-04-03 21:03:43 +02:00
Paul Aurich
33093e9f3e
pipx: document parameters supported with state=latest, and fix include_injected parameter (#6212)
* pipx: Document parameters supported with state=latest

* pipx: Support "include_injected" with states "upgrade" and "latest"

- Contrary to documentation, "include_injected" doesn't appear to have
  worked with state=upgrade since it was introduced.
- Add support for include_injected with "latest", since "latest" is
  specified as being install+upgrade.

* Add changelog fragment

* Update plugins/modules/pipx.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update changelog fragment

Co-authored-by: Felix Fontein <felix@fontein.de>

* pipx: Update to correct target release of community.general

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-03-30 07:28:24 +02:00
Hugo Prudente
be7f11bf39
Add worklog functionality to jira module (#6210)
community.general#6209 Add worklog functionality to jira
2023-03-26 09:31:06 +02:00
barloff-st
59e58079cb
Adding open option to nmap (#6200)
* Adding nmap `open` option

* Removing accidental copy/paste issue

* Update changelogs/fragments/6200-adding-open-option-to-nmap.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/inventory/nmap.py

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-03-26 09:29:55 +02:00
lirkwood
cd706454ec
Fixed XenOrchestra inventory plugin failing due to not checking response ID. (#6227)
* Added call method to select proper response from xo server

* Added changelog fragment

* Removed excess blank lines

* Moved period in changelog fragment

* Made suggested changes

* Remove f-strings for Python 2.7 compatibility

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Linus Kirkwood <lkirkwood@allette.com.au>
Co-authored-by: Felix Fontein <felix@fontein.de>
2023-03-26 09:29:36 +02:00
Sam Potekhin
81b16a88ee
nmcli: fixed idempotency issue when config bridge connection (#6105)
* nmcli: fixed idempotency issue when config bridge connection

* Update changelog fragment.

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-03-26 09:28:51 +02:00
Sam Potekhin
5ee687049f
nmcli: fixed idempotency issue with 'may_fail4' when 'method' is 'disabled' (#6106)
* nmcli: fixed idempotency issue with 'may_fail4' when 'method' is 'disabled'

* added note to documentation

* updated changelog fragment

* Update changelog fragment.

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-03-26 09:28:06 +02:00
Alex Groshev
d4f272ba52
nmcli: add runner_fast_rate option (#6148)
* add runner_fast_rate option

* unset default value for runner_fast_rate parameter

* add some commas

* Remove default in copy of argspec.

Co-authored-by: Sam Potekhin <eax24@ya.ru>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Sam Potekhin <eax24@ya.ru>
2023-03-26 09:27:00 +02:00
Paul Aurich
6fa833feed
pipx: Allow injected modules to add apps (#6198)
* pipx: Allow injected modules to add apps

Add support for pipx inject's "--include-apps" parameter.

* add changelog fragment

* fix pipx test ("install_apps", not "include_apps")

* fix pipx test -- add a second invocation for install_apps

* Update changelogs/fragments/6198-pipx-inject-install-apps.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/pipx.py

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-03-26 09:17:55 +02:00
ky13
33ccabed13
added hpe thermal config and fan percent min (#6208)
* added hpe thermal config and fan percent min

* typo fixed

* Create 6208-hpe-thermal-fan-percent.yaml

* fixed changelog fragment

* Update 6208-hpe-thermal-fan-percent.yaml
2023-03-25 23:18:21 +01:00
Gavin Will
e96552396e
ssh_config: add proxyjump option (#6205)
* feat(ssh_config): proxyjump option

* feat(ssh_config: add proxyjump test

* CamelCase ProxyJump

* add changelog fragment

* Update plugins/modules/ssh_config.py

add version_added

Co-authored-by: Felix Fontein <felix@fontein.de>

* update task name to include new proxyjump option

* adding tests for proxyjump option

* fixing assert variable name

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-03-25 23:16:46 +01:00
Julian
7059789f35
Add archive param for proxmox_kvm module (#6159)
We simply add a param to allow proxmox administrator to restore VM from
an archives. This new option will be useful to automate automatic
creation and restore of VM.

Co-authored-by: Julian Vanden Broeck <julian.vandenbroeck@dalibo.com>
2023-03-25 08:24:28 +01:00
Léo GATELLIER
f3be0076af
Add Gitlab group runners support (#3935) 2023-03-25 08:23:20 +01:00
Andrey Cherepanov
b1d94385ae
apt_rpm: add clean, dist_upgrade and update_kernel (#5867)
* clean performs apt-get clean.

* dist_upgrade performs apt-get dist-upgrade.

* update_kernel performs update-kernel to upgrade kernel packages.

* update_cache, clean, dist_upgrade and update_kernel can be used with and without specified packages.
2023-03-25 08:22:33 +01:00
Jeffrey Cutter
ed8049a220
nmcli: add new addr_gen_mode6 options (#5974)
* nmcli: add new addr_gen_mode6 options

* Add changelog fragment.

* Update plugins/modules/nmcli.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Adjust documentation.

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-03-24 07:55:58 +01:00
Pino Toscano
bbd68e26a2
redhat_subscription: require credentials only when needed (#5664)
The module currently has a static 'required_if' statement for its
parameters that forces any of 'username' or 'activationkey' or 'token'
in case state=present; while this is generally a good idea, it can be
an extra requirements in some cases. In particular, if the system is
already registered, there is no need for credentials -- some of the
operations of the module, such as manipulating pools, can be done
perfectly without credentials.

Hence:
- change the static 'required_if' to require credentials only when
  forcing the registration
- check for credentials manually when a registration is needed, i.e.
  on an unregistered system; the fail message is the same as the one
  shown by 'required_if'

Adapt the tests to this new situation:
- test_without_required_parameters now needs to mock an unregistered
  system
- add a new version of test_without_required_parameters to test an
  already registered system
- add a simple test case for only state=present usable on an already
  registered system
- remove the credentials from a test case for pool attachment that
  mocks an already registered system
2023-03-22 20:19:55 +01:00
Pino Toscano
9f67cbbe36
rhsm modules: cleanly fail when not run as root (#6211)
subscription-manager on RHEL installs a symlink in /usr/bin to
console-helper (part of usermode), which triggers an interactive prompt
for root credentials when run as user. It seems that console-helper
does not handle well non-interactive contexts (e.g. without a TTY for
input), and thus it will hang waiting for input when run as user in an
Ansible task.

Since subscription-manager requires root already anyway (and it will
fail when explicitly run as user), then apply the same logic locally on
all the modules that interact with it: redhat_subscription,
rhsm_release, and rhsm_repository.
2023-03-22 13:15:32 +01:00
Reto Kupferschmid
512bf4b77f
ldap moduls: add optional ca_cert_file option (#6185)
* add ca_cert_file option

* fix pr url

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

* update parameter name

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-03-22 07:39:58 +01:00
Hugo van Kemenade
f66cc7c933
Replace deprecated error with BadZipFile (#6180)
* Replace deprecated error with BadZipFile

* Use imported BadZipFile

Co-authored-by: Felix Fontein <felix@fontein.de>

* Add news fragment

* Update new fragment

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-03-22 07:39:18 +01:00
Petr Tichý
3fb1ff0b72
Fix influxdb_user grants in check mode (#6111)
* Fix influxdb_user grants in check mode

When running in check mode, `influxdb_user` will return error when the user doesn't exist yet, instead of reporting `changed` state.

* Update changelogs/fragments/6111-influxdb_user-check-mode.yaml

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-03-22 07:38:31 +01:00
barloff-st
bf8f2950b4
Adding support for -p option to specify port(s) to scan (#6165)
* Adding support for `-p` option to specify port(s) to scan

* Adding changelog fragment file

* Corrected appending options

* Edit to doc section

* Correction in documentation type

* Fixed `:` use in doc breaking yaml

* Update changelogs/fragments/6165-nmap-port.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/inventory/nmap.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/inventory/nmap.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Adding usage example

* Adding comment to example that was missed

* Breaking line up, was too long for sanity test 160 char limit

* Still too long since spaces are counted

* Changed type to string to work for a single entry as well as comma separated values

* Update changelogs/fragments/6165-nmap-port.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/inventory/nmap.py

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-03-19 13:27:10 +01:00
Martin Helwig
1dd86bcb55
add optional use_tls parameter (#6154)
* add optional use_tls parameter

* add optional use_tls parameter

---------

Co-authored-by: Martin Helwig <prostep.helwig@extaccount.com>
2023-03-14 23:01:59 +01:00
Patrik Lundin
b97bee3fd6
openbsd_pkg: set TERM to 'dumb' in execute_command (#6149)
* openbsd_pkg: set TERM to 'dumb' in execute_command

Keeps pkg_add happy when someone running ansible is using a TERM that
the managed OpenBSD host does not know about.

Fixes #5738.

Selection of specific TERM from discussion at
https://marc.info/?l=openbsd-tech&m=167290482630534&w=2

* Add changelog fragment for openbsd_pkg TERM fix

* Update changelogs/fragments/6149-openbsd_pkg-term.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-03-14 23:01:06 +01:00
John Daly
df34569fad
Updating yarn.list to not fail when when warnings are emitted (#6129)
* Updating yarn.list to not fail when when warnings are emitted

* Adding changelog fragment

* Adding _process_yarn_error function

* - Adding back changes to the changelog fragment
- Fixing formatting

* Fix trailing whitespace

* Update plugins/modules/yarn.py

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-03-14 23:00:23 +01:00
Pino Toscano
e939cd07ef
redhat_subscription: use D-Bus for registration if possible (#6122)
subscription-manager currently does not have a way to get credentials
(username, password, activation keys, organization ID) in a secure way:
the existing command line parameters can be easily spotted when running
a process listing while 'subscription-manager register' runs.
There is a D-Bus service, which is used by e.g. cockpit and Anaconda to
interface with RHSM (at least for registration and common queries).

Try to perform the registration using D-Bus, in a way very similar to
the work done in convert2rhel [1] (with my help):
- try to do a simple signal test to check whether the system bus works;
  inspired by the login in the dconf module
- pass most of the options as registration options; for the few that are
  not part of the registration, execute 'subscription-manager' manually
- add quirks for differently working (or not) registration options for
  the D-Bus Register*() methods depending on the version of RHEL
- 'subscription-manager register' is used only in case the signal test
  is not working; silent fallback in case of D-Bus errors during the
  registration is not done on purpose to avoid silent fallback to a less
  secure registration

[1] https://github.com/oamg/convert2rhel/pull/540/
2023-03-14 22:52:51 +01:00
Cédric Jeanneret
a49ad340af
[make] Provide built command in the module output (#6160)
It may happen operator wants to get the built command instead of all the
parameters. This change injects a new entry in the dict output, showing
what command way actually launched.

This patch also takes the opportunity to add missing dots to some
documentation lines.
2023-03-14 20:44:08 +01:00
Peter Upton
3862de3f15
Removes dependency on StormSSH (#6117)
* included storm config parser

* Add changelog fragment

* Fix changelog fragment

* address PR feedback

* fix license

* add required boilerplate, fix issues found in test output

* move __future__ imports

* address pr feedback

* address test output

* address pr feedback
2023-03-12 12:39:42 +01:00
Roman Belyakovsky
abcba9dbbe
Interfaces file spaces fix (#6131)
* interfaces_file: added test case for #6120

* interfaces_file: reverted code to #fafabed

* interfaces_file: added changelog fragment

* interfaces_file: added missing licenses

* interfaces_file: improved test coverage

* interfaces_file: fixed retrieving option values

* Update plugins/modules/interfaces_file.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/interfaces_file.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update tests/unit/plugins/modules/interfaces_file/test_interfaces_file.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/interfaces_file.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/interfaces_file.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/interfaces_file.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/interfaces_file.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/interfaces_file.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/interfaces_file.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update tests/unit/plugins/modules/interfaces_file/test_interfaces_file.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* interfaces_file: spacing fix

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-03-09 20:09:13 +01:00
Daniel Patrick
6cf674485f
memset*.py: Fixed URLError handling (#6114)
* memset.py: Added URLError exception and stderr to Response() object

* memset_*.py: Check response.status_code and response.stderr

* Added changelog fragment

* memset.py: Fixed pep8

* Renamed changelog fragment with .yml file extension
2023-03-08 07:54:36 +01:00
Jonathan Kamens
627371e2d8
dconf: Check for changes properly despite style of quotes used by user (#6049)
dconf: parse GVariant values to check for equality whenever possible

Direct string comparisons are an inaccurate way to compare two
GVariant representations. For example, 'foo' and "foo" (including the
quote marks, which are part of the representation) are equal GVariants
but if you just do a string compare (remember, including the quotes)
they'll be interpreted.

We therefore want to use the `gi.repository` Python library to parse
GVariant representations before comparing them whenever possible.

However, we don't want to assume that this library will always be
available or require it for Ansible to function, so we use a straight
string comparison as a fallback when the library isn't available. This
may result in some false positives, i.e., Ansible thinking a value is
changing when it actually isn't, but will not result in incorrect
values being written into `dconf`.

Co-authored-by: Jonathan Kamens <jik@jik5.kamens.us>
2023-03-04 20:51:50 +01:00
cfiehe
c077818c5d
Fixes #6112: community.general.gitlab_runner KeyError: 'access_level' (#6130)
The fix ensures that no 'KeyError' is raised, when 'access_level' is not provided as module parameter or when 'access_level_on_creation' is false.

Signed-off-by: Christoph Fiehe <c.fiehe@eurodata.de>
Co-authored-by: Christoph Fiehe <c.fiehe@eurodata.de>
2023-03-04 10:14:58 +01:00
Sargun Vohra
3d67f51824
Fix Yarn global not working without explicit executable path (#6138)
* Fix Yarn global not working without explicit executable path

* changelog fragment

* fix formatting and add test

* oops
2023-03-04 10:09:14 +01:00
Sam Potekhin
2dee3464dd
nmcli: fixed inability to change mtu on vlan connection (#6104)
* tests updated

Co-authored-by: Sam Potekhin <heaveaxy@gmail.com>
2023-03-04 10:01:52 +01:00
Giacomo Olgeni
9a97bc7c11
Add 'inventory_hostname' to the jail plugin documentation (#6118)
This fixes the following warning on FreeBSD:

  [WARNING]: The "jail" connection plugin has an improperly configured
  remote target value, forcing "inventory_hostname" templated value
  instead of the string
2023-03-03 22:56:24 +01:00
Alexei Znamensky
345a69304a
opkg: fix bug when update_cache=true (#6119)
* opkg: fix bug when update_cache=true

* add changelog fragment
2023-03-02 07:01:15 +01:00
Reto Kupferschmid
d209466985
add xorder_discovery parameter (#6109)
* add xorder_discovery parameter

* fix regex raw string

* use dn logic from LdapGeneric

* Update documentation.

* Update changelog fragment.

* Improve if.

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-02-27 20:26:01 +01:00
Felix Fontein
681fad92c2 Fix changelog fragment type. 2023-02-26 16:19:59 +01:00
Felix Fontein
e8bdec2733
jenkins_plugin: avoid undefined variable when updates file is not downloaded (#6100)
Avoid undefined variable when updates file is not downloaded.
2023-02-26 15:37:16 +01:00
Alex Groshev
29f5033737
add persistent option for modprobe (#5424)
* add persistent option for modprobe

* add suggested changes + fix broken test

* change modprobe module path in tests due to rebase

* change persistent option type from bool to str with choices

* fix unused import

* add example with persistent option

* fix some minor issues after review

- move regexps compiling to __init__
- move AnsibleModule to build_module function and use this function in tests instead of AnsibleModule
- fix terminlogy issue in documentation

* fix unused-import
2023-02-26 14:58:58 +01:00
Hemant Zope
617be6e124
Add new project features to API (#5986)
* Add new project features to API

* add changelog fragment

* remove extra line from changelog

* Update changelog formatting

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-02-26 14:13:22 +01:00
bluikko
c8a2ac3a47
sefcontext: add support for path substitutions (#5830)
* sefcontext: add path substitution support (#1193)

First commit for feedback, missing docs and tests.

* sefcontext: add documentation

* Add changelog fragment

* Documentation formatting

* Delete extra newline

* pep8 fixes

Fix indentation

* Add version_added to arg docs

* Add examples

* Don't delete non-matching path substitutions

* Add integration tests

* Delete only substitutions if such arg passed

Don't delete existing regular file context mappings if deletion of
a path substitution was requested with the presence of the
`equal` arg - delete only path substitutions in such case.

Path substitutions and regular mappings may overlap.

* Can only add args in minor releases

:(

* Cleanup before tests

* Fix deletion using substitution

Was comparing wrong var.

* Fix test checking wrong var

* Improve args documentation and examples

List the default values for selevel, seuser.
Add example for deleting path substitutions only.

* Add attributes documentation block

Not sure if should add become/delegate/async,
shouldn't those work just like that without any
specific code added for them?

* and fix indentation on attribute block

* Consistent indentation for attributes

Confusing, most plugins indent with 4 spaces.
But some use 2 like the rest of the code, so use 2.

* Add missing ref for attribute block

* Use correct c.g version in doc block

Co-authored-by: Felix Fontein <felix@fontein.de>

* Add full stop to changelog fragment

Co-authored-by: Felix Fontein <felix@fontein.de>

* Streamline documentation

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>

* Support limiting deletion to setype

Deleting file context mappings may be limited by
passing setype or equal, if neither arg is passed
then delete either setype/equal mappings that match.

* Change arg name, diff mode output fix

Change arg name from equal to substitute.
Print target = subsitute in diff mode same way as
semanage does.

Also put back platform attribute, try to improve
clumsy language in the substitute arg docs.

* Delete even if arg setype not match existing

Test 5 indicates that deletion is supposed to not check that
the arg setype passed when deleting matches the setype
of the mapping to delete.
Delete any mapping that matches target, regardless of
setype arg value.

* Update arg name in tests

* Too eager replacing

Accidentally replaced seobject function names so fix them back

* 4564: Fix invalid setype in doc example

Change from httpd_git_rw_content_t which
does not exist to httpd_sys_rw_content_t

Fixes #4564

* Fix documentation attributes

Additional fragment

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update version_added in docs

Bumping minor to 6.4.0 since it didn't make 6.3.0.

* Add more description to the new arg docs

Try to improve discoverability of the new feature and make it easier to understand without deep SELinux understanding.

* Update platform to Linux in documentation

* Add equal as alias for the new argument

Improve discoverability of the new feature by adding an alias to the new module argument. The argument name "equal" will be easy to find for users who are not familiar with SELinux and who just try to match to the CLI tool `semanage`.

* And add alias argument properly

Previous commit missed actually adding the alias (added to docs only).

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
2023-02-26 14:04:57 +01:00