From 54e877e34765891d5f9623b7c35c7d56096a41ed Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Thu, 26 Oct 2023 15:19:35 +0200 Subject: [PATCH] Fixed review foundings Signed-off-by: Radovan Sroka --- .ansible-lint | 2 +- .github/CODEOWNERS | 2 +- examples/inventory | 1 - examples/simple.yml | 4 ++-- handlers/main.yml | 4 ++-- tasks/enable.yml | 20 +++++++++++-------- templates/fapolicyd.conf.j2 | 2 ++ .../defaults | 0 .../handlers | 0 .../meta | 0 .../tasks | 0 .../templates | 0 .../vars | 0 tests/setup-snapshot.yml | 4 ++-- tests/tests_default.yml | 4 ++-- vars/CentOS_8.yml | 7 ------- vars/CentOS_9.yml | 7 ------- vars/Fedora.yml | 7 ------- vars/RedHat_8.yml | 7 ------- vars/RedHat_9.yml | 7 ------- vars/main.yml | 3 +++ 21 files changed, 27 insertions(+), 54 deletions(-) delete mode 100644 examples/inventory rename tests/roles/{linux-system-roles.template => linux-system-roles.fapolicyd}/defaults (100%) rename tests/roles/{linux-system-roles.template => linux-system-roles.fapolicyd}/handlers (100%) rename tests/roles/{linux-system-roles.template => linux-system-roles.fapolicyd}/meta (100%) rename tests/roles/{linux-system-roles.template => linux-system-roles.fapolicyd}/tasks (100%) rename tests/roles/{linux-system-roles.template => linux-system-roles.fapolicyd}/templates (100%) rename tests/roles/{linux-system-roles.template => linux-system-roles.fapolicyd}/vars (100%) delete mode 100644 vars/CentOS_8.yml delete mode 100644 vars/CentOS_9.yml delete mode 100644 vars/Fedora.yml delete mode 100644 vars/RedHat_8.yml delete mode 100644 vars/RedHat_9.yml diff --git a/.ansible-lint b/.ansible-lint index dd7e0a4..5f9594f 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -19,4 +19,4 @@ exclude_paths: - .github/ - examples/roles/ mock_roles: - - linux-system-roles.template + - linux-system-roles.fapolicyd diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 48c0688..118cdfb 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,3 +1,3 @@ # https://help.github.com/en/articles/about-code-owners # Default reviewers for everything -* @spetrosi @nhosoi @richm +* @spetrosi @richm diff --git a/examples/inventory b/examples/inventory deleted file mode 100644 index 8b13789..0000000 --- a/examples/inventory +++ /dev/null @@ -1 +0,0 @@ - diff --git a/examples/simple.yml b/examples/simple.yml index 47378c0..cf06910 100644 --- a/examples/simple.yml +++ b/examples/simple.yml @@ -1,6 +1,6 @@ # SPDX-License-Identifier: MIT --- -- name: Example template role invocation +- name: Example fapolicyd role invocation hosts: all vars: fapolicyd_setup_enable_service: true @@ -11,4 +11,4 @@ - /etc/fapolicyd/fapolicyd.conf - /etc/krb5.conf roles: - - fapolicyd + - linux-system-roles.fapolicyd diff --git a/handlers/main.yml b/handlers/main.yml index 726022e..89b1ac0 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,7 +1,7 @@ # SPDX-License-Identifier: MIT --- -- name: Handler for template to restart services +- name: Handler for fapolicyd to restart services service: name: "{{ item }}" state: restarted - loop: "{{ __template_services }}" + loop: "{{ __fapolicyd_services }}" diff --git a/tasks/enable.yml b/tasks/enable.yml index 906a4dc..80cb191 100644 --- a/tasks/enable.yml +++ b/tasks/enable.yml @@ -4,7 +4,7 @@ msg: Fapolicyd does not support trust setting fapolicyd_setup_trust ignore_errors: true when: - - fapolicyd_setup_trust + - fapolicyd_setup_trust | length > 0 - ansible_facts.distribution_version is version("8.2", "<=") register: __failed_check_trust @@ -13,25 +13,26 @@ msg: Fapolicyd does not support integrity setting fapolicyd_setup_integrity ignore_errors: true when: - - fapolicyd_setup_integrity + - fapolicyd_setup_integrity | length > 0 - ansible_facts.distribution_version is version("8.3", "<=") register: __failed_check_integrity - name: Check trust files compatibility fail: - msg: Fapolicyd does not support trust files setting fapolicyd_add_trusted_file + msg: >- + Fapolicyd does not support trust files setting fapolicyd_add_trusted_file ignore_errors: true when: - - fapolicyd_add_trusted_file + - fapolicyd_add_trusted_file | length > 0 - ansible_facts.distribution_version is version("8.3", "<=") register: __failed_check_trusted_file - name: Check failed conditions fail: msg: Multiple failed conditions - #failed_when: true - when: __failed_check_trust is failed or __failed_check_integrity is failed or __failed_check_trusted_file is failed - + # failed_when: true + when: __failed_check_trust is failed or __failed_check_integrity is failed or + __failed_check_trusted_file is failed - name: Install fapolicyd packages package: @@ -63,12 +64,15 @@ - name: Trustdb cleanup command: fapolicyd-cli --file delete / when: fapolicyd_add_trusted_file | length > 0 + changed_when: true failed_when: false - name: Add file to trustdb command: fapolicyd-cli --file add {{ item | quote }} - loop: "{{ (fapolicyd_add_trusted_file is string) | ternary([fapolicyd_add_trusted_file], fapolicyd_add_trusted_file) }}" + loop: "{{ (fapolicyd_add_trusted_file is string) | + ternary([fapolicyd_add_trusted_file], fapolicyd_add_trusted_file) }}" when: fapolicyd_add_trusted_file | length > 0 + changed_when: true - name: Start fapolicyd service service: diff --git a/templates/fapolicyd.conf.j2 b/templates/fapolicyd.conf.j2 index 9570aa7..a63b7d8 100644 --- a/templates/fapolicyd.conf.j2 +++ b/templates/fapolicyd.conf.j2 @@ -1,3 +1,5 @@ +{ ansible_managed | comment }} +{{ "system_role:fapolicyd" | comment(prefix="", postfix="") }} # # This file controls the configuration of the file access policy daemon. # See the fapolicyd.conf man page for explanation. diff --git a/tests/roles/linux-system-roles.template/defaults b/tests/roles/linux-system-roles.fapolicyd/defaults similarity index 100% rename from tests/roles/linux-system-roles.template/defaults rename to tests/roles/linux-system-roles.fapolicyd/defaults diff --git a/tests/roles/linux-system-roles.template/handlers b/tests/roles/linux-system-roles.fapolicyd/handlers similarity index 100% rename from tests/roles/linux-system-roles.template/handlers rename to tests/roles/linux-system-roles.fapolicyd/handlers diff --git a/tests/roles/linux-system-roles.template/meta b/tests/roles/linux-system-roles.fapolicyd/meta similarity index 100% rename from tests/roles/linux-system-roles.template/meta rename to tests/roles/linux-system-roles.fapolicyd/meta diff --git a/tests/roles/linux-system-roles.template/tasks b/tests/roles/linux-system-roles.fapolicyd/tasks similarity index 100% rename from tests/roles/linux-system-roles.template/tasks rename to tests/roles/linux-system-roles.fapolicyd/tasks diff --git a/tests/roles/linux-system-roles.template/templates b/tests/roles/linux-system-roles.fapolicyd/templates similarity index 100% rename from tests/roles/linux-system-roles.template/templates rename to tests/roles/linux-system-roles.fapolicyd/templates diff --git a/tests/roles/linux-system-roles.template/vars b/tests/roles/linux-system-roles.fapolicyd/vars similarity index 100% rename from tests/roles/linux-system-roles.template/vars rename to tests/roles/linux-system-roles.fapolicyd/vars diff --git a/tests/setup-snapshot.yml b/tests/setup-snapshot.yml index a7704df..a6684e1 100644 --- a/tests/setup-snapshot.yml +++ b/tests/setup-snapshot.yml @@ -4,11 +4,11 @@ tasks: - name: Set platform/version specific variables include_role: - name: linux-system-roles.template + name: linux-system-roles.fapolicyd tasks_from: set_vars.yml public: true - name: Install test packages package: - name: "{{ __template_packages }}" + name: "{{ __fapolicyd_packages }}" state: present diff --git a/tests/tests_default.yml b/tests/tests_default.yml index 4457422..10e2606 100644 --- a/tests/tests_default.yml +++ b/tests/tests_default.yml @@ -4,10 +4,10 @@ hosts: all gather_facts: false # test that role works in this case roles: - - linux-system-roles.template + - linux-system-roles.fapolicyd tasks: - name: Check header for ansible_managed, fingerprint include_tasks: tasks/check_header.yml vars: - __file: /etc/foo.conf + __file: "{{ __fapolicyd_dir }}/{{ __fapolicyd_conf }}" __fingerprint: system_role:template diff --git a/vars/CentOS_8.yml b/vars/CentOS_8.yml deleted file mode 100644 index 0fb6af8..0000000 --- a/vars/CentOS_8.yml +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: MIT ---- -# Put internal variables here with CentOS 8 specific values. - -# Example: -__template_packages: [] -__template_services: [] diff --git a/vars/CentOS_9.yml b/vars/CentOS_9.yml deleted file mode 100644 index 7c25b3c..0000000 --- a/vars/CentOS_9.yml +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: MIT ---- -# Put internal variables here with CentOS 9 specific values. - -# Example: -__template_packages: [] -__template_services: [] diff --git a/vars/Fedora.yml b/vars/Fedora.yml deleted file mode 100644 index a783f79..0000000 --- a/vars/Fedora.yml +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: MIT ---- -# Put internal variables here with Fedora specific values. - -# Example: -__template_packages: [] -__template_services: [] diff --git a/vars/RedHat_8.yml b/vars/RedHat_8.yml deleted file mode 100644 index 954bf90..0000000 --- a/vars/RedHat_8.yml +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: MIT ---- -# Put internal variables here with Red Hat Enterprise Linux 8 specific values. - -# Example: -__template_packages: [] -__template_services: [] diff --git a/vars/RedHat_9.yml b/vars/RedHat_9.yml deleted file mode 100644 index b367bff..0000000 --- a/vars/RedHat_9.yml +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: MIT ---- -# Put internal variables here with Red Hat Enterprise Linux 9 specific values. - -# Example: -__template_packages: [] -__template_services: [] diff --git a/vars/main.yml b/vars/main.yml index 7f34111..3b45d4d 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -10,6 +10,9 @@ __fapolicyd_services: fapolicyd.service __fapolicyd_dir: /etc/fapolicyd __fapolicyd_conf: fapolicyd.conf +__fapolicyd_packages: [fapolicyd] +__fapolicyd_selinux_packages: [fapolicyd-selinux] + # ansible_facts required by the role __template_required_facts: - distribution