Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New module - semodule #57865

Open
wants to merge 17 commits into
base: devel
from

Conversation

Projects
None yet
4 participants
@bandit145
Copy link
Contributor

commented Jun 14, 2019

SUMMARY

Adds an semodule Ansible module for compiling and applying .te (Type enforcement files) as discussed in #27349

ISSUE TYPE
  • New Module Pull Request
COMPONENT NAME

semodule

ADDITIONAL INFORMATION

Most of the logic for controlling this module is written in the action, this seemed like a good way to cut down on needing to copy the .te file to the target host if not needed.

.te file:
module ansible-semodule-test 1.0;

require {
	type proc_net_t;
	type sshd_t;
	class file { open read };
}

allow sshd_t proc_net_t:file { open read};

- name: install test module
  semodule:
    src: test.te

TASK [semodule : install test module] *********************************
changed: [testhost] => {"changed": true, "name": "ansible-semodule-test", "version": "1.0"}

TASK [semodule : debug] ********************************************************
ok: [testhost] => {
    "test1_mod_install": {
        "changed": true, 
        "failed": false, 
        "name": "ansible-semodule-test", 
        "version": "1.0"
    }
}
@ansibot

This comment has been minimized.

Copy link
Contributor

commented Jun 14, 2019

The test ansible-test sanity --test pylint [explain] failed with 15 errors:

lib/ansible/module_utils/semodule.py:1:0: ansible-bad-module-import Import external package or ansible.module_utils not ansible.errors
lib/ansible/module_utils/semodule.py:8:32: bad-whitespace Exactly one space required after comma                 cur_pol['name'] ,cur_pol['version'] = line.split('\t')                                 ^
lib/ansible/module_utils/semodule.py:8:32: bad-whitespace No space allowed before comma                 cur_pol['name'] ,cur_pol['version'] = line.split('\t')                                 ^
lib/ansible/module_utils/semodule.py:14:19: bad-whitespace No space allowed after bracket             return [ x.strip(';').split(' ') for x in te_file.read().split('\n') if 'module' in x ][0]                    ^
lib/ansible/module_utils/semodule.py:14:98: bad-whitespace No space allowed before bracket             return [ x.strip(';').split(' ') for x in te_file.read().split('\n') if 'module' in x ][0]                                                                                                   ^
lib/ansible/module_utils/semodule.py:22:0: missing-final-newline Final newline missing
test/units/plugins/action/test_semodule.py:32:63: bad-whitespace Exactly one space required after comma @pytest.mark.parametrize('new_ver,old_ver,change,change_reason',[                                                                ^
test/units/plugins/action/test_semodule.py:33:20: bad-whitespace Exactly one space required after comma             ('1.2.3','1.0.0.0',True,'newer'),                     ^
test/units/plugins/action/test_semodule.py:33:30: bad-whitespace Exactly one space required after comma             ('1.2.3','1.0.0.0',True,'newer'),                               ^
test/units/plugins/action/test_semodule.py:33:35: bad-whitespace Exactly one space required after comma             ('1.2.3','1.0.0.0',True,'newer'),                                    ^
test/units/plugins/action/test_semodule.py:34:18: bad-whitespace Exactly one space required after comma             ('1.2','2', True, 'older'),                   ^
test/units/plugins/action/test_semodule.py:35:16: bad-whitespace Exactly one space required after comma             ('2','1.6',True, 'newer'),                 ^
test/units/plugins/action/test_semodule.py:35:22: bad-whitespace Exactly one space required after comma             ('2','1.6',True, 'newer'),                       ^
test/units/plugins/action/test_semodule.py:36:18: bad-whitespace Exactly one space required after comma             ('1.2','1.2', False, 'same')                   ^
test/units/plugins/action/test_semodule.py:41:58: bad-whitespace Exactly one space required after comma     result = semodule_action._check_policy_version(new_ver,old_ver)                                                           ^

The test ansible-test sanity --test pylint [explain] failed with 14 errors:

lib/ansible/modules/system/semodule.py:77:15: trailing-whitespace Trailing whitespace
lib/ansible/modules/system/semodule.py:105:54: bad-whitespace Exactly one space required after comma     chk_module_out = module.run_command(['checkmodule','-M','-m', module.params['src'], '-o', policy_def['name']+'.mod'])                                                       ^
lib/ansible/modules/system/semodule.py:105:59: bad-whitespace Exactly one space required after comma     chk_module_out = module.run_command(['checkmodule','-M','-m', module.params['src'], '-o', policy_def['name']+'.mod'])                                                            ^
lib/ansible/modules/system/semodule.py:107:62: bad-whitespace Exactly one space required after comma     semod_package_out = module.run_command(['semodule_package','-o', policy_def['name']+'.pp','-m' , policy_def['name']+'.mod'])                                                               ^
lib/ansible/modules/system/semodule.py:107:93: bad-whitespace Exactly one space required after comma     semod_package_out = module.run_command(['semodule_package','-o', policy_def['name']+'.pp','-m' , policy_def['name']+'.mod'])                                                                                              ^
lib/ansible/modules/system/semodule.py:107:99: bad-whitespace No space allowed before comma     semod_package_out = module.run_command(['semodule_package','-o', policy_def['name']+'.pp','-m' , policy_def['name']+'.mod'])                                                                                                    ^
lib/ansible/modules/system/semodule.py:117:19: bad-whitespace No space allowed before :         if rc != 0 :                    ^
lib/ansible/modules/system/semodule.py:131:52: trailing-whitespace Trailing whitespace
lib/ansible/modules/system/semodule.py:135:0: missing-final-newline Final newline missing
lib/ansible/plugins/action/semodule.py:11:23: bad-whitespace No space allowed after bracket         version_list = [ int(x) for x in new_version.split('.') ]                        ^
lib/ansible/plugins/action/semodule.py:11:64: bad-whitespace No space allowed before bracket         version_list = [ int(x) for x in new_version.split('.') ]                                                                 ^
lib/ansible/plugins/action/semodule.py:12:27: bad-whitespace No space allowed after bracket         cur_version_list = [ int(x) for x in cur_version.split('.') ]                            ^
lib/ansible/plugins/action/semodule.py:12:68: bad-whitespace No space allowed before bracket         cur_version_list = [ int(x) for x in cur_version.split('.') ]                                                                     ^
lib/ansible/plugins/action/semodule.py:114:0: missing-final-newline Final newline missing

The test ansible-test sanity --test boilerplate [explain] failed with 4 errors:

lib/ansible/modules/system/semodule.py:0:0: missing: __metaclass__ = type
lib/ansible/modules/system/semodule.py:0:0: missing: from __future__ import (absolute_import, division, print_function)
lib/ansible/plugins/action/semodule.py:0:0: missing: __metaclass__ = type
lib/ansible/plugins/action/semodule.py:0:0: missing: from __future__ import (absolute_import, division, print_function)

The test ansible-test sanity --test import --python 2.6 [explain] failed with 2 errors:

lib/ansible/module_utils/semodule.py:1:0: ImportError: No module named errors
test/runner/.tox/import/lib/ansible/module_utils/semodule.py:1:0: ImportError: No module named errors

The test ansible-test sanity --test import --python 2.7 [explain] failed with 3 errors:

lib/ansible/module_utils/semodule.py:1:0: ImportError: No module named errors
lib/ansible/modules/system/semodule.py:83:0: ImportError: No module named errors
test/runner/.tox/import/lib/ansible/module_utils/semodule.py:1:0: ImportError: No module named errors

The test ansible-test sanity --test import --python 3.5 [explain] failed with 3 errors:

lib/ansible/module_utils/semodule.py:1:0: ImportError: No module named 'ansible.errors'
lib/ansible/modules/system/semodule.py:83:0: ImportError: No module named 'ansible.errors'
test/runner/.tox/import/lib/ansible/module_utils/semodule.py:1:0: ImportError: No module named 'ansible.errors'

The test ansible-test sanity --test import --python 3.6 [explain] failed with 3 errors:

lib/ansible/module_utils/semodule.py:1:0: ModuleNotFoundError: No module named 'ansible.errors'
lib/ansible/modules/system/semodule.py:83:0: ModuleNotFoundError: No module named 'ansible.errors'
test/runner/.tox/import/lib/ansible/module_utils/semodule.py:1:0: ModuleNotFoundError: No module named 'ansible.errors'

The test ansible-test sanity --test import --python 3.7 [explain] failed with 3 errors:

lib/ansible/module_utils/semodule.py:1:0: ModuleNotFoundError: No module named 'ansible.errors'
lib/ansible/modules/system/semodule.py:83:0: ModuleNotFoundError: No module named 'ansible.errors'
test/runner/.tox/import/lib/ansible/module_utils/semodule.py:1:0: ModuleNotFoundError: No module named 'ansible.errors'

The test ansible-test sanity --test integration-aliases [explain] failed with 1 error:

test/integration/targets/semodule/aliases:0:0: missing alias `shippable/posix/group[1-4]` or `unsupported`

The test ansible-test sanity --test import --python 3.8 [explain] failed with 3 errors:

lib/ansible/module_utils/semodule.py:1:0: ModuleNotFoundError: No module named 'ansible.errors'
lib/ansible/modules/system/semodule.py:83:0: ModuleNotFoundError: No module named 'ansible.errors'
test/runner/.tox/import/lib/ansible/module_utils/semodule.py:1:0: ModuleNotFoundError: No module named 'ansible.errors'

The test ansible-test sanity --test pep8 [explain] failed with 49 errors:

lib/ansible/module_utils/semodule.py:3:1: E302 expected 2 blank lines, found 1
lib/ansible/module_utils/semodule.py:4:9: E117 over-indented
lib/ansible/module_utils/semodule.py:8:32: E203 whitespace before ','
lib/ansible/module_utils/semodule.py:8:33: E231 missing whitespace after ','
lib/ansible/module_utils/semodule.py:11:1: E302 expected 2 blank lines, found 1
lib/ansible/module_utils/semodule.py:14:21: E201 whitespace after '['
lib/ansible/module_utils/semodule.py:14:98: E202 whitespace before ']'
lib/ansible/module_utils/semodule.py:18:1: E302 expected 2 blank lines, found 1
lib/ansible/module_utils/semodule.py:22:22: W292 no newline at end of file
lib/ansible/modules/system/semodule.py:77:16: W291 trailing whitespace
lib/ansible/modules/system/semodule.py:93:1: E302 expected 2 blank lines, found 1
lib/ansible/modules/system/semodule.py:100:1: E302 expected 2 blank lines, found 1
lib/ansible/modules/system/semodule.py:104:1: E302 expected 2 blank lines, found 1
lib/ansible/modules/system/semodule.py:105:55: E231 missing whitespace after ','
lib/ansible/modules/system/semodule.py:105:60: E231 missing whitespace after ','
lib/ansible/modules/system/semodule.py:105:113: E226 missing whitespace around arithmetic operator
lib/ansible/modules/system/semodule.py:107:63: E231 missing whitespace after ','
lib/ansible/modules/system/semodule.py:107:88: E226 missing whitespace around arithmetic operator
lib/ansible/modules/system/semodule.py:107:94: E231 missing whitespace after ','
lib/ansible/modules/system/semodule.py:107:99: E203 whitespace before ','
lib/ansible/modules/system/semodule.py:107:120: E226 missing whitespace around arithmetic operator
lib/ansible/modules/system/semodule.py:109:76: E226 missing whitespace around arithmetic operator
lib/ansible/modules/system/semodule.py:112:1: E302 expected 2 blank lines, found 1
lib/ansible/modules/system/semodule.py:117:19: E203 whitespace before ':'
lib/ansible/modules/system/semodule.py:120:1: E302 expected 2 blank lines, found 1
lib/ansible/modules/system/semodule.py:131:53: W291 trailing whitespace
lib/ansible/modules/system/semodule.py:134:1: E305 expected 2 blank lines after class or function definition, found 1
lib/ansible/modules/system/semodule.py:135:11: W292 no newline at end of file
lib/ansible/plugins/action/semodule.py:8:1: E302 expected 2 blank lines, found 1
lib/ansible/plugins/action/semodule.py:11:25: E201 whitespace after '['
lib/ansible/plugins/action/semodule.py:11:64: E202 whitespace before ']'
lib/ansible/plugins/action/semodule.py:12:29: E201 whitespace after '['
lib/ansible/plugins/action/semodule.py:12:68: E202 whitespace before ']'
lib/ansible/plugins/action/semodule.py:41:13: E265 block comment should start with '# '
lib/ansible/plugins/action/semodule.py:114:22: W292 no newline at end of file
test/units/module_utils/test_semodule.py:16:1: E302 expected 2 blank lines, found 1
test/units/plugins/action/test_semodule.py:32:1: E302 expected 2 blank lines, found 1
test/units/plugins/action/test_semodule.py:32:64: E231 missing whitespace after ','
test/units/plugins/action/test_semodule.py:33:13: E126 continuation line over-indented for hanging indent
test/units/plugins/action/test_semodule.py:33:21: E231 missing whitespace after ','
test/units/plugins/action/test_semodule.py:33:31: E231 missing whitespace after ','
test/units/plugins/action/test_semodule.py:33:36: E231 missing whitespace after ','
test/units/plugins/action/test_semodule.py:34:19: E231 missing whitespace after ','
test/units/plugins/action/test_semodule.py:35:17: E231 missing whitespace after ','
test/units/plugins/action/test_semodule.py:35:23: E231 missing whitespace after ','
test/units/plugins/action/test_semodule.py:36:19: E231 missing whitespace after ','
test/units/plugins/action/test_semodule.py:37:9: E126 continuation line over-indented for hanging indent
test/units/plugins/action/test_semodule.py:38:5: E123 closing bracket does not match indentation of opening bracket's line
test/units/plugins/action/test_semodule.py:41:59: E231 missing whitespace after ','

The test ansible-test sanity --test validate-modules [explain] failed with 3 errors:

lib/ansible/modules/system/semodule.py:0:0: E316 ANSIBLE_METADATA.metadata_version: required key not provided @ data['metadata_version']. Got None
lib/ansible/modules/system/semodule.py:0:0: E316 ANSIBLE_METADATA.metdata_version: extra keys not allowed @ data['metdata_version']. Got 1.1
lib/ansible/modules/system/semodule.py:0:0: E326 Argument 'force' in argument_spec defines choices as ([]) but documentation defines choices as ([True, False])

click here for bot help

@ansibot ansibot added needs_revision and removed core_review labels Jun 14, 2019

@ansibot

This comment has been minimized.

Copy link
Contributor

commented Jun 14, 2019

The test ansible-test sanity --test pep8 [explain] failed with 1 error:

test/units/module_utils/test_semodule.py:16:1: E302 expected 2 blank lines, found 1

click here for bot help

@bandit145

This comment has been minimized.

Copy link
Contributor Author

commented Jun 15, 2019

Due to investigation prompted by failing rhel8 and fedora tests it seems newer versions of semodule do not display module versions any-more, as such I will drop "latest" support and operate only off module name info.

Relevant bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1690779

@samdoran samdoran removed the needs_triage label Jun 18, 2019

@ansibot

This comment has been minimized.

Copy link
Contributor

commented Jun 18, 2019

The test ansible-test sanity --test validate-modules [explain] failed with 1 error:

lib/ansible/modules/system/semodule.py:0:0: E326 Argument 'state' in argument_spec defines choices as (['present', 'latest', 'absent']) but documentation defines choices as (['present', 'absent'])

click here for bot help

@ansibot ansibot removed the ci_verified label Jun 22, 2019

@ansibot ansibot added core_review and removed needs_revision labels Jun 22, 2019

@ansibot ansibot added the stale_ci label Jun 30, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.