Merge pull request #361 from jhoblitt/feature/selinux

(MODULES-2303) add selinux related params to concat type

.gitignore

@@ -7,3 +7,4 @@ spec/fixtures/
 coverage/
 .idea/
 *.iml
+log/

README.md

@@ -199,6 +199,36 @@ If you set this parameter to 'true', Puppet adds the following message:
 # This file is managed by Puppet. DO NOT EDIT.
 ~~~
 
+#####`selinux_ignore_defaults`
+
+See the `file` type's
+[`selinux_ignore_defaults`](https://docs.puppetlabs.com/references/latest/type.html#file-attribute-selinux_ignore_defaults)
+documentention.
+
+#####`selrange`
+
+See the `file` type's
+[`selrange`](https://docs.puppetlabs.com/references/latest/type.html#file-attribute-selrange)
+documentention.
+
+#####`selrole`
+
+See the `file` type's
+[`selrole`](https://docs.puppetlabs.com/references/latest/type.html#file-attribute-selrole)
+documentention.
+
+#####`seltype`
+
+See the `file` type's
+[`seltype`](https://docs.puppetlabs.com/references/latest/type.html#file-attribute-seltype)
+documentention.
+
+#####`seluser`
+
+See the `file` type's
+[`seluser`](https://docs.puppetlabs.com/references/latest/type.html#file-attribute-seluser)
+documentention.
+
 ####`concat::fragment`
 
 

manifests/init.pp

@@ -34,6 +34,10 @@
 # [*ensure_newline*]
 # [*gnu*]
 #   Deprecated
+# [*selinux_ignore_defaults*]
+# [*selrange*]
+# [*selrole*]
+# [*seltype*]
 #
 # === Actions:
 # * Creates fragment directories if it didn't exist already
@@ -56,20 +60,25 @@
 #   File["concat_/path/to/file"]
 #
 define concat(
-  $ensure           = 'present',
-  $path             = $name,
-  $owner            = undef,
-  $group            = undef,
-  $mode             = '0644',
-  $warn             = false,
-  $force            = false,
-  $backup           = 'puppet',
-  $backup_fragments = false,
-  $replace          = true,
-  $order            = 'alpha',
-  $ensure_newline   = false,
-  $validate_cmd     = undef,
-  $gnu              = undef
+  $ensure                  = 'present',
+  $path                    = $name,
+  $owner                   = undef,
+  $group                   = undef,
+  $mode                    = '0644',
+  $warn                    = false,
+  $force                   = false,
+  $backup                  = 'puppet',
+  $backup_fragments        = false,
+  $replace                 = true,
+  $order                   = 'alpha',
+  $ensure_newline          = false,
+  $validate_cmd            = undef,
+  $gnu                     = undef,
+  $selinux_ignore_defaults = undef,
+  $selrange                = undef,
+  $selrole                 = undef,
+  $seltype                 = undef,
+  $seluser                 = undef
 ) {
   validate_re($ensure, '^present$|^absent$')
   validate_absolute_path($path)
@@ -93,6 +102,13 @@
   if $gnu {
     warning('The $gnu parameter to concat is deprecated and has no effect')
   }
+  if $selinux_ignore_defaults {
+    validate_bool($selinux_ignore_defaults)
+  }
+  validate_string($selrange)
+  validate_string($selrole)
+  validate_string($seltype)
+  validate_string($seluser)
 
   include concat::setup
 
@@ -182,15 +198,20 @@
     }
 
     file { $name:
-      ensure  => present,
-      owner   => $owner,
-      group   => $group,
-      mode    => $mode,
-      replace => $replace,
-      path    => $path,
-      alias   => "concat_${name}",
-      source  => "${fragdir}/${concat_name}",
-      backup  => $backup,
+      ensure                  => present,
+      owner                   => $owner,
+      group                   => $group,
+      mode                    => $mode,
+      selinux_ignore_defaults => $selinux_ignore_defaults,
+      selrange                => $selrange,
+      selrole                 => $selrole,
+      seltype                 => $seltype,
+      seluser                 => $seluser,
+      replace                 => $replace,
+      path                    => $path,
+      alias                   => "concat_${name}",
+      source                  => "${fragdir}/${concat_name}",
+      backup                  => $backup,
     }
 
     # Only newer versions of puppet 3.x support the validate_cmd parameter

spec/unit/defines/concat_spec.rb

@@ -76,16 +76,21 @@
 
       it do
         should contain_file(title).with({
-          :ensure       => 'present',
-          :owner        => p[:owner],
-          :group        => p[:group],
-          :mode         => p[:mode],
-          :replace      => p[:replace],
-          :path         => p[:path],
-          :alias        => "concat_#{title}",
-          :source       => "#{fragdir}/#{concat_name}",
-          :validate_cmd => p[:validate_cmd],
-          :backup       => p[:backup],
+          :ensure                  => 'present',
+          :owner                   => p[:owner],
+          :group                   => p[:group],
+          :mode                    => p[:mode],
+          :replace                 => p[:replace],
+          :path                    => p[:path],
+          :alias                   => "concat_#{title}",
+          :source                  => "#{fragdir}/#{concat_name}",
+          :validate_cmd            => p[:validate_cmd],
+          :backup                  => p[:backup],
+          :selinux_ignore_defaults => p[:selinux_ignore_defaults],
+          :selrange                => p[:selrange],
+          :selrole                 => p[:selrole],
+          :seltype                 => p[:seltype],
+          :seluser                 => p[:seluser],
         })
       end
 
@@ -415,6 +420,47 @@
     end
   end # validate_cmd =>
 
+  context 'selinux_ignore_defaults =>' do
+    let(:title) { '/etc/foo.bar' }
+
+    [true, false].each do |v|
+      context v do
+        it_behaves_like 'concat', '/etc/foo.bar', { :selinux_ignore_defaults => v }
+      end
+    end
+
+    context '123' do
+      let(:title) { '/etc/foo.bar' }
+      let(:params) {{ :selinux_ignore_defaults => 123 }}
+      it 'should fail' do
+        expect { catalogue }.to raise_error(Puppet::Error, /is not a boolean/)
+      end
+    end
+  end # selinux_ignore_defaults =>
+
+  [
+    :selrange,
+    :selrole,
+    :seltype,
+    :seluser,
+  ].each do |p|
+    context " #{p} =>" do
+      let(:title) { '/etc/foo.bar' }
+
+      context 'foo' do
+        it_behaves_like 'concat', '/etc/foo.bar', { p => 'foo' }
+      end
+
+      context 'false' do
+        let(:title) { '/etc/foo.bar' }
+        let(:params) {{ p => false }}
+        it 'should fail' do
+          expect { catalogue }.to raise_error(Puppet::Error, /is not a string/)
+        end
+      end
+    end # #{p} =>
+  end
+
   describe 'deprecated parameter' do
     context 'gnu =>' do
       context 'foo' do