-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(PUP-8577) Migrate SELinux to a seperate module #1
Conversation
Error: puppet-syntax: UTF-8: Could not parse for environment production: invalid byte sequence SELinux uses the `.pp` extension, which stands for "Policy Package". This is great, except that puppet-syntax expects files that have the `.pp` extension to be puppet manifests. This commit simply removes the extension from this file. It's only used as the return value for a stub, so it is safe for us to remove the extension for the sake of testing.
Mocha is very old, we should be using the mocking abilities that are now native in rspec
Fix rubocop convention violation RSpec/InstanceVariable Update the spec tests to mock with rspec and not mocha
We do not run tests on windows for this module, and we only support ruby >= 2.3 so do not need to test old ruby versions
lib/puppet/type/file/selcontext.rb
Outdated
@@ -0,0 +1,153 @@ | |||
# Manage SELinux context of files. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@joshcooper should I be pulling this file as well, or no? k5login uses it (which will be a dependency we can specify when we pull k5login out), but it's also loaded as a part of the file type
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@branan @joshcooper was saying you had thoughts on selinux extraction? Is this a file we can move out to the module, or should we keep this in the puppet repo?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to stay in Puppet - it's related to how the file
type handles selinux permissions on files. Some selinux bits for core types will always have to stay in Puppet itself (until we figure out how to modularize the really core types)
I'm also /kind/ of inclined to leave the feature
in core, since it's super lightweight and might be useful when adding selinux awareness to other types/providers. But I don't totally have a use-case yet, so as long as bringing it back later won't break anything, I'm fine pulling it out for now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 sweet, I'll pull those out
There were a few files that had made their way into this module that should stay in the puppet code base. This commit removes those files. I had also missed a few spec files which we do want in the module. So this commit pulls those in. We are not using any of the helper methods form spec/lib/puppet_spec/files.rb, so that file, and references to it, have also been removed.
.rspec
Outdated
@@ -0,0 +1,2 @@ | |||
--color |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have we been checking the .rspec
file into the other extracted modules? Seems like it should be part of the .gitignore
so people working on the module can have whatever they prefer in there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file is added by PDK, so yes, it's in all the other modules
We don't want to keep these files in the repo
No description provided.