Merge 41ed27b into 75aa0ad

data/os/Debian.yaml

@@ -1,2 +1,3 @@
 ---
 selinux::manage_auditd_package: true
+selinux::manage_setroubleshoot_packages: false

data/os/RedHat.yaml

@@ -1,3 +1,7 @@
 ---
 selinux::package_name: policycoreutils-python-utils
 selinux::manage_auditd_package: false
+selinux::manage_setroubleshoot_packages: false
+selinux::setroubleshoot_package_names:
+  - setroubleshoot
+  - setroubleshoot-plugins

manifests/init.pp

@@ -19,6 +19,8 @@
 # @param refpolicy_makefile the path to the system's SELinux makefile for the refpolicy framework
 # @param manage_package manage the package for selinux tools and refpolicy
 # @param auditd_package_name used when `manage_auditd_package` is true
+# @param manage_setroubleshoot_packages manage the setroubleshoot packages
+# @param setroubleshoot_package_names the names of the setroubleshoot packages
 # @param module_build_root directory where modules are built. Defaults to `$vardir/puppet-selinux`
 # @param default_builder which builder to use by default with selinux::module
 # @param boolean Hash of selinux::boolean resource parameters
@@ -32,6 +34,8 @@
   Variant[String[1], Array[String[1]]] $package_name,
   Boolean $manage_auditd_package,
   String $refpolicy_package_name,
+  Boolean $manage_setroubleshoot_packages,
+  Array[String] $setroubleshoot_package_names                 = [],
   Optional[Enum['enforcing', 'permissive', 'disabled']] $mode = undef,
   Optional[Enum['targeted', 'minimum', 'mls']] $type          = undef,
   Stdlib::Absolutepath $refpolicy_makefile                    = '/usr/share/selinux/devel/Makefile',
@@ -48,10 +52,12 @@
   Optional[Hash] $exec_restorecon = undef,
 ) {
   class { 'selinux::package':
-    manage_package        => $manage_package,
-    package_names         => Array.new($package_name, true),
-    manage_auditd_package => $manage_auditd_package,
-    auditd_package_name   => $auditd_package_name,
+    manage_package                 => $manage_package,
+    package_names                  => Array.new($package_name, true),
+    manage_auditd_package          => $manage_auditd_package,
+    auditd_package_name            => $auditd_package_name,
+    manage_setroubleshoot_packages => $manage_setroubleshoot_packages,
+    setroubleshoot_package_names   => $setroubleshoot_package_names,
   }
 
   class { 'selinux::config':

manifests/package.pp

@@ -12,6 +12,8 @@
   Array[String[1]] $package_names,
   Boolean $manage_auditd_package,
   String[1] $auditd_package_name,
+  Boolean $manage_setroubleshoot_packages,
+  Array[String] $setroubleshoot_package_names,
 ) {
   assert_private()
   if $manage_package {
@@ -20,4 +22,7 @@
   if $manage_auditd_package {
     ensure_packages ($auditd_package_name)
   }
+  if $manage_setroubleshoot_packages {
+    ensure_packages ($setroubleshoot_package_names)
+  }
 }

manifests/refpolicy_package.pp

@@ -8,7 +8,7 @@
 class selinux::refpolicy_package (
   $manage_package = $selinux::manage_package,
   $package_name   = $selinux::refpolicy_package_name,
-) inherits ::selinux {
+) inherits selinux {
   assert_private()
   if $manage_package {
     ensure_packages ($package_name)

spec/classes/selinux_package_spec.rb

@@ -114,5 +114,24 @@
 
       it { is_expected.to contain_package('some_package').with(ensure: 'present') }
     end
+
+    context 'install setroubleshoot packages' do
+      let(:facts) do
+        {
+          osfamily: 'RedHat',
+          operatingsystem: 'RedHat',
+          operatingsystemmajrelease: '7',
+          os: { release: { major: 7 }, name: 'RedHat', family: 'RedHat' }
+        }
+      end
+      let(:params) do
+        {
+          manage_setroubleshoot_packages: true
+        }
+      end
+
+      it { is_expected.to contain_package('setroubleshoot').with(ensure: 'present') }
+      it { is_expected.to contain_package('setroubleshoot-plugins').with(ensure: 'present') }
+    end
   end
 end