Merge pull request #324 from voxpupuli/modulesync

modulesync 3.0.0 + code reformatting because of puppet-lint updates
voxpupuli · Jul 24, 2020 · 82fd199 · 82fd199
2 parents c01b7f3 + 0a7a338
commit 82fd199
Show file tree

Hide file tree

Showing 16 changed files with 40 additions and 43 deletions.
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,3 @@
+# Vox Pupuli Security Policy
+
+Our vulnerabilities reporting process is at https://voxpupuli.org/security/
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -528,6 +528,9 @@ RSpec/RepeatedDescription:
 RSpec/NestedGroups:
   Enabled: False
 
+RSpec/MultipleExpectations:
+  Enabled: false
+
 # this is broken on ruby1.9
 Layout/IndentHeredoc:
   Enabled: False

diff --git a/.travis.yml b/.travis.yml
@@ -1,4 +1,5 @@
 ---
+os: linux
 dist: bionic
 language: ruby
 cache: bundler
@@ -7,7 +8,7 @@ before_install:
   - bundle --version
 script:
   - 'bundle exec rake $CHECK'
-matrix:
+jobs:
   fast_finish: true
   include:
   - rvm: 2.4.4
@@ -36,7 +37,7 @@ notifications:
       - "chat.freenode.org#voxpupuli-notifications"
 deploy:
   provider: puppetforge
-  user: puppet
+  username: puppet
   password:
     secure: "r7NI3OHbyMs/w351LkmkTFFLriDDyWKvgyZt+XYPw7jbaWmqnV4+NSJMQSkXgTS+tq2jNPLOWY1UuPuFJKkyd1m7LteOb2yZ6HJs5BL7QJjJWC2vUjkY60kl2xHn81D6SEXOXoVseGWiimlTlWJM3pKljNgZOZlOMw96vgnd6/I="
   on:

diff --git a/Gemfile b/Gemfile
@@ -11,9 +11,9 @@ def location_for(place, fake_version = nil)
 end
 
 group :test do
-  gem 'voxpupuli-test', '>= 1.0.0',  :require => false
-  gem 'coveralls',                   :require => false
-  gem 'simplecov-console',           :require => false
+  gem 'voxpupuli-test', '~> 2.0',  :require => false
+  gem 'coveralls',                 :require => false
+  gem 'simplecov-console',         :require => false
 end
 
 group :development do

diff --git a/examples/fcontext.pp b/examples/fcontext.pp
@@ -1,4 +1,4 @@
-selinux::fcontext{'set-mysql-log-context':
+selinux::fcontext { 'set-mysql-log-context':
   seltype  => 'mysqld_log_t',
   pathspec => '/u01/log/mysql(/.*)?',
 }
diff --git a/manifests/boolean.pp b/manifests/boolean.pp
@@ -17,7 +17,6 @@
   Variant[Boolean, Enum['on', 'off', 'present', 'absent']] $ensure = 'on',
   Boolean $persistent = true,
 ) {
-
   include selinux
 
   Anchor['selinux::module post']

diff --git a/manifests/build.pp b/manifests/build.pp
@@ -16,17 +16,17 @@
 #
 # @api private
 #
-class selinux::build(
+class selinux::build (
   Stdlib::Absolutepath $module_build_root = $selinux::module_build_root,
 ) {
-  file {$module_build_root:
+  file { $module_build_root:
     ensure => 'directory',
     owner  => 'root',
     group  => 'root',
     mode   => '0755',
   }
 
-  file {"${module_build_root}/bin":
+  file { "${module_build_root}/bin":
     ensure => 'directory',
     owner  => 'root',
     group  => 'root',
@@ -36,7 +36,7 @@
   $module_build_simple = "${module_build_root}/bin/selinux_build_module_simple.sh"
 
   # put helper in place:
-  file {$module_build_simple:
+  file { $module_build_simple:
     ensure => 'file',
     owner  => 'root',
     group  => 'root',
@@ -46,7 +46,7 @@
 
   $module_build_dir = "${module_build_root}/modules"
 
-  file {$module_build_dir:
+  file { $module_build_dir:
     ensure  => 'directory',
     owner   => 'root',
     group   => 'root',
@@ -56,7 +56,7 @@
   }
 
   # needed by refpolicy builder and our simple builder
-  file {"${module_build_dir}/tmp":
+  file { "${module_build_dir}/tmp":
     ensure                  => 'directory',
     selinux_ignore_defaults => true,
   }

diff --git a/manifests/config.pp b/manifests/config.pp
@@ -11,7 +11,6 @@
   $mode,
   $type,
 ) {
-
   assert_private()
 
   if ($mode == 'enforcing' and !$facts['os']['selinux']['enabled']) {
@@ -56,8 +55,7 @@
 
     # a complete relabeling is required when switching from disabled to
     # permissive or enforcing. Ensure the autorelabel trigger file is created.
-    if $_real_mode in ['enforcing','permissive'] and
-      !$facts['os']['selinux']['enabled'] {
+    if $_real_mode in ['enforcing','permissive'] and !$facts['os']['selinux']['enabled'] {
       file { '/.autorelabel':
         ensure  => 'file',
         owner   => 'root',

diff --git a/manifests/exec_restorecon.pp b/manifests/exec_restorecon.pp
@@ -10,15 +10,14 @@
 # @param unless see the Exec resource
 # @param onlyif see the Exec resource
 #
-define selinux::exec_restorecon(
+define selinux::exec_restorecon (
   Stdlib::Absolutepath $path        = $title,
   Boolean              $refreshonly = true,
   Boolean              $recurse     = true,
   Boolean              $force       = false,
   Optional[String]     $unless      = undef,
   Optional[String]     $onlyif      = undef,
 ) {
-
   include selinux
 
   $opt_recurse = $recurse ? {
@@ -33,7 +32,7 @@
 
   $command = "restorecon${opt_force}${opt_recurse}"
 
-  exec {"selinux::exec_restorecon ${path}":
+  exec { "selinux::exec_restorecon ${path}":
     path        => '/sbin:/usr/sbin',
     command     => sprintf('%s %s', $command, shellquote($path)),
     refreshonly => $refreshonly,

diff --git a/manifests/fcontext.pp b/manifests/fcontext.pp
@@ -31,19 +31,18 @@
 #       - s = socket
 #       - l = symbolic link
 #       - p = named pipe
-define selinux::fcontext(
+define selinux::fcontext (
   String $pathspec                  = $title,
   Enum['absent', 'present'] $ensure = 'present',
   Optional[String] $seltype         = undef,
   Optional[String] $seluser         = undef,
   Optional[String] $filetype        = 'a',
 ) {
-
   include selinux
   if $ensure == 'present' {
-  Anchor['selinux::module post']
-  -> Selinux::Fcontext[$title]
-  -> Anchor['selinux::end']
+    Anchor['selinux::module post']
+    -> Selinux::Fcontext[$title]
+    -> Anchor['selinux::end']
   } else {
     Anchor['selinux::start']
     -> Selinux::Fcontext[$title]
@@ -57,7 +56,7 @@
   # Do nothing unless SELinux is enabled
   if $facts['os']['selinux']['enabled'] {
     # make sure the title is correct or the provider will misbehave
-    selinux_fcontext {"${pathspec}_${filetype}":
+    selinux_fcontext { "${pathspec}_${filetype}":
       ensure    => $ensure,
       pathspec  => $pathspec,
       seltype   => $seltype,

diff --git a/manifests/fcontext/equivalence.pp b/manifests/fcontext/equivalence.pp
@@ -10,12 +10,11 @@
 #     target => '/usr/share/wordpress',
 #   }
 #
-define selinux::fcontext::equivalence(
+define selinux::fcontext::equivalence (
   String $target,
   String $path = $title,
   Enum['present', 'absent'] $ensure = 'present'
 ) {
-
   include selinux
 
   if $ensure == 'present' {
@@ -33,4 +32,3 @@
     target => $target,
   }
 }
-
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -47,7 +47,6 @@
   Optional[Hash] $port            = undef,
   Optional[Hash] $exec_restorecon = undef,
 ) {
-
   class { 'selinux::package':
     manage_package        => $manage_package,
     package_names         => Array.new($package_name, true),

diff --git a/manifests/module.pp b/manifests/module.pp
@@ -51,7 +51,7 @@
 # @param content_if content of the SELinux .if file
 # @param builder either 'simple' or 'refpolicy'. The simple builder attempts to use checkmodule
 #   to build the module, whereas 'refpolicy' uses the refpolicy framework, but requires 'make'
-define selinux::module(
+define selinux::module (
   Optional[String] $source_pp = undef,
   Optional[String] $source_te = undef,
   Optional[String] $source_fc = undef,
@@ -79,9 +79,9 @@
   $module_file = "${module_dir}/${title}"
 
   $build_command = $_builder ? {
-      'simple'    => shellquote($selinux::build::module_build_simple, $title, $module_dir),
-      'refpolicy' => shellquote('make', '-f', $selinux::refpolicy_makefile, "${title}.pp"),
-      'none'      => undef
+    'simple'    => shellquote($selinux::build::module_build_simple, $title, $module_dir),
+    'refpolicy' => shellquote('make', '-f', $selinux::refpolicy_makefile, "${title}.pp"),
+    'none'      => undef
   }
 
   Anchor['selinux::module pre']
@@ -98,30 +98,30 @@
   }
 
   if $has_source and $ensure == 'present' {
-    file {"${module_file}.te":
+    file { "${module_file}.te":
       ensure  => 'file',
       source  => $source_te,
       content => $content_te,
       notify  => Exec["clean-module-${title}"],
     }
 
     $content_fc_real = $content_fc ? { undef => $source_fc ? { undef => '', default => undef }, default => $content_fc }
-    file {"${module_file}.fc":
+    file { "${module_file}.fc":
       ensure  => 'file',
       source  => $source_fc,
       content => $content_fc_real,
       notify  => Exec["clean-module-${title}"],
     }
 
     $content_if_real = $content_if ? { undef => $source_if ? { undef => '', default => undef }, default => $content_if }
-    file {"${module_file}.if":
+    file { "${module_file}.if":
       ensure  => 'file',
       source  => $source_if,
       content => $content_if_real,
       notify  => Exec["clean-module-${title}"],
     }
     # ensure it doesn't get purged if it exists
-    file {"${module_file}.pp": selinux_ignore_defaults => true }
+    file { "${module_file}.pp": selinux_ignore_defaults => true }
 
     exec { "clean-module-${title}":
       path        => '/bin:/usr/bin',
@@ -140,7 +140,7 @@
     }
     $install = true
   } elsif $source_pp != undef and $ensure == 'present' {
-    file {"${module_file}.pp":
+    file { "${module_file}.pp":
       ensure => 'file',
       source => $source_pp,
       notify => Exec["clean-module-${title}"],

diff --git a/manifests/package.pp b/manifests/package.pp
@@ -12,7 +12,7 @@
   Array[String[1]] $package_names,
   Boolean $manage_auditd_package,
   String[1] $auditd_package_name,
-){
+) {
   assert_private()
   if $manage_package {
     ensure_packages ($package_names)

diff --git a/manifests/permissive.pp b/manifests/permissive.pp
@@ -12,7 +12,6 @@
   String $seltype = $title,
   Enum['present', 'absent'] $ensure = 'present',
 ) {
-
   include selinux
   if $ensure == 'present' {
     Anchor['selinux::module post']
@@ -24,7 +23,7 @@
     -> Anchor['selinux::module pre']
   }
 
-  selinux_permissive {$seltype:
+  selinux_permissive { $seltype:
     ensure => $ensure,
   }
 }
diff --git a/manifests/port.pp b/manifests/port.pp
@@ -24,7 +24,6 @@
   Optional[Tuple[Integer[1,65535], 2, 2]] $port_range = undef,
   Enum['present', 'absent']          $ensure = 'present',
 ) {
-
   include selinux
 
   if $ensure == 'present' {
@@ -58,7 +57,7 @@
 
   # Do nothing unless SELinux is enabled
   if $facts['os']['selinux']['enabled'] {
-    selinux_port {"${protocol}_${range[0]}-${range[1]}":
+    selinux_port { "${protocol}_${range[0]}-${range[1]}":
       ensure    => $ensure,
       low_port  => $range[0],
       high_port => $range[1],