Skip to content

Commit

Permalink
Change the way SELinux is applied for portnumbers
Browse files Browse the repository at this point in the history
When declaring serveral http_ports with different
IP's, but the same portnumber a resource conflict
would arise on the selinux-part. Changed the
selinux::port to an "ensure_resource", hence
fixing issue #120.
  • Loading branch information
ralfbosz committed Jun 24, 2019
1 parent 590e97d commit 142fed8
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 5 deletions.
4 changes: 2 additions & 2 deletions manifests/http_port.pp
Original file line number Diff line number Diff line change
Expand Up @@ -51,12 +51,12 @@
}

if $facts['selinux'] == true {
selinux::port{"selinux port squid_port_t ${_port}":
ensure_resource('selinux::port', "selinux port squid_port_t ${_port}", {
ensure => 'present',
seltype => 'squid_port_t',
protocol => 'tcp',
port => $_port,
}
})
}

}
26 changes: 23 additions & 3 deletions spec/classes/init_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -457,15 +457,15 @@
it { is_expected.to contain_concat_fragment('squid_https_port_2001').with_content(%r{^https_port\s+2001\s+special for 2001$}) }
end

if facts['osfamily'] == 'RedHat'
if facts[:osfamily] == 'RedHat'
context 'with http_port parameters set + SELINUX' do
let :params do
{ config: '/tmp/squid.conf',
http_ports: { 2000 => { 'options' => 'special for 2000' } } }
end
let(:facts) do
facts.merge(
selinux => true
selinux: true
)
end

Expand All @@ -482,7 +482,7 @@
end
let(:facts) do
facts.merge(
selinux => true
selinux: true
)
end

Expand All @@ -491,6 +491,26 @@
it { is_expected.to contain_concat_fragment('squid_https_port_2001').with_content(%r{^https_port\s+2001\s+special for 2001$}) }
it { is_expected.to contain_selinux__port('selinux port squid_port_t 2001').with('ensure' => 'present', 'seltype' => 'squid_port_t', 'protocol' => 'tcp', 'port' => '2001') }
end

context 'with duplicate ports on different ip' do
let :params do
{ config: '/tmp/squid.conf',
http_ports: { 'ipA' => { 'port' => 3128, 'host' => '192.168.1.10' }, 'ipB' => { 'port' => 3128, 'host' => '192.168.1.11' } } }
end

let(:facts) do
facts.merge(
selinux: true
)
end

it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') }
it { is_expected.to contain_concat_fragment('squid_http_port_ipA').with_order('30-05') }
it { is_expected.to contain_concat_fragment('squid_http_port_ipA').with_content(%r{http_port\s+192.168.1.10:3128}) }
it { is_expected.to contain_concat_fragment('squid_http_port_ipB').with_order('30-05') }
it { is_expected.to contain_concat_fragment('squid_http_port_ipB').with_content(%r{http_port\s+192.168.1.11:3128}) }
it { is_expected.to contain_selinux__port('selinux port squid_port_t 3128').with('ensure' => 'present', 'seltype' => 'squid_port_t', 'protocol' => 'tcp', 'port' => '3128') }
end
end

context 'with snmp_incoming_address parameter set' do
Expand Down

0 comments on commit 142fed8

Please sign in to comment.