ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-04-08 13:07:19 +00:00
Code Activity

Reformat everything.

Browse source
This commit is contained in:
Felix Fontein 2025-11-01 12:08:41 +01:00
parent 3f2213791a
commit 340ff8586d
1008 changed files with 61301 additions and 58309 deletions
Download patch file Download diff file Expand all files Collapse all files

131
plugins/modules/sefcontext.py
View file

@ -142,6 +142,7 @@ from ansible.module_utils.basic import AnsibleModule, missing_required_lib
SELINUX_IMP_ERR = None
try:
import selinux
HAVE_SELINUX = True
except ImportError:
SELINUX_IMP_ERR = traceback.format_exc()
@ -150,6 +151,7 @@ except ImportError:
SEOBJECT_IMP_ERR = None
try:
import seobject
HAVE_SEOBJECT = True
except ImportError:
SEOBJECT_IMP_ERR = traceback.format_exc()
@ -170,14 +172,14 @@ if HAVE_SEOBJECT:
# Make backward compatible
option_to_file_type_str = dict(
a='all files',
b='block device',
c='character device',
d='directory',
f='regular file',
l='symbolic link',
p='named pipe',
s='socket',
a="all files",
b="block device",
c="character device",
d="directory",
f="regular file",
l="symbolic link",
p="named pipe",
s="socket",
)
@ -186,7 +188,7 @@ def get_runtime_status(ignore_selinux_state=False):
def semanage_fcontext_exists(sefcontext, target, ftype):
''' Get the SELinux file context mapping definition from policy. Return None if it does not exist. '''
"""Get the SELinux file context mapping definition from policy. Return None if it does not exist."""
# Beware that records comprise of a string representation of the file_type
record = (target, option_to_file_type_str[ftype])
@ -198,16 +200,16 @@ def semanage_fcontext_exists(sefcontext, target, ftype):
def semanage_fcontext_substitute_exists(sefcontext, target):
''' Get the SELinux file context path substitution definition from policy. Return None if it does not exist. '''
"""Get the SELinux file context path substitution definition from policy. Return None if it does not exist."""
return sefcontext.equiv_dist.get(target, sefcontext.equiv.get(target))
def semanage_fcontext_modify(module, result, target, ftype, setype, substitute, do_reload, serange, seuser, sestore=''):
''' Add or modify SELinux file context mapping definition to the policy. '''
def semanage_fcontext_modify(module, result, target, ftype, setype, substitute, do_reload, serange, seuser, sestore=""):
"""Add or modify SELinux file context mapping definition to the policy."""
changed = False
prepared_diff = ''
prepared_diff = ""
try:
sefcontext = seobject.fcontextRecords(sestore)
@ -229,23 +231,25 @@ def semanage_fcontext_modify(module, result, target, ftype, setype, substitute,
changed = True
if module._diff:
prepared_diff += '# Change to semanage file context mappings\n'
prepared_diff += f'-{target} {ftype} {orig_seuser}:{orig_serole}:{orig_setype}:{orig_serange}\n'
prepared_diff += f'+{target} {ftype} {seuser}:{orig_serole}:{setype}:{serange}\n'
prepared_diff += "# Change to semanage file context mappings\n"
prepared_diff += (
f"-{target} {ftype} {orig_seuser}:{orig_serole}:{orig_setype}:{orig_serange}\n"
)
prepared_diff += f"+{target} {ftype} {seuser}:{orig_serole}:{setype}:{serange}\n"
else:
# Add missing entry
if seuser is None:
seuser = 'system_u'
seuser = "system_u"
if serange is None:
serange = 's0'
serange = "s0"
if not module.check_mode:
sefcontext.add(target, setype, ftype, serange, seuser)
changed = True
if module._diff:
prepared_diff += '# Addition to semanage file context mappings\n'
prepared_diff += f'+{target} {ftype} {seuser}:object_r:{setype}:{serange}\n'
prepared_diff += "# Addition to semanage file context mappings\n"
prepared_diff += f"+{target} {ftype} {seuser}:object_r:{setype}:{serange}\n"
else:
exists = semanage_fcontext_substitute_exists(sefcontext, target)
if exists:
@ -258,32 +262,32 @@ def semanage_fcontext_modify(module, result, target, ftype, setype, substitute,
changed = True
if module._diff:
prepared_diff += '# Change to semanage file context path substitutions\n'
prepared_diff += f'-{target} = {orig_substitute}\n'
prepared_diff += f'+{target} = {substitute}\n'
prepared_diff += "# Change to semanage file context path substitutions\n"
prepared_diff += f"-{target} = {orig_substitute}\n"
prepared_diff += f"+{target} = {substitute}\n"
else:
# Add missing path substitution entry
if not module.check_mode:
sefcontext.add_equal(target, substitute)
changed = True
if module._diff:
prepared_diff += '# Addition to semanage file context path substitutions\n'
prepared_diff += f'+{target} = {substitute}\n'
prepared_diff += "# Addition to semanage file context path substitutions\n"
prepared_diff += f"+{target} = {substitute}\n"
except Exception as e:
module.fail_json(msg=f"{e.__class__.__name__}: {e}\n")
if module._diff and prepared_diff:
result['diff'] = dict(prepared=prepared_diff)
result["diff"] = dict(prepared=prepared_diff)
module.exit_json(changed=changed, seuser=seuser, serange=serange, **result)
def semanage_fcontext_delete(module, result, target, ftype, setype, substitute, do_reload, sestore=''):
''' Delete SELinux file context mapping definition from the policy. '''
def semanage_fcontext_delete(module, result, target, ftype, setype, substitute, do_reload, sestore=""):
"""Delete SELinux file context mapping definition from the policy."""
changed = False
prepared_diff = ''
prepared_diff = ""
try:
sefcontext = seobject.fcontextRecords(sestore)
@ -299,9 +303,13 @@ def semanage_fcontext_delete(module, result, target, ftype, setype, substitute,
changed = True
if module._diff:
prepared_diff += '# Deletion to semanage file context mappings\n'
prepared_diff += f'-{target} {ftype} {exists[0]}:{exists[1]}:{exists[2]}:{exists[3]}\n'
if substitute_exists and setype is None and ((substitute is not None and substitute_exists == substitute) or substitute is None):
prepared_diff += "# Deletion to semanage file context mappings\n"
prepared_diff += f"-{target} {ftype} {exists[0]}:{exists[1]}:{exists[2]}:{exists[3]}\n"
if (
substitute_exists
and setype is None
and ((substitute is not None and substitute_exists == substitute) or substitute is None)
):
# Remove existing path substitution entry
orig_substitute = substitute_exists
@ -310,14 +318,14 @@ def semanage_fcontext_delete(module, result, target, ftype, setype, substitute,
changed = True
if module._diff:
prepared_diff += '# Deletion to semanage file context path substitutions\n'
prepared_diff += f'-{target} = {orig_substitute}\n'
prepared_diff += "# Deletion to semanage file context path substitutions\n"
prepared_diff += f"-{target} = {orig_substitute}\n"
except Exception as e:
module.fail_json(msg=f"{e.__class__.__name__}: {e}\n")
if module._diff and prepared_diff:
result['diff'] = dict(prepared=prepared_diff)
result["diff"] = dict(prepared=prepared_diff)
module.exit_json(changed=changed, **result)
@ -325,26 +333,25 @@ def semanage_fcontext_delete(module, result, target, ftype, setype, substitute,
def main():
module = AnsibleModule(
argument_spec=dict(
ignore_selinux_state=dict(type='bool', default=False),
target=dict(type='str', required=True, aliases=['path']),
ftype=dict(type='str', default='a', choices=list(option_to_file_type_str.keys())),
setype=dict(type='str'),
substitute=dict(type='str', aliases=['equal']),
seuser=dict(type='str'),
selevel=dict(type='str', aliases=['serange']),
state=dict(type='str', default='present', choices=['absent', 'present']),
reload=dict(type='bool', default=True),
ignore_selinux_state=dict(type="bool", default=False),
target=dict(type="str", required=True, aliases=["path"]),
ftype=dict(type="str", default="a", choices=list(option_to_file_type_str.keys())),
setype=dict(type="str"),
substitute=dict(type="str", aliases=["equal"]),
seuser=dict(type="str"),
selevel=dict(type="str", aliases=["serange"]),
state=dict(type="str", default="present", choices=["absent", "present"]),
reload=dict(type="bool", default=True),
),
mutually_exclusive=[
('setype', 'substitute'),
('substitute', 'ftype'),
('substitute', 'seuser'),
('substitute', 'selevel'),
("setype", "substitute"),
("substitute", "ftype"),
("substitute", "seuser"),
("substitute", "selevel"),
],
required_if=[
('state', 'present', ('setype', 'substitute'), True),
("state", "present", ("setype", "substitute"), True),
],
supports_check_mode=True,
)
if not HAVE_SELINUX:
@ -353,29 +360,29 @@ def main():
if not HAVE_SEOBJECT:
module.fail_json(msg=missing_required_lib("policycoreutils-python"), exception=SEOBJECT_IMP_ERR)
ignore_selinux_state = module.params['ignore_selinux_state']
ignore_selinux_state = module.params["ignore_selinux_state"]
if not get_runtime_status(ignore_selinux_state):
module.fail_json(msg="SELinux is disabled on this host.")
target = module.params['target']
ftype = module.params['ftype']
setype = module.params['setype']
substitute = module.params['substitute']
seuser = module.params['seuser']
serange = module.params['selevel']
state = module.params['state']
do_reload = module.params['reload']
target = module.params["target"]
ftype = module.params["ftype"]
setype = module.params["setype"]
substitute = module.params["substitute"]
seuser = module.params["seuser"]
serange = module.params["selevel"]
state = module.params["state"]
do_reload = module.params["reload"]
result = dict(target=target, ftype=ftype, setype=setype, substitute=substitute, state=state)
if state == 'present':
if state == "present":
semanage_fcontext_modify(module, result, target, ftype, setype, substitute, do_reload, serange, seuser)
elif state == 'absent':
elif state == "absent":
semanage_fcontext_delete(module, result, target, ftype, setype, substitute, do_reload)
else:
module.fail_json(msg=f'Invalid value of argument "state": {state}')
if __name__ == '__main__':
if __name__ == "__main__":
main()