OP#563 remove ls step

Auto-merge for build 3

See merge request puppet/cd_selinux!1

.gitignore

@@ -2,3 +2,4 @@
 Gemfile.lock
 FileList
 .scannerwork
+.vscode

.puppet-lint.rc

@@ -0,0 +1,3 @@
+--no-variable_scope-check
+--no-top_scope_facts
+--no-140chars-check

.vscode/settings.json

@@ -0,0 +1,11 @@
+{
+    "cSpell.words": [
+        "getenforce",
+        "policycoreutils",
+        "SELINUXTYPE",
+        "setenforce",
+        "setools",
+        "setroubleshoot",
+        "sysconfig"
+    ]
+}

Jenkinsfile

@@ -1,7 +1,5 @@
 pipeline {
-    agent {
-      label 'puppet'
-    }
+    agent any
 
     post {
         always {
@@ -25,10 +23,16 @@ pipeline {
       stage('pull master') {
         steps {
           sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
-            sh '''git config user.name "Jenkins Server"
-                  git config user.email jenkins@confdroid.com
-                  git pull origin master
-                  git checkout -b jenkins '''
+            sh '''
+                git config user.name "Jenkins Server"
+                git config user.email jenkins@confdroid.com
+                # Ensure we're on the development branch (triggered by push)
+                git checkout development
+                # Create jenkins branch from development
+                git checkout -b jenkins-build-$BUILD_NUMBER
+                # Optionally merge master into jenkins to ensure compatibility
+                git merge origin/master --no-ff || { echo "Merge conflict detected"; exit 1; }
+            '''
         }
       }
     }
@@ -51,29 +55,25 @@ pipeline {
 
       stage('puppet-lint') {
         steps {
-          sh '''find . -iname *.pp -exec /usr/local/rvm/gems/ruby-2.5.0/wrappers/puppet-lint \\
-            --no-class_inherits_from_params_class-check \\
-            --no-variable_scope-check \\
-            --no-80chars-check \\
-            --no-arrow_alignment-check \\
-            --no-autoloader_layout-check \\
-            --no-140chars-check \\
-            --log-format "%{path}:%{line}:%{check}:%{KIND}:%{message}" {} \\;
+          sh '''/usr/local/bin/puppet-lint . \\
+                --no-variable_scope-check \\
+                || { echo "Puppet lint failed"; exit 1; }
             '''
-          recordIssues aggregatingResults: true, tool: puppetLint()
           }
         }
 
       stage('SonarScan') {
          steps {
-             sh '''
-             /opt/sonar-scanner/bin/sonar-scanner \
-              -Dsonar.projectKey=cd_selinux \
-              -Dsonar.sources=. \
-              -Dsonar.host.url=https://sonarqube.confdroid.com \
-              -Dsonar.token=sqa_aca21cc41336d0f31987ed196ccfb9be55ded774
-              '''
-             }
+            withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) {
+              sh '''
+              /opt/sonar-scanner/bin/sonar-scanner \
+                -Dsonar.projectKey=confdroid_selinux \
+                -Dsonar.sources=. \
+                -Dsonar.host.url=https://sonarqube.confdroid.com \
+                -Dsonar.token=$SONAR_TOKEN
+                '''
+              }
+            }
           }
 
       stage('create Puppet documentation') {
@@ -85,12 +85,43 @@ pipeline {
       stage('update repo') {
         steps {
           sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
-            sh '''git config user.name "Jenkins Server"
-                  git config user.email jenkins@confdroid.com
-                  echo `git add -A && git commit -am "recommit for updates in build $BUILD_NUMBER"`
-                  git push origin HEAD:master'''
+            sh '''
+                git config user.name "Jenkins Server"
+                git config user.email jenkins@confdroid.com
+                git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit"
+                git push -o merge_request.create \
+                         -o merge_request.target=master \
+                         -o merge_request.title="Auto-merge for build $BUILD_NUMBER" \
+                         -o merge_request.description="Automated changes from Jenkins build $BUILD_NUMBER" \
+                         -o merge_request.merge_when_pipeline_succeeds=true \
+                         origin jenkins-build-$BUILD_NUMBER
+            '''
+        }
+      }
+    }
+      stage('Mirror to Gitea') {
+        steps {
+          withCredentials([usernamePassword(
+            credentialsId: 'Jenkins-gitea',
+            usernameVariable: 'GITEA_USER',
+            passwordVariable: 'GITEA_TOKEN')]) {
+            script {
+              // Checkout from GitLab (already done implicitly)
+                sh '''
+                  git checkout master
+                  git pull origin master
+                  git branch -D development
+                  git branch -D jenkins-build-$BUILD_NUMBER
+                  git rm -f Jenkinsfile
+                  git rm -r --cached .vscode || echo "No .vscode to remove from git"
+                  git commit --amend --no-edit --allow-empty
+                  git remote add master https://sourcecode.confdroid.com/confdroid/confdroid_selinux.git
+                  git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \
+                  push master --mirror
+                  '''
+          }
         }
       }
     }
   }
-}
+}

README.md

@@ -1,14 +1,13 @@
 # Readme
 
-[![Build Status](https://pipelines.confdroid.com/buildStatus/icon?job=cd_selinux)](https://pipelines.confdroid.com/job/cd_selinux/)
-
-[[_TOC_]]
+[![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=confdroid_selinux&style=plastic)](https://jenkins.confdroid.com/job/confdroid_selinux/)
+[![Security Hotspots](https://sonarqube.confdroid.com/api/project_badges/measure?project=confdroid_selinux&metric=security_hotspots&token=sqb_cc73d9e100a7cda91c7f45b8a7690bd16498e852)](https://sonarqube.confdroid.com/dashboard?id=confdroid_selinux)
 
 ## Synopsis
 
 [Security-Enhanced Linux (SELinux)](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) is a Linux kernel security module that provides a mechanism for supporting access control security policies.
 
-`cd_selinux` is a Puppet  module to automate installation, configuration and troubleshooting of selinux.
+`confdroid_selinux` is a Puppet  module to automate installation, configuration and troubleshooting of selinux.
 
 ## WARNING
 
@@ -18,12 +17,12 @@
 
 Installation:
 
-* install binaries required for selinux and  related tools
+- install binaries required for selinux and  related tools
 
 Configuration
 
-* manage `/etc/sysconfig/selinux` file (file system permissions, selinux context, content)
-* manage current selinux status (permissive,enforcing)
+- manage `/etc/sysconfig/selinux` file (file system permissions, selinux context, content)
+- manage current selinux status (permissive,enforcing)
 
 ## Repo Documentation
 
@@ -33,23 +32,23 @@ See the full Puppet documentation including parameters in `docs/index.html`.
 
 All dependencies must be included in the catalogue.
 
-* [cd_resources](https://sourcecode.confdroid.com/12WW1160/cd_resources) for yum repo resources.
+- [confdroid_resources](https://sourcecode.confdroid.com/confdroid/confdroid_resources) for yum repo resources.
 
 ## Deployment
 
-* native Puppet deployment
+- native Puppet deployment
 
 via site.pp or nodes.pp
 
 ```ruby
 node 'example.example.net' {
-  include cd_selinux
+  include confdroid_selinux
 }
 ```
 
-* through Foreman:
+- through Foreman:
 
-In order to apply parameters through Foreman, **__cd_selinux::params__** must be added to the host or host group in question.
+In order to apply parameters through Foreman, **confdroid_selinux::params*- must be added to the host or host group in question.
 
 See [more details about class deployment on Confdroid.com](https://confdroid.com/2017/05/deploying-our-puppet-modules/).
 
@@ -59,29 +58,26 @@ All files and directories are configured with correct selinux context. If selinu
 
 ## Known Problems
 
-* Systems reconfigured with selinux disabled require once a reboot for selinux to be enabled. This module will **__not__** do the reboot for you to avoid unexpected outages.
+- Systems reconfigured with selinux disabled require once a reboot for selinux to be enabled. This module will **not**- do the reboot for you to avoid unexpected outages.
 
 ## Support
 
-* OS: CentOS 7
-* Puppet 5,6
+- OS: Rocky 9 (any RHEL9-based OS should work, but Rocky has been tested)
+- Puppet 8
 
 ## Tests
 
-* Puppet Lint
-  * excluded tests:
-    * `--no-class_inherits_from_params_class-check`:relevant only to non-supported outdated puppet versions
-    * `--no-variable_scope-check`: not applicable as we are inheriting parameters from params class. the lint check does not distinguish between facts and inherited parameters.
-    * `--no-80chars-check`: it is not always possible to stay within 80 characters, although typically only occurring on the parameter vault `params.pp`.
-    * `--no-arrow_alignment-check`: this check leads to actually not having am easily readable arrow alignment, as this checks `per block`, not per class.
-* Puppet Parser
-* ERB Template Parser
-* Test for unwanted UTF8 files in the Puppet code (see tests/UTF_Files)
-* Sonar Quality Gate
+- Puppet Lint
+  - excluded tests:
+    - `--no-variable_scope-check`: not applicable as we are inheriting parameters from params class. the lint check does not distinguish between facts and inherited parameters.
+- Puppet Parser
+- ERB Template Parser
+- Sonar Quality Gate
 
 ## Contact Us
 
-[contact Us](https://confdroid.com/contact/)
+- [contact Us](https://confdroid.com/contact/)
+- [Feedback Portal](https://feedback.confdroid.com/)
 
 ## Disclaimer
 

manifests/init.pp

@@ -1,25 +1,8 @@
-## cd_selinux::init.pp
-# Module name: cd_selinux
-# Author: Arne Teuke (arne_teuke@confdroid.com)
-# License:
-#    This file is part of cd_selinux.
-#
-#    cd_selinux is used for providing automatic configuration of SELINUX.
-#    Copyright (C) 2017  confdroid (copyright@confdroid.com)
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-# @summary Class initialises the cd_selinux Module.
+## confdroid_selinux::init.pp
+# Module name: confdroid_selinux
+# Author: 12ww1160 (12ww1160@confdroid.com)
+# @summary Class initializes the confdroid_selinux Module.
 ##############################################################################
-class cd_selinux {
-  include cd_selinux::params
+class confdroid_selinux {
+  include confdroid_selinux::params
 }

manifests/main/config.pp

@@ -1,38 +1,19 @@
-## cd_selinux::main::config.pp
-# Module name: cd_selinux
-# Author: Arne Teuke (arne_teuke@ConfDroid.com)
-# # License:
-#    This file is part of cd_selinux.
-#
-#    cd_selinux is used for providing automatic configuration of SELINUX.
-#    Copyright (C) 2016  ConfDroid (copyright@ConfDroid.com)
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-# @summary  Class manages all aspects of configuring the module logic for
-#   cd_selinux.
+## confdroid_selinux::main::config.pp
+# Module name: confdroid_selinux
+# Author: 12ww1160 (12ww1160@ConfDroid.com)
+# @summary  Class manages the module logic for confdroid_selinux.
 ##############################################################################
-class cd_selinux::main::config (
+class confdroid_selinux::main::config (
 
-) inherits cd_selinux::params {
-
-  include cd_selinux::main::files
+) inherits confdroid_selinux::params {
+  include confdroid_selinux::main::files
 
   if $sx_selinux_status  == 'enforcing' {
     exec { 'set_selinux_status':
-      command   =>  'setenforce 1',
-      path      =>  ['/usr/sbin','/usr/bin'],
-      provider  =>  shell,
-      unless    =>  'getenforce | grep -i "enforcing"'
+      command  => 'setenforce 1',
+      path     => ['/usr/sbin','/usr/bin'],
+      provider => shell,
+      unless   => 'getenforce | grep -i "enforcing"',
     }
   }
 }

manifests/main/dirs.pp

@@ -1,40 +1,22 @@
-## cd_selinux::main::dirs.pp
-# Module name: cd_selinux
-# Author: Arne Teuke (arne_teuke@ConfDroid.com)
-# # License:
-#    This file is part of cd_selinux.
-#
-#    cd_selinux is used for providing automatic configuration of SELINUX
-#    Copyright (C) 2016  ConfDroid (copyright@ConfDroid.com)
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-# @summary Class manages all directories required for cd_selinux.
+## confdroid_selinux::main::dirs.pp
+# Module name: confdroid_selinux
+# Author: 12ww1160 (12ww1160@ConfDroid.com)
+# @summary Class manages all directories required for confdroid_selinux.
 ###############################################################################
-class cd_selinux::main::dirs (
+class confdroid_selinux::main::dirs (
 
-) inherits cd_selinux::params {
-
-  require cd_selinux::main::install
+) inherits confdroid_selinux::params {
+  require confdroid_selinux::main::install
 
   file { $sx_main_dir:
-    ensure    =>  directory,
-    path      =>  $sx_main_dir,
-    owner     =>  'root',
-    group     =>  'root',
-    mode      =>  '0755',
-    selrange  =>  s0,
-    selrole   =>  object_r,
-    seltype   =>  selinux_config_t,
-    seluser   =>  system_u,
+    ensure   => directory,
+    path     => $sx_main_dir,
+    owner    => 'root',
+    group    => 'root',
+    mode     => '0755',
+    selrange => s0,
+    selrole  => object_r,
+    seltype  => selinux_config_t,
+    seluser  => system_u,
   }
 }

manifests/main/files.pp

@@ -1,41 +1,23 @@
-## cd_selinux::main::files.pp
-# Module name: cd_selinux
-# Author: Arne Teuke (arne_teuke@ConfDroid.com)
-# # License:
-#    This file is part of cd_selinux.
-#
-#    cd_selinux is used for providing automatic configuration of SELINUX
-#    Copyright (C) 2016  ConfDroid (copyright@ConfDroid.com)
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-# @summary  Class manages all configuration files required for cd_selinux.
+## confdroid_selinux::main::files.pp
+# Module name: confdroid_selinux
+# Author: 12ww1160 (12ww1160@ConfDroid.com)
+# @summary  Class manages all configuration files required for confdroid_selinux.
 ##############################################################################
-class cd_selinux::main::files (
+class confdroid_selinux::main::files (
 
-) inherits cd_selinux::params {
-
-  require cd_selinux::main::dirs
+) inherits confdroid_selinux::params {
+  require confdroid_selinux::main::dirs
 
   file { $sx_main_file:
-    ensure    =>  file,
-    path      =>  $sx_main_file,
-    owner     =>  'root',
-    group     =>  'root',
-    mode      =>  '0644',
-    selrange  =>  s0,
-    selrole   =>  object_r,
-    seltype   =>  selinux_config_t,
-    seluser   =>  system_u,
-    content   =>  template($sx_main_file_erb),
+    ensure   => file,
+    path     => $sx_main_file,
+    owner    => 'root',
+    group    => 'root',
+    mode     => '0644',
+    selrange => s0,
+    selrole  => object_r,
+    seltype  => selinux_config_t,
+    seluser  => system_u,
+    content  => template($sx_main_file_erb),
   }
 }

manifests/main/install.pp

@@ -1,39 +1,15 @@
-## cd_selinux::main::install.pp
-# Module name: cd_selinux
-# Author: Arne Teuke (arne_teuke@ConfDroid.com)
-# # License:
-#    This file is part of cd_selinux.
-#
-#    cd_selinux is used for providing automatic configuration of SELINUX
-#    Copyright (C) 2016  ConfDroid (copyright@ConfDroid.com)
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+## confdroid_selinux::main::install.pp
+# Module name: confdroid_selinux
+# Author: 12ww1160 (12ww1160@ConfDroid.com)
 # @summary Class manage all aspects of installing binaries required for
-#   cd_selinux
+#   confdroid_selinux
 ###############################################################################
-class cd_selinux::main::install (
+class confdroid_selinux::main::install (
 
-) inherits cd_selinux::params {
+) inherits confdroid_selinux::params {
+  require confdroid_resources
 
-  require cd_resources
-
-  package {$reqpackages_main:
-    ensure => $pkg_ensure,
-  }
-
-  if $sx_install_setools == true {
-    package {$reqpackages_tools:
-      ensure => $pkg_ensure,
-    }
+  package { $sx_reqpackages:
+    ensure => $sx_pkg_ensure,
   }
 }

manifests/params.pp

@@ -1,68 +1,47 @@
-## cd_selinux::params.pp
-# Module name: cd_selinux
-# Author: Arne Teuke (arne_teuke@ConfDroid.com)
-# # License:
-#    This file is part of cd_selinux.
-#
-#    cd_selinux is used for providing automatic configuration of SELINUX.
-#    Copyright (C) 2016  ConfDroid (copyright@ConfDroid.com)
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-# @summary  Class holds all parameters for the cd_selinux module and is
+## confdroid_selinux::params.pp
+# Module name: confdroid_selinux
+# Author: 12ww1160 (12ww1160@ConfDroid.com)
+# @summary  Class holds all parameters for the confdroid_selinux module and is
 #   inherited by all classes except defines.
-# @param  [string] pkg_ensure
+# @param [String] sx_pkg_ensure
 #   which [package type](https://confdroid.com/2017/05/puppet-type-package/)
 #   to choose, i.e. `latest` or `present`.
-# @param  [boolean] sx_install_setools Whether to install additional selinux
-#   tools, i.e. for troubleshooting.
-# @param  [string] sx_selinux_status The desired selinux status. Used for both
+# @param [Array[String]] sx_reqpackages
+#   List of packages required for selinux management. The default list includes
+#   the following packages: `selinux-policy`, `policycoreutils`, 
+#   `setroubleshoot-server`, `policycoreutils-python`.
+# @param [String] sx_selinux_status The desired selinux status. Used for both
 #   managing the configuration file as well as the command line (setenforce).
 #   Valid values are `enforcing` and `permissive`. While the configuration file
 #   supports another  option 'disabled', this option is not available on
 #   commandline.  Note that changing the active selinux status from `disabled`
-#   to any the other types requires a manual reboot to re-lable the file system.
+#   to any the other types requires a manual reboot to re-label the file system.
 #   This module does not do that for you to avoid unexpected outages.
-# @param  [string]  sx_selinux_type The desired selinux type. Valid options are
+# @param [String] sx_selinux_type The desired selinux type. Valid options are
 #   `targeted`, `minimum` and `mls`.
 ##############################################################################
-class cd_selinux::params (
+class confdroid_selinux::params (
 
-$pkg_ensure           = 'latest',
-
-$sx_install_setools   = false,
-$sx_selinux_status    = 'enforcing',
-$sx_selinux_type      = 'targeted',
+  Array[String] $sx_reqpackages       = ['selinux-policy','policycoreutils','setroubleshoot-server','policycoreutils-python-utils'],
+  String $sx_pkg_ensure               = 'latest',
+  String $sx_selinux_status           = 'enforcing',
+  String $sx_selinux_type             = 'targeted',
 
 ) {
-
-# installation section
-$reqpackages_main  = $::operatingsystem ? {
-    /(?i-mx:centos|fedora|redhat)/ => ['selinux-policy','policycoreutils'],
-  }
-
-$reqpackages_tools  = $::operatingsystem ? {
-    /(?i-mx:centos|fedora|redhat)/ => ['setroubleshoot-server',
-                                        'policycoreutils-python'],
-  }
+# default facts
+  $fqdn                     = $facts['networking']['fqdn']
+  $hostname                 = $facts['networking']['hostname']
+  $domain                   = $facts['networking']['domain']
+  $os_name                  = $facts['os']['name']
+  $os_release               = $facts['os']['release']['major']
 
 # directories
-$sx_main_dir        = '/etc/selinux'
+  $sx_main_dir              = '/etc/selinux'
 
 # files
-$sx_main_file       = "${sx_main_dir}/config"
-$sx_main_file_erb   = 'cd_selinux/main/selinux_config.erb'
-
+  $sx_main_file             = "${sx_main_dir}/config"
+  $sx_main_file_erb         = 'confdroid_selinux/main/selinux_config.erb'
 
 # includes must be last
-  include cd_selinux::main::config
+  include confdroid_selinux::main::config
 }

templates/main/selinux_config.erb

@@ -1,6 +1,7 @@
 ################################################################################
 ##########        /etc/selinux/config managed by Puppet               ##########
-##########        manual changes will be overwritten !!!              ##########
+##########        manual changes will be overwritten !!!              ##########   
+##########        original file: https://3for.me/wdtuj                ##########
 ################################################################################
 SELINUX=<%= @sx_selinux_status %>