Update port management

Pull Request (PR) description Fixed: Moved the python discovery into the semanage_ports provider Ensure that the correct python is chosen by attempting to load the semanage library Removed the #! line from the semanage_ports.py file to fix RPM building Removed CentOS 6 support from test-acceptance-with-vagrant since it will no longer function due to upstream deprecation Changed: Marked the selinux_python_command fact as deprecated in the README since the logic now resides in the provider itself This Pull Request (PR) fixes the following issues Fixes voxpupuli#335
trevor-vaughan · Feb 18, 2021 · 05bebd6 · 05bebd6
1 parent 4633c26
commit 05bebd6
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -56,6 +56,8 @@ running system.
 
 ## Known problems / limitations
 
+* The `selinux_python_command` fact is now deprecated and will be removed in
+  version 4 of the module.
 * If SELinux is disabled and you want to switch to permissive or enforcing you
   are required to reboot the system (limitation of SELinux). The module won't
   do this for you.

diff --git a/lib/facter/selinux_python_command.rb b/lib/facter/selinux_python_command.rb
@@ -1,3 +1,4 @@
+# DEPRECATED: Determine the path to python on the system
 Facter.add(:selinux_python_command) do
   confine osfamily: 'RedHat'
   setcode do

diff --git a/lib/puppet/provider/selinux_port/semanage.rb b/lib/puppet/provider/selinux_port/semanage.rb
@@ -5,7 +5,37 @@
   # SELinux must be enabled. Is there a way to get a better error message?
   confine selinux: true
 
-  python_command = Facter.value(:selinux_python_command)
+  # Determine the appropriate python command
+  def self.python_command
+    @python_command ||= nil
+    return @python_command unless @python_command.nil?
+
+    # Find the correct version of python on the system
+    python_paths = [
+      '/usr/libexec/platform-python',
+      'python',
+      'python3',
+      'python2'
+    ]
+
+    python_command = nil
+    python_paths.each do |pypath|
+      candidate = Puppet::Util.which(pypath)
+
+      next unless candidate
+      if Puppet::Util::Execution.execute("#{candidate} -c 'import semanage'", failonfail: false).exitstatus.zero?
+        python_command = candidate
+        break
+      end
+    end
+
+    @python_command = python_command
+
+    @python_command
+  end
+
+  confine false: python_command.nil?
+
   # current file path is lib/puppet/provider/selinux_port/semanage.rb
   # semanage_ports.py is lib/puppet_x/voxpupuli/selinux/semanage_ports.py
   PORTS_HELPER = File.expand_path('../../../../puppet_x/voxpupuli/selinux/semanage_ports.py', __FILE__)

diff --git a/lib/puppet_x/voxpupuli/selinux/semanage_ports.py b/lib/puppet_x/voxpupuli/selinux/semanage_ports.py
@@ -1,4 +1,3 @@
-#!/usr/bin/python
 # This script uses libsemanage directly to access the ports list
 # it is *much* faster than semanage port -l
 

diff --git a/test-acceptance-with-vagrant b/test-acceptance-with-vagrant
@@ -9,9 +9,10 @@ export PUPPET_INSTALL_TYPE=agent
 
 # https://github.com/puppetlabs/beaker-hostgenerator/pull/184 fixes the Fedora boxes and adds 32
 for layout in \
-  {debian10,centos{6,7}}'-64a' \
-  'fedora30-64a{box=fedora/30-cloud-base}' \
-  'fedora31-64a{box=fedora/31-cloud-base}'
+  {debian10,centos{7,8}}'-64a' \
+  'fedora31-64a{box=fedora/31-cloud-base}' \
+  'fedora32-64a{box=fedora/32-cloud-base}' \
+  'fedora33-64a{box=fedora/33-cloud-base}'
 do
-	BEAKER_setfile="$layout" bundle exec rake beaker
+  BEAKER_setfile="$layout" bundle exec rake beaker
 done