pyinfra 2.9.2__py2.py3-none-any.whl → 3.0__py2.py3-none-any.whl

pyinfra/operations/selinux.py

@@ -1,21 +1,36 @@
 """
 Provides operations to set SELinux file contexts, booleans and port types.
 """
+
+from __future__ import annotations
+
+from enum import Enum
+
 from pyinfra import host
-from pyinfra.api import QuoteString, StringCommand, operation
+from pyinfra.api import OperationValueError, QuoteString, StringCommand, operation
 from pyinfra.facts.selinux import FileContext, FileContextMapping, SEBoolean, SEPort, SEPorts
 from pyinfra.facts.server import Which
 
 
-@operation(
-    pipeline_facts={"seboolean": "bool_name"},
-)
-def boolean(bool_name, value, persistent=False):
+class Boolean(Enum):
+    ON = "on"
+    OFF = "off"
+
+
+class Protocol(Enum):
+    UDP = "udp"
+    TCP = "tcp"
+    SCTP = "sctp"
+    DCCP = "dccp"
+
+
+@operation()
+def boolean(bool_name: str, value: Boolean, persistent=False):
     """
     Set the specified SELinux boolean to the desired state.
 
     + boolean: name of an SELinux boolean
-    + state: 'on' or 'off'
+    + value: desired state of the boolean
     + persistent: whether to write updated policy or not
 
     Note: This operation requires root privileges.
@@ -27,29 +42,31 @@ def boolean(bool_name, value, persistent=False):
         selinux.boolean(
             name='Allow Apache to connect to LDAP server',
             'httpd_can_network_connect',
-            'on',
+            Boolean.ON,
             persistent=True
         )
     """
-    _valid_states = ["on", "off"]
 
-    if value not in _valid_states:
-        raise ValueError(
-            f'\'value\' must be one of \'{",".join(_valid_states)}\' but found \'{value}\'',
-        )
+    value_str: str
+    if value in ["on", "off"]:  # compatibility with the old version
+        assert isinstance(value, str)
+        value_str = value
+    elif value is Boolean.ON:
+        value_str = "on"
+    elif value is Boolean.OFF:
+        value_str = "off"
+    else:
+        raise OperationValueError(f"Invalid value '{value}' for boolean operation")
 
-    if host.get_fact(SEBoolean, boolean=bool_name) != value:
+    if host.get_fact(SEBoolean, boolean=bool_name) != value_str:
         persist = "-P " if persistent else ""
-        yield StringCommand("setsebool", f"{persist}{bool_name}", value)
-        host.create_fact(SEBoolean, kwargs={"boolean": bool_name}, data=value)
+        yield StringCommand("setsebool", f"{persist}{bool_name}", value_str)
     else:
-        host.noop(f"boolean '{bool_name}' already had the value '{value}'")
+        host.noop(f"boolean '{bool_name}' already had the value '{value_str}'")
 
 
-@operation(
-    pipeline_facts={"filecontext": "path"},
-)
-def file_context(path, se_type):
+@operation()
+def file_context(path: str, se_type: str):
     """
     Set the SELinux type for the specified path to the specified value.
 
@@ -70,19 +87,12 @@ def file_context(path, se_type):
     current = host.get_fact(FileContext, path=path) or {}
     if se_type != current.get("type", ""):
         yield StringCommand("chcon", "-t", se_type, QuoteString(path))
-        host.create_fact(
-            FileContext,
-            kwargs={"path": path},
-            data=dict(current, **{"type": se_type}),
-        )
     else:
         host.noop(f"file_context: '{path}' already had type '{se_type}'")
 
 
-@operation(
-    pipeline_facts={"filecontextmapping": "target"},
-)
-def file_context_mapping(target, se_type=None, present=True):
+@operation()
+def file_context_mapping(target: str, se_type: str | None = None, present=True):
     """
     Set the SELinux file context mapping for paths matching the target.
 
@@ -108,30 +118,21 @@ def file_context_mapping(target, se_type=None, present=True):
         raise ValueError("se_type must have a valid value if present is set")
 
     current = host.get_fact(FileContextMapping, target=target)
-    kwargs = {"target": target}
     if present:
         option = "-a" if len(current) == 0 else ("-m" if current.get("type") != se_type else "")
         if option != "":
             yield StringCommand("semanage", "fcontext", option, "-t", se_type, QuoteString(target))
-            host.create_fact(
-                FileContextMapping,
-                kwargs=kwargs,
-                data=dict(current, **{"type": se_type}),
-            )
         else:
             host.noop(f"mapping for '{target}' -> '{se_type}' already present")
     else:
         if len(current) > 0:
             yield StringCommand("semanage", "fcontext", "-d", QuoteString(target))
-            host.create_fact(FileContextMapping, kwargs=kwargs, data={})
         else:
             host.noop(f"no existing mapping for '{target}'")
 
 
-@operation(
-    pipeline_facts={"which": "sepolicy"},
-)
-def port(protocol, port_num, se_type=None, present=True):
+@operation()
+def port(protocol: Protocol | str, port_num: int, se_type: str | None = None, present=True):
     """
     Set the SELinux type for the specified protocol and port.
 
@@ -148,12 +149,16 @@ def port(protocol, port_num, se_type=None, present=True):
 
         selinux.port(
             name='Allow Apache to provide service on port 2222',
-            'tcp',
+            Protocol.TCP,
             2222,
             'http_port_t',
         )
     """
 
+    if protocol is Protocol:
+        assert isinstance(protocol, Protocol)
+        protocol = protocol.value
+
     if present and (se_type is None):
         raise ValueError("se_type must have a valid value if present is set")
 
@@ -178,9 +183,7 @@ def port(protocol, port_num, se_type=None, present=True):
             host.noop(f"setype for '{protocol}/{port_num}' is already unset")
 
     if (present and (option != "")) or (not present and (current != "")):
-        if direct_get:
-            host.create_fact(SEPort, kwargs={"protocol": protocol, "port": port_num}, data=new_type)
-        else:
+        if not direct_get:
             if protocol not in port_info:
                 port_info[protocol] = {}
             port_info[protocol][str(port_num)] = new_type