From 4538a79680ff0784c4ce4eefe7e75114030f4f18 Mon Sep 17 00:00:00 2001
From: Lennart Betz <lbetz@prefork.de>
Date: Thu, 25 Jul 2024 13:31:54 +0000
Subject: [PATCH] Dismantling to manage_selinux to false by default

---
 REFERENCE.md                 |  2 +-
 manifests/init.pp            |  2 +-
 spec/classes/api_spec.rb     | 18 ++++++++++++++++++
 spec/classes/icinga2_spec.rb | 19 ++++++++++++++-----
 4 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/REFERENCE.md b/REFERENCE.md
index 9120611a..76e38110 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -251,7 +251,7 @@ Data type: `Boolean`
 If set to true the icinga selinux package is installed if selinux is enabled. Also requires a
 `selinux_package_name` (icinga2::globals) and `manage_packages` has to be set to true.
 
-Default value: `true`
+Default value: `false`
 
 ##### <a name="-icinga2--manage_service"></a>`manage_service`
 
diff --git a/manifests/init.pp b/manifests/init.pp
index b65910cb..0d17c9a3 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -118,7 +118,7 @@
   Boolean                    $enable          = true,
   Boolean                    $manage_repos    = false,
   Boolean                    $manage_packages = true,
-  Boolean                    $manage_selinux  = true,
+  Boolean                    $manage_selinux  = false,
   Boolean                    $manage_service  = true,
   Boolean                    $purge_features  = true,
   Hash                       $constants       = {},
diff --git a/spec/classes/api_spec.rb b/spec/classes/api_spec.rb
index 37e3304a..11ccc3c7 100644
--- a/spec/classes/api_spec.rb
+++ b/spec/classes/api_spec.rb
@@ -72,6 +72,24 @@
         end
       end
 
+      if facts[:os]['family'] == 'RedHat'
+        context 'with icinga2::manage_selinux => true, bind_port => 1234' do
+          let(:pre_condition) do
+            [
+              "class { 'icinga2': manage_selinux => true, features => [], constants => {'NodeName' => 'host.example.org'} }",
+            ]
+          end
+
+          let(:params) do
+            {
+              bind_port: 1234,
+            }
+          end
+
+          it { is_expected.to contain_exec('Add port 1234 for icinga2_port_t') }
+        end
+      end
+
       context "with pki => 'puppet'" do
         let(:params) do
           {
diff --git a/spec/classes/icinga2_spec.rb b/spec/classes/icinga2_spec.rb
index 8c434b27..fb594e42 100644
--- a/spec/classes/icinga2_spec.rb
+++ b/spec/classes/icinga2_spec.rb
@@ -18,6 +18,7 @@
 
       context 'with defaults' do
         it { is_expected.to contain_package('icinga2').with({ 'ensure' => 'installed' }) }
+        it { is_expected.not_to contain_package('icinga2-selinux') }
 
         it {
           is_expected.to contain_service('icinga2').with(
@@ -44,17 +45,25 @@
       end
 
       if facts[:os]['family'] == 'RedHat'
-        context 'with fact os.selinux.enabled => false' do
+        context 'with manage_selinux => true, fact os.selinux.enabled => true' do
           let(:facts) do
-            super().merge({ os: { family: 'RedHat', selinux: { enabled: false } } })
+            super().merge({ os: { family: 'RedHat', selinux: { enabled: true } } })
           end
 
-          it { is_expected.not_to contain_package('icinga2-selinux') }
+          let(:params) do
+            { manage_selinux: true }
+          end
+
+          it { is_expected.to contain_package('icinga2-selinux') }
         end
 
-        context 'with manage_selinux => false' do
+        context 'with manage_selinux => true, fact os.selinux.enabled => false' do
+          let(:facts) do
+            super().merge({ os: { family: 'RedHat', selinux: { enabled: false } } })
+          end
+
           let(:params) do
-            { manage_selinux: false }
+            { manage_selinux: true }
           end
 
           it { is_expected.not_to contain_package('icinga2-selinux') }