fcos/v1_6_exp: Add new sugar for Selinux Modules.

Author: yasminvalim

config/common/errors.go

@@ -93,6 +93,11 @@ var (
 
 	// Kernel arguments
 	ErrGeneralKernelArgumentSupport = errors.New("kernel argument customization is not supported in this spec version")
+
+	// Selinux Module
+	ErrContentInvalid = errors.New("Content is empty, please provide content.")
+	ErrNameInvalid    = errors.New("Name is empty, please provide a valid name.")
+	ErrFieldInvalid   = errors.New("Please, provide valid information.")
 )
 
 type ErrUnmarshal struct {

config/fcos/v1_6_exp/schema.go

@@ -22,6 +22,7 @@ type Config struct {
 	base.Config `yaml:",inline"`
 	BootDevice  BootDevice `yaml:"boot_device"`
 	Grub        Grub       `yaml:"grub"`
+	Selinux     Selinux    `yaml:"selinux"`
 }
 
 type BootDevice struct {
@@ -49,3 +50,12 @@ type GrubUser struct {
 	Name         string  `yaml:"name"`
 	PasswordHash *string `yaml:"password_hash"`
 }
+
+type Selinux struct {
+	Module []Module `yaml:"module"`
+}
+
+type Module struct {
+	Name    string `yaml:"name"`
+	Content string `yaml:"content"`
+}

config/fcos/v1_6_exp/translate.go

@@ -16,6 +16,7 @@ package v1_6_exp
 
 import (
 	"fmt"
+	"os/exec"
 	"strings"
 
 	baseutil "github.com/coreos/butane/base/util"
@@ -89,6 +90,13 @@ func (c Config) ToIgn3_5Unvalidated(options common.TranslateOptions) (types.Conf
 	retConfig, ts := baseutil.MergeTranslatedConfigs(retp, tsp, ret, ts)
 	ret = retConfig.(types.Config)
 	r.Merge(rp)
+
+	// Clean this as it needs to not be so confusing
+	retr, trs, rr := c.handleSelinux(options)
+	returnConfig, ts := baseutil.MergeTranslatedConfigs(retr, trs, ret, ts)
+	ret = returnConfig.(types.Config)
+	r.Merge(rr)
+
 	return ret, ts, r
 }
 
@@ -367,3 +375,67 @@ func buildGrubConfig(gb Grub) string {
 	superUserCmd := fmt.Sprintf("set superusers=\"%s\"\n", strings.Join(allUsers, " "))
 	return "# Generated by Butane\n\n" + superUserCmd + strings.Join(cmds, "\n") + "\n"
 }
+
+func (c Config) handleSelinux(options common.TranslateOptions) (types.Config, translate.TranslationSet, report.Report) {
+	rendered := types.Config{}
+	ts := translate.NewTranslationSet("yaml", "json")
+	var r report.Report
+
+	for i, module := range c.Selinux.Module {
+		yamlPath := path.New("yaml", "selinux", "module", i)
+		if module.Name != "" && module.Content != "" {
+			rendered = processModule(rendered, module, options, ts, r, yamlPath)
+			break
+		} else {
+			r.AddOnWarn(path.New("yaml", "selinux", "module", i), common.ErrFieldInvalid)
+		}
+	}
+
+	if len(rendered.Storage.Files) > 0 {
+		rendered.Storage.Filesystems = append(rendered.Storage.Filesystems,
+			types.Filesystem{
+				Device: "/dev/disk/by-label/boot",
+				Format: util.StrToPtr("ext4"),
+				Path:   util.StrToPtr("/boot"),
+			})
+	}
+
+	return rendered, ts, r
+}
+
+func processModule(rendered types.Config, module Module, options common.TranslateOptions, ts translate.TranslationSet, r report.Report, yamlPath path.ContextPath) types.Config {
+	src, compression, err := baseutil.MakeDataURL([]byte(module.Content), nil, !options.NoResourceAutoCompression)
+	if err != nil {
+		r.AddOnError(yamlPath, err)
+		return rendered
+	}
+	filePath := fmt.Sprintf("/etc/selinux/targeted/modules/active/extra/%s.cil", module.Name)
+
+	rendered.Storage.Files = append(rendered.Storage.Files,
+		types.File{
+			Node: types.Node{
+				Path: filePath,
+			},
+			FileEmbedded1: types.FileEmbedded1{
+				Append: []types.Resource{
+					{
+						Source:      util.StrToPtr(src),
+						Compression: compression,
+					},
+				},
+			},
+		})
+
+	commandToExecute := "semodule -i"
+	cmd := exec.Command(commandToExecute, filePath)
+	err = cmd.Run()
+	if err != nil {
+		fmt.Printf("Error running semodule %v", module.Name)
+	}
+
+	fmt.Printf("SELinux module file imported successfully\n")
+
+	ts.AddFromCommonSource(yamlPath, path.New("json", "storage"), rendered.Storage)
+
+	return rendered
+}

config/fcos/v1_6_exp/translate_test.go

@@ -1637,3 +1637,267 @@ func TestTranslateGrub(t *testing.T) {
 		})
 	}
 }
+
+func TestTranslateSelinux(t *testing.T) {
+	translations := []translate.Translation{
+		{From: path.New("yaml", "version"), To: path.New("json", "ignition", "version")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "filesystems")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "filesystems", 0)},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "filesystems", 0, "path")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "filesystems", 0, "device")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "filesystems", 0, "format")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files", 0)},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files", 0, "path")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files", 0, "append")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files", 0, "append", 0)},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files", 0, "append", 0, "source")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files", 0, "append", 0, "compression")},
+	}
+	tests := []struct {
+		in         Config
+		out        types.Config
+		exceptions []translate.Translation
+		report     report.Report
+	}{
+		// config with one module
+		{
+			Config{
+				Selinux: Selinux{
+					Module: []Module{
+						{
+							Name:    "some_name",
+							Content: "some content here",
+						},
+					},
+				},
+			},
+			types.Config{
+				Ignition: types.Ignition{
+					Version: "3.5.0-experimental",
+				},
+				Storage: types.Storage{
+					Filesystems: []types.Filesystem{
+						{
+							Device: "/dev/disk/by-label/boot",
+							Format: util.StrToPtr("ext4"),
+							Path:   util.StrToPtr("/boot"),
+						},
+					},
+					Files: []types.File{
+						{
+							Node: types.Node{
+								Path: "/etc/selinux/targeted/modules/active/extra/some_name.cil",
+							},
+							FileEmbedded1: types.FileEmbedded1{
+								Append: []types.Resource{
+									{
+										Source:      util.StrToPtr("data:,some%20content%20here"),
+										Compression: util.StrToPtr(""),
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			translations,
+			report.Report{},
+		},
+	}
+
+	for i, test := range tests {
+		t.Run(fmt.Sprintf("translate %d", i), func(t *testing.T) {
+			actual, translations, r := test.in.ToIgn3_5Unvalidated(common.TranslateOptions{})
+			r = confutil.TranslateReportPaths(r, translations)
+			baseutil.VerifyReport(t, test.in, r)
+			assert.Equal(t, test.out, actual, "translation mismatch")
+			assert.Equal(t, test.report, r, "report mismatch")
+			baseutil.VerifyTranslations(t, translations, test.exceptions)
+			assert.NoError(t, translations.DebugVerifyCoverage(actual), "incomplete TranslationSet coverage")
+		})
+	}
+}
+
+func TestTranslateSelinuxaaa(t *testing.T) {
+	translations := []translate.Translation{
+		{From: path.New("yaml", "version"), To: path.New("json", "ignition", "version")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "filesystems")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "filesystems", 0)},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "filesystems", 0, "path")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "filesystems", 0, "device")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "filesystems", 0, "format")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files", 0)},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files", 0, "path")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files", 0, "append")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files", 0, "append", 0)},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files", 0, "append", 0, "source")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files", 0, "append", 0, "compression")},
+	}
+
+	// With one module
+	in := Config{
+		Selinux: Selinux{
+			Module: []Module{
+				{
+					Name:    "some_name",
+					Content: "some content here",
+				},
+			},
+		},
+	}
+	out := types.Config{
+		Ignition: types.Ignition{
+			Version: "3.5.0-experimental",
+		},
+		Storage: types.Storage{
+			Filesystems: []types.Filesystem{
+				{
+					Device: "/dev/disk/by-label/boot",
+					Format: util.StrToPtr("ext4"),
+					Path:   util.StrToPtr("/boot"),
+				},
+			},
+			Files: []types.File{
+				{
+					Node: types.Node{
+						Path: "/etc/selinux/targeted/modules/active/extra/some_name.cil",
+					},
+					FileEmbedded1: types.FileEmbedded1{
+						Append: []types.Resource{
+							{
+								Source:      util.StrToPtr("data:,some%20content%20here"),
+								Compression: util.StrToPtr(""),
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	test := struct {
+		in         Config
+		out        types.Config
+		exceptions []translate.Translation
+		report     report.Report
+	}{
+		in,
+		out,
+		translations,
+		report.Report{},
+	}
+
+	t.Run(fmt.Sprintf("translate %d", 0), func(t *testing.T) {
+		actual, translations, r := test.in.ToIgn3_5Unvalidated(common.TranslateOptions{})
+		r = confutil.TranslateReportPaths(r, translations)
+		baseutil.VerifyReport(t, test.in, r)
+		assert.Equal(t, test.out, actual, "translation mismatch")
+		assert.Equal(t, test.report, r, "report mismatch")
+		baseutil.VerifyTranslations(t, translations, test.exceptions)
+		assert.NoError(t, translations.DebugVerifyCoverage(actual), "incomplete TranslationSet coverage")
+	})
+}
+
+// TODO: testing with two modules and merge those two tests and other scenerios
+func TestTranslateModule(t *testing.T) {
+	translations := []translate.Translation{
+		{From: path.New("yaml", "version"), To: path.New("json", "ignition", "version")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "filesystems")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "filesystems", 0)},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "filesystems", 0, "path")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "filesystems", 0, "device")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "filesystems", 0, "format")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files", 0)},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files", 0, "path")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files", 0, "append")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files", 0, "append", 0)},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files", 0, "append", 0, "source")},
+		{From: path.New("yaml", "selinux", "module"), To: path.New("json", "storage", "files", 0, "append", 0, "compression")},
+	}
+
+	// With 2 modules
+	in := Config{
+		Selinux: Selinux{
+			Module: []Module{
+				{
+					Name:    "some_name",
+					Content: "some content here",
+				},
+				{
+					Name:    "another_name",
+					Content: "some content here",
+				},
+			},
+		},
+	}
+	out := types.Config{
+		Ignition: types.Ignition{
+			Version: "3.5.0-experimental",
+		},
+		Storage: types.Storage{
+			Filesystems: []types.Filesystem{
+				{
+					Device: "/dev/disk/by-label/boot",
+					Format: util.StrToPtr("ext4"),
+					Path:   util.StrToPtr("/boot"),
+				},
+			},
+			Files: []types.File{
+				{
+					Node: types.Node{
+						Path: "/etc/selinux/targeted/modules/active/extra/some_name.cil",
+					},
+					FileEmbedded1: types.FileEmbedded1{
+						Append: []types.Resource{
+							{
+								Source:      util.StrToPtr("data:,some%20content%20here"),
+								Compression: util.StrToPtr(""),
+							},
+						},
+					},
+				},
+				{
+					Node: types.Node{
+						Path: "/etc/selinux/targeted/modules/active/extra/another_name.cil",
+					},
+					FileEmbedded1: types.FileEmbedded1{
+						Append: []types.Resource{
+							{
+								Source:      util.StrToPtr("data:,some%20content%20here"),
+								Compression: util.StrToPtr(""),
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	test := struct {
+		in         Config
+		out        types.Config
+		exceptions []translate.Translation
+		report     report.Report
+	}{
+		in,
+		out,
+		translations,
+		report.Report{},
+	}
+
+	t.Run(fmt.Sprintf("translate %d", 0), func(t *testing.T) {
+		actual, translations, r := test.in.ToIgn3_5Unvalidated(common.TranslateOptions{})
+		r = confutil.TranslateReportPaths(r, translations)
+		baseutil.VerifyReport(t, test.in, r)
+		assert.Equal(t, test.out, actual, "translation mismatch")
+		assert.Equal(t, test.report, r, "report mismatch")
+		baseutil.VerifyTranslations(t, translations, test.exceptions)
+		assert.NoError(t, translations.DebugVerifyCoverage(actual), "incomplete TranslationSet coverage")
+	})
+}