Merge pull request #1516 from SimonHoenscheid/manage_selinux_parameter

SimonHoenscheid · web-flow · commit 476734001c9a · 2023-09-25T17:24:29.000+02:00
add $manage_selinux as a parameter, keep default, simpler condition
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -2429,6 +2429,7 @@ The following parameters are available in the `postgresql::server::instance::con
 * [`password_encryption`](#-postgresql--server--instance--config--password_encryption)
 * [`pg_hba_auth_password_encryption`](#-postgresql--server--instance--config--pg_hba_auth_password_encryption)
 * [`extra_systemd_config`](#-postgresql--server--instance--config--extra_systemd_config)
+* [`manage_selinux`](#-postgresql--server--instance--config--manage_selinux)
 
 ##### <a name="-postgresql--server--instance--config--ip_mask_deny_postgres_user"></a>`ip_mask_deny_postgres_user`
 
@@ -2667,6 +2668,14 @@ Adds extra config to systemd config file, can for instance be used to add extra
 
 Default value: `$postgresql::server::extra_systemd_config`
 
+##### <a name="-postgresql--server--instance--config--manage_selinux"></a>`manage_selinux`
+
+Data type: `Boolean`
+
+Specifies whether or not manage the conf file for selinux.
+
+Default value: `$postgresql::server::manage_selinux`
+
 ### <a name="postgresql--server--instance--initdb"></a>`postgresql::server::instance::initdb`
 
 Manages initdb feature for a postgresql::server instance
diff --git a/manifests/server/instance/config.pp b/manifests/server/instance/config.pp
@@ -47,6 +47,7 @@
 #   this value is usefull if you want to start enforcing scram-sha-256, but give users transition time.
 # @param extra_systemd_config
 #   Adds extra config to systemd config file, can for instance be used to add extra openfiles. This can be a multi line string
+# @param manage_selinux Specifies whether or not manage the conf file for selinux.
 define postgresql::server::instance::config (
   String[1]                                      $ip_mask_deny_postgres_user   = $postgresql::server::ip_mask_deny_postgres_user,
   String[1]                                      $ip_mask_allow_all_users      = $postgresql::server::ip_mask_allow_all_users,
@@ -76,6 +77,7 @@
   Postgresql::Pg_password_encryption             $password_encryption          = $postgresql::server::password_encryption,
   Optional[Postgresql::Pg_password_encryption]   $pg_hba_auth_password_encryption = $postgresql::server::pg_hba_auth_password_encryption,
   Optional[String]                               $extra_systemd_config         = $postgresql::server::extra_systemd_config,
+  Boolean                                        $manage_selinux               = $postgresql::server::manage_selinux,
 ) {
   $_pg_hba_auth_password_encryption = pick($pg_hba_auth_password_encryption,$password_encryption)
 
@@ -164,7 +166,7 @@
   }
 
   # ensure that SELinux has a proper label for the port defined
-  if $postgresql::server::manage_selinux == true and $facts['os']['selinux']['enabled'] == true {
+  if $manage_selinux and $facts['os']['selinux']['enabled'] {
     case $facts['os']['family'] {
       'RedHat', 'Linux': {
         if $facts['os']['name'] == 'Amazon' {
