Fix none problem

Signed-off-by: Radovan Sroka <[email protected]>
linux-system-roles · Nov 14, 2023 · 528eb19 · 528eb19
1 parent 394c72a
commit 528eb19
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 19 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -8,17 +8,17 @@ fapolicyd_setup_enable_service: false
 
 # trust list for fapolicyd configuration file
 # default "rpmdb,file"
-fapolicyd_setup_trust: null
+fapolicyd_setup_trust: "{{ none if ansible_facts.distribution_version is version('8.2', '<=') else 'rpmdb,file' }}"
 
 # set integrity
 # default "none"
 # can be "none", "size", "sha256", "ima"
 # in case of ima, kernel's IMA has to be setup correctly
-fapolicyd_setup_integrity: null
+fapolicyd_setup_integrity: "{{ none if ansible_facts.distribution_version is version('8.3', '<=') else 'none' }}"
 
 # set permissive mode
 fapolicyd_setup_permissive: false
 
 # fapolicyd trust file managament
 # list of trusted files
-fapolicyd_add_trusted_file: []
+fapolicyd_add_trusted_file: "{{ none if ansible_facts.distribution_version is version('8.2', '<=') else [] }}"
diff --git a/examples/minimal.yml b/examples/minimal.yml
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: MIT
+---
+- name: Minimal fapolicyd role invocation
+  hosts: all
+  roles:
+    - linux-system-roles.fapolicyd
diff --git a/tasks/enable.yml b/tasks/enable.yml
@@ -6,7 +6,7 @@
       on EL version < 8.3
   ignore_errors: true
   when:
-    - fapolicyd_setup_trust is not none
+    - fapolicyd_setup_trust
     - ansible_facts.distribution_version is version("8.2", "<=")
   register: __failed_check_trust
 
@@ -17,7 +17,7 @@
       on EL version < 8.4
   ignore_errors: true
   when:
-    - fapolicyd_setup_integrity is not none
+    - fapolicyd_setup_integrity
     - ansible_facts.distribution_version is version("8.3", "<=")
   register: __failed_check_integrity
 
@@ -28,7 +28,7 @@
       on EL version < 8.4
   ignore_errors: true
   when:
-    - fapolicyd_add_trusted_file is not none
+    - fapolicyd_add_trusted_file
     - ansible_facts.distribution_version is version("8.3", "<=")
   register: __failed_check_trusted_file
 
@@ -67,17 +67,18 @@
 
 - name: Trustdb cleanup
   command: fapolicyd-cli --file delete /
-  when: fapolicyd_add_trusted_file is not none
+  when:
+    - fapolicyd_add_trusted_file
+    - ansible_facts.distribution_version is version("8.3", ">=")
   changed_when: true
   failed_when: false
 
 - name: Add file to trustdb
-  command: fapolicyd-cli --file add "{{ item | quote }}"
+  command: fapolicyd-cli --file add {{ item | quote }}
   loop: "{{ (fapolicyd_add_trusted_file is string) |
     ternary([fapolicyd_add_trusted_file], fapolicyd_add_trusted_file) }}"
   when:
-    - fapolicyd_add_trusted_file is string or
-      fapolicyd_add_trusted_file | length > 0
+    - fapolicyd_add_trusted_file
     - ansible_facts.distribution_version is version("8.3", ">=")
   changed_when: true
 

diff --git a/templates/fapolicyd.conf.j2 b/templates/fapolicyd.conf.j2
@@ -19,19 +19,14 @@ obj_cache_size = 8191
 watch_fs = ext2,ext3,ext4,tmpfs,xfs,vfat,iso9660,btrfs
 {% endif %}
 
-{% if fapolicyd_setup_trust is not none
-  or ansible_facts.distribution_version is version("8.3", ">=") %}
-trust = {{ (fapolicyd_setup_trust is not none) | ternary(fapolicyd_setup_trust, "rpmdb,file") }}
+{% if fapolicyd_setup_trust %}
+trust = {{ fapolicyd_setup_trust }}
 {% endif %}
 
 {% if ansible_facts.distribution_version is version("8.3", ">=") %}
 syslog_format = rule,dec,perm,auid,pid,exe,:,path,ftype,trust
 {% endif %}
 
-{% if fapolicyd_setup_integrity is not none
-  or ansible_facts.distribution_version is version("8.4", ">=") %}
-integrity = {{ (fapolicyd_setup_integrity is not none) | ternary(fapolicyd_setup_integrity, "none") }}
+{% if fapolicyd_setup_integrity %}
+integrity = {{ fapolicyd_setup_integrity }}
 {% endif %}
-
-#rpm_sha256_only = 0
-#allow_filesystem_mark = 0