SELinux state should now be correctly set back to enforcing (#49)

Author: alessfg

CHANGELOG.md

@@ -8,7 +8,8 @@ Update Molecule to `3.2.0` and Docker Python SDK to `4.4.0`.
 
 BUG FIXES:
 
-Switch to explicit boolean values in `sub_filter` defaults for `last_modified` and `since` in `nginx_config_main_template`. `"on"` and `"off"` values are treated as true instead of true/false when surrounded by double quotes. By always resorting to true/false we avoid unaccounted edge cases.
+*   Switch to explicit boolean values in `sub_filter` defaults for `last_modified` and `since` in `nginx_config_main_template`. `"on"` and `"off"` values are treated as true instead of true/false when surrounded by double quotes. By always resorting to true/false we avoid unaccounted edge cases.
+*   Fix issue whereas SELinux state would not be correctly set back to `enforcing` when `nginx_config_selinux: true`.
 
 ## 0.3.0 (November 17, 2020)
 

defaults/main/selinux.yml

@@ -1,7 +1,7 @@
 ---
 # Set SELinux enforcing for NGINX (Centos/Redhat only) - you may need to open ports on your own
 nginx_config_selinux: false
-# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_unit_selinux: true)
+# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_config_selinux: true)
 nginx_config_selinux_enforcing: true
 # List of TCP ports to add to http_port_t type (80 and 443 have this type already)
 # nginx_config_selinux_tcp_ports:

tasks/prerequisites/setup-selinux.yml

@@ -21,8 +21,6 @@
   selinux:
     state: permissive
     policy: targeted
-  changed_when: false
-  when: ansible_facts['selinux']['mode'] == "enforcing"
 
 - name: Allow SELinux HTTP network connections
   seboolean:
@@ -72,7 +70,4 @@
   selinux:
     state: enforcing
     policy: targeted
-  changed_when: false
-  when:
-    - nginx_config_selinux_enforcing
-    - ansible_facts['selinux']['mode'] == "permissive"
+  when: nginx_config_selinux_enforcing