From 101f9a226b2f4b9faac2d0ee25d9fe7debac41b2 Mon Sep 17 00:00:00 2001 From: Richard C Isaacson Date: Thu, 20 Feb 2014 11:11:00 -0500 Subject: [PATCH] File - selinux tests in new framework. --- .../roles/test_file/tasks/main.yml | 25 +++++++++++----- .../roles/test_file/tasks/selinux_tests.yml | 29 +++++++++++++++++++ 2 files changed, 47 insertions(+), 7 deletions(-) create mode 100644 tests_new/integration/roles/test_file/tasks/selinux_tests.yml diff --git a/tests_new/integration/roles/test_file/tasks/main.yml b/tests_new/integration/roles/test_file/tasks/main.yml index a6b1a79016..399547076e 100644 --- a/tests_new/integration/roles/test_file/tasks/main.yml +++ b/tests_new/integration/roles/test_file/tasks/main.yml @@ -29,7 +29,7 @@ assert: { that: "file_result.changed == false" } - name: verify that the state is that of a file - assert: { that: "file_result.state == \"file\"" } + assert: { that: "file_result.state == 'file'" } - name: verify that we are checking an absent file file: path={{output_dir}}/bar.txt state=absent @@ -39,7 +39,7 @@ assert: { that: "file2_result.changed == false" } - name: verify that the file was marked as changed - assert: { that: "file2_result.state == \"absent\"" } + assert: { that: "file2_result.state == 'absent'" } - name: verify we can touch a file file: path={{output_dir}}/baz.txt state=touch @@ -49,10 +49,10 @@ assert: { that: "file3_result.changed == true" } - name: verify that the state is that of a file - assert: { that: "file3_result.state == \"file\"" } + assert: { that: "file3_result.state == 'file'" } - name: assert that the test file has a mode of 0644 - assert: { that: "file3_result.mode == \"0644\"" } + assert: { that: "file3_result.mode == '0644'" } - name: change file mode file: path={{output_dir}}/baz.txt mode=0600 @@ -62,7 +62,7 @@ assert: { that: "file4_result.changed == true" } - name: assert that the test file has a mode of 0600 - assert: { that: "file4_result.mode == \"0600\"" } + assert: { that: "file4_result.mode == '0600'" } - name: change ownership and group file: path={{output_dir}}/baz.txt owner=1000 group=1000 @@ -89,9 +89,20 @@ assert: { that: "file7_result.changed == true" } - name: assert that the test file has a mode of 0600 - assert: { that: "file7_result.state == \"directory\"" } + assert: { that: "file7_result.state == 'directory'" } -# FIXME selinux +- name: determine if selinux is installed + shell: which getenforce || exit 0 + register: selinux_installed + +- name: determine if selinux is enabled + shell: getenforce | grep -q Disabled || echo yes + register: selinux_enabled + when: selinux_installed.stdout != "" + ignore_errors: true + +- include: selinux_tests.yml + when: selinux_enabled - name: remote directory foobar file: path={{output_dir}}/foobar state=absent diff --git a/tests_new/integration/roles/test_file/tasks/selinux_tests.yml b/tests_new/integration/roles/test_file/tasks/selinux_tests.yml new file mode 100644 index 0000000000..7c898d46fc --- /dev/null +++ b/tests_new/integration/roles/test_file/tasks/selinux_tests.yml @@ -0,0 +1,29 @@ +# Test code for the file module - selinux subtasks. +# (c) 2014, Richard Isaacson + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +- name: touch a file for testing + file: path={{output_dir}}/foo-se.txt state=file + +- name: verify that the file was marked as changed + assert: { that: "file_result.changed == true" } + +- name: assert touch a file for testing matches expected selinux context + assert: { that: "file_result.secontext == 'unconfined_u:object_r:admin_home_t:s0'" } + +- name: remove the file used for testing + file: path={{output_dir}}/foo-se.txt state=absent \ No newline at end of file