File: selmodule_spec.rb

package info (click to toggle)
puppet-agent 8.10.0-5
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 27,392 kB
  • sloc: ruby: 286,820; sh: 492; xml: 116; makefile: 88; cs: 68
file content (154 lines) | stat: -rw-r--r-- 5,997 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
# NOTE: This unit test depends on having a sample SELinux policy file
# in the same directory as this test called selmodule-example
# with version 1.5.0.  The provided selmodule-example is the first
# 256 bytes taken from /usr/share/selinux/targeted/nagios.pp on Fedora 9

require 'spec_helper'
require 'stringio'

describe Puppet::Type.type(:selmodule).provider(:semodule) do
  let(:resource) { instance_double('resource', name: name) }
  let(:provider) { described_class.new(resource) }

  before :each do
    allow(resource).to receive(:[]).and_return name
  end

  def loaded_modules
    {
      'bar'  => '1.2.3',
      'foo'  => '4.4.4',
      'bang' => '1.0.0',
    }
  end

  def semodule_list_output
    loaded_modules.map { |k, v| "#{k}\t#{v}" }.join("\n")
  end

  describe 'selmodules_loaded' do
    let(:name) { 'foo' }

    it 'returns raise an exception when running selmodule raises an exception' do
      provider.class.loaded_modules = nil # Reset loaded_modules before test
      allow(provider.class).to receive(:command).with(:semodule).and_return '/usr/sbin/semodule'
      allow(provider.class).to receive(:execpipe).with('/usr/sbin/semodule --list')
                                                 .and_yield(StringIO.new("this is\nan error")).and_raise(Puppet::ExecutionFailure, 'it failed')
      expect { provider.selmodules_loaded }
        .to raise_error(Puppet::Error, %r{Could not list policy modules: ".*" failed with "this is an error"})
    end

    it 'returns empty hash if no modules are loaded' do
      provider.class.loaded_modules = nil # Reset loaded_modules before test
      allow(provider.class).to receive(:command).with(:semodule).and_return '/usr/sbin/semodule'
      allow(provider.class).to receive(:execpipe).with('/usr/sbin/semodule --list').and_yield StringIO.new('')
      expect(provider.selmodules_loaded).to eq({})
    end

    it 'returns hash of loaded modules' do
      provider.class.loaded_modules = nil # Reset loaded_modules before test
      allow(provider.class).to receive(:command).with(:semodule).and_return '/usr/sbin/semodule'
      allow(provider.class).to receive(:execpipe).with('/usr/sbin/semodule --list').and_yield StringIO.new(semodule_list_output)
      expect(provider.selmodules_loaded).to eq(loaded_modules)
    end

    it 'returns cached hash of loaded modules' do
      allow(provider.class).to receive(:loaded_modules).and_return loaded_modules
      allow(provider.class).to receive(:command).with(:semodule).and_return '/usr/sbin/semodule'
      allow(provider.class).to receive(:execpipe).with('/usr/sbin/semodule --list').and_yield StringIO.new("test\t1.0.0")
      expect(provider.selmodules_loaded).to eq(loaded_modules)
    end

    it 'returns cached hash of loaded modules and does not raise an exception' do
      allow(provider.class).to receive(:loaded_modules).and_return loaded_modules
      allow(provider.class).to receive(:command).with(:semodule).and_return '/usr/sbin/semodule'
      allow(provider.class).to receive(:execpipe).with('/usr/sbin/semodule --list')
                                                 .and_yield(StringIO.new('this should not be called')).and_raise(Puppet::ExecutionFailure, 'it failed')
      expect(provider.selmodules_loaded).to eq(loaded_modules)
    end
  end

  describe 'exists? method' do
    context 'with name foo' do
      let(:name) { 'foo' }

      it 'returns false if no modules are loaded' do
        allow(provider).to receive(:selmodules_loaded).and_return({})
        expect(provider.exists?).to eq(false)
      end

      it 'finds a module if it is already loaded' do
        allow(provider).to receive(:selmodules_loaded).and_return loaded_modules
        expect(provider.exists?).to eq(true)
      end
    end

    context 'with name foobar' do
      let(:name) { 'foobar' }

      it 'returns false if not loaded' do
        allow(provider).to receive(:selmodules_loaded).and_return loaded_modules
        expect(provider.exists?).to eq(false)
      end
    end

    context 'with name myfoo' do
      let(:name) { 'myfoo' }

      it 'returns false if module with same suffix is loaded' do
        allow(provider).to receive(:selmodules_loaded).and_return loaded_modules
        expect(provider.exists?).to eq(false)
      end
    end
  end

  describe 'selmodversion_file' do
    let(:name) { 'foo' }

    it 'returns 1.5.0 for the example policy file' do
      allow(provider).to receive(:selmod_name_to_filename).and_return "#{File.dirname(__FILE__)}/selmodule-example"
      expect(provider.selmodversion_file).to eq('1.5.0')
    end
  end

  describe 'syncversion' do
    let(:name) { 'foo' }

    it 'returns :true if loaded and file modules are in sync' do
      allow(provider).to receive(:selmodversion_loaded).and_return '1.5.0'
      allow(provider).to receive(:selmodversion_file).and_return '1.5.0'
      expect(provider.syncversion).to eq(:true)
    end

    it 'returns :false if loaded and file modules are not in sync' do
      allow(provider).to receive(:selmodversion_loaded).and_return '1.4.0'
      allow(provider).to receive(:selmodversion_file).and_return '1.5.0'
      expect(provider.syncversion).to eq(:false)
    end

    it 'returns before checking file version if no loaded policy' do
      allow(provider).to receive(:selmodversion_loaded).and_return nil
      expect(provider.syncversion).to eq(:false)
    end
  end

  describe 'selmodversion_loaded' do
    context 'with name foo' do
      let(:name) { 'foo' }

      it 'returns the version of a loaded module' do
        allow(provider).to receive(:selmodules_loaded).and_return loaded_modules
        expect(provider.selmodversion_loaded).to eq('4.4.4')
      end
    end

    context 'with name foobar' do
      let(:name) { 'foobar' }

      it 'returns nil if module is not loaded' do
        allow(provider).to receive(:selmodules_loaded).and_return loaded_modules
        expect(provider.selmodversion_loaded).to be_nil
      end
    end
  end
end