1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
#! /usr/bin/env ruby
# Note: This unit test depends on having a sample SELinux policy file
# in the same directory as this test called selmodule-example.pp
# with version 1.5.0. The provided selmodule-example.pp is the first
# 256 bytes taken from /usr/share/selinux/targeted/nagios.pp on Fedora 9
require 'spec_helper'
require 'stringio'
provider_class = Puppet::Type.type(:selmodule).provider(:semodule)
describe provider_class do
before :each do
@resource = stub("resource", :name => "foo")
@resource.stubs(:[]).returns "foo"
@provider = provider_class.new(@resource)
end
describe "exists? method" do
it "should find a module if it is already loaded" do
@provider.expects(:command).with(:semodule).returns "/usr/sbin/semodule"
@provider.expects(:execpipe).with("/usr/sbin/semodule --list").yields StringIO.new("bar\t1.2.3\nfoo\t4.4.4\nbang\t1.0.0\n")
expect(@provider.exists?).to eq(:true)
end
it "should return nil if not loaded" do
@provider.expects(:command).with(:semodule).returns "/usr/sbin/semodule"
@provider.expects(:execpipe).with("/usr/sbin/semodule --list").yields StringIO.new("bar\t1.2.3\nbang\t1.0.0\n")
expect(@provider.exists?).to be_nil
end
it "should return nil if module with same suffix is loaded" do
@provider.expects(:command).with(:semodule).returns "/usr/sbin/semodule"
@provider.expects(:execpipe).with("/usr/sbin/semodule --list").yields StringIO.new("bar\t1.2.3\nmyfoo\t1.0.0\n")
expect(@provider.exists?).to be_nil
end
it "should return nil if no modules are loaded" do
@provider.expects(:command).with(:semodule).returns "/usr/sbin/semodule"
@provider.expects(:execpipe).with("/usr/sbin/semodule --list").yields StringIO.new("")
expect(@provider.exists?).to be_nil
end
end
describe "selmodversion_file" do
it "should return 1.5.0 for the example policy file" do
@provider.expects(:selmod_name_to_filename).returns "#{File.dirname(__FILE__)}/selmodule-example.pp"
expect(@provider.selmodversion_file).to eq("1.5.0")
end
end
describe "syncversion" do
it "should return :true if loaded and file modules are in sync" do
@provider.expects(:selmodversion_loaded).returns "1.5.0"
@provider.expects(:selmodversion_file).returns "1.5.0"
expect(@provider.syncversion).to eq(:true)
end
it "should return :false if loaded and file modules are not in sync" do
@provider.expects(:selmodversion_loaded).returns "1.4.0"
@provider.expects(:selmodversion_file).returns "1.5.0"
expect(@provider.syncversion).to eq(:false)
end
it "should return before checking file version if no loaded policy" do
@provider.expects(:selmodversion_loaded).returns nil
expect(@provider.syncversion).to eq(:false)
end
end
describe "selmodversion_loaded" do
it "should return the version of a loaded module" do
@provider.expects(:command).with(:semodule).returns "/usr/sbin/semodule"
@provider.expects(:execpipe).with("/usr/sbin/semodule --list").yields StringIO.new("bar\t1.2.3\nfoo\t4.4.4\nbang\t1.0.0\n")
expect(@provider.selmodversion_loaded).to eq("4.4.4")
end
it 'should return raise an exception when running selmodule raises an exception' do
@provider.expects(:command).with(:semodule).returns "/usr/sbin/semodule"
@provider.expects(:execpipe).with("/usr/sbin/semodule --list").yields("this is\nan error").raises(Puppet::ExecutionFailure, 'it failed')
expect {@provider.selmodversion_loaded}.to raise_error(Puppet::ExecutionFailure, /Could not list policy modules: ".*" failed with "this is an error"/)
end
end
end
|
