| Server IP : 172.67.158.161 / Your IP : 3.144.9.115 Web Server : LiteSpeed System : Linux business53.web-hosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64 User : giankuin ( 1871) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /opt/puppetlabs/puppet/vendor_modules/selinux_core/spec/unit/provider/ |
Upload File : |
# NOTE: This unit test depends on having a sample SELinux policy file
# in the same directory as this test called selmodule-example
# with version 1.5.0. The provided selmodule-example is the first
# 256 bytes taken from /usr/share/selinux/targeted/nagios.pp on Fedora 9
require 'spec_helper'
require 'stringio'
describe Puppet::Type.type(:selmodule).provider(:semodule) do
let(:resource) { instance_double('resource', name: name) }
let(:provider) { described_class.new(resource) }
before :each do
allow(resource).to receive(:[]).and_return name
end
def loaded_modules
{
'bar' => '1.2.3',
'foo' => '4.4.4',
'bang' => '1.0.0',
}
end
def semodule_list_output
loaded_modules.map { |k, v| "#{k}\t#{v}" }.join("\n")
end
describe 'selmodules_loaded' do
let(:name) { 'foo' }
it 'returns raise an exception when running selmodule raises an exception' do
provider.class.loaded_modules = nil # Reset loaded_modules before test
allow(provider.class).to receive(:command).with(:semodule).and_return '/usr/sbin/semodule'
allow(provider.class).to receive(:execpipe).with('/usr/sbin/semodule --list')
.and_yield(StringIO.new("this is\nan error")).and_raise(Puppet::ExecutionFailure, 'it failed')
expect { provider.selmodules_loaded }
.to raise_error(Puppet::Error, %r{Could not list policy modules: ".*" failed with "this is an error"})
end
it 'returns empty hash if no modules are loaded' do
provider.class.loaded_modules = nil # Reset loaded_modules before test
allow(provider.class).to receive(:command).with(:semodule).and_return '/usr/sbin/semodule'
allow(provider.class).to receive(:execpipe).with('/usr/sbin/semodule --list').and_yield StringIO.new('')
expect(provider.selmodules_loaded).to eq({})
end
it 'returns hash of loaded modules' do
provider.class.loaded_modules = nil # Reset loaded_modules before test
allow(provider.class).to receive(:command).with(:semodule).and_return '/usr/sbin/semodule'
allow(provider.class).to receive(:execpipe).with('/usr/sbin/semodule --list').and_yield StringIO.new(semodule_list_output)
expect(provider.selmodules_loaded).to eq(loaded_modules)
end
it 'returns cached hash of loaded modules' do
allow(provider.class).to receive(:loaded_modules).and_return loaded_modules
allow(provider.class).to receive(:command).with(:semodule).and_return '/usr/sbin/semodule'
allow(provider.class).to receive(:execpipe).with('/usr/sbin/semodule --list').and_yield StringIO.new("test\t1.0.0")
expect(provider.selmodules_loaded).to eq(loaded_modules)
end
it 'returns cached hash of loaded modules and does not raise an exception' do
allow(provider.class).to receive(:loaded_modules).and_return loaded_modules
allow(provider.class).to receive(:command).with(:semodule).and_return '/usr/sbin/semodule'
allow(provider.class).to receive(:execpipe).with('/usr/sbin/semodule --list')
.and_yield(StringIO.new('this should not be called')).and_raise(Puppet::ExecutionFailure, 'it failed')
expect(provider.selmodules_loaded).to eq(loaded_modules)
end
end
describe 'exists? method' do
context 'with name foo' do
let(:name) { 'foo' }
it 'returns false if no modules are loaded' do
allow(provider).to receive(:selmodules_loaded).and_return({})
expect(provider.exists?).to eq(false)
end
it 'finds a module if it is already loaded' do
allow(provider).to receive(:selmodules_loaded).and_return loaded_modules
expect(provider.exists?).to eq(true)
end
end
context 'with name foobar' do
let(:name) { 'foobar' }
it 'returns false if not loaded' do
allow(provider).to receive(:selmodules_loaded).and_return loaded_modules
expect(provider.exists?).to eq(false)
end
end
context 'with name myfoo' do
let(:name) { 'myfoo' }
it 'returns false if module with same suffix is loaded' do
allow(provider).to receive(:selmodules_loaded).and_return loaded_modules
expect(provider.exists?).to eq(false)
end
end
end
describe 'selmodversion_file' do
let(:name) { 'foo' }
it 'returns 1.5.0 for the example policy file' do
allow(provider).to receive(:selmod_name_to_filename).and_return "#{File.dirname(__FILE__)}/selmodule-example"
expect(provider.selmodversion_file).to eq('1.5.0')
end
end
describe 'syncversion' do
let(:name) { 'foo' }
it 'returns :true if loaded and file modules are in sync' do
allow(provider).to receive(:selmodversion_loaded).and_return '1.5.0'
allow(provider).to receive(:selmodversion_file).and_return '1.5.0'
expect(provider.syncversion).to eq(:true)
end
it 'returns :false if loaded and file modules are not in sync' do
allow(provider).to receive(:selmodversion_loaded).and_return '1.4.0'
allow(provider).to receive(:selmodversion_file).and_return '1.5.0'
expect(provider.syncversion).to eq(:false)
end
it 'returns before checking file version if no loaded policy' do
allow(provider).to receive(:selmodversion_loaded).and_return nil
expect(provider.syncversion).to eq(:false)
end
end
describe 'selmodversion_loaded' do
context 'with name foo' do
let(:name) { 'foo' }
it 'returns the version of a loaded module' do
allow(provider).to receive(:selmodules_loaded).and_return loaded_modules
expect(provider.selmodversion_loaded).to eq('4.4.4')
end
end
context 'with name foobar' do
let(:name) { 'foobar' }
it 'returns nil if module is not loaded' do
allow(provider).to receive(:selmodules_loaded).and_return loaded_modules
expect(provider.selmodversion_loaded).to be_nil
end
end
end
end