1""" 2 :codeauthor: Jayesh Kariya <jayeshk@saltstack.com> 3""" 4 5import pytest 6import salt.states.selinux as selinux 7from tests.support.mock import MagicMock, patch 8 9 10@pytest.fixture 11def configure_loader_modules(): 12 return {selinux: {}} 13 14 15def test_mode(): 16 """ 17 Test to verifies the mode SELinux is running in, 18 can be set to enforcing or permissive. 19 """ 20 ret = { 21 "name": "unknown", 22 "changes": {}, 23 "result": False, 24 "comment": "unknown is not an accepted mode", 25 } 26 assert selinux.mode("unknown") == ret 27 28 mock_en = MagicMock(return_value="Enforcing") 29 mock_pr = MagicMock(side_effect=["Permissive", "Enforcing"]) 30 with patch.dict( 31 selinux.__salt__, 32 { 33 "selinux.getenforce": mock_en, 34 "selinux.getconfig": mock_en, 35 "selinux.setenforce": mock_pr, 36 }, 37 ): 38 comt = "SELinux is already in Enforcing mode" 39 ret = {"name": "Enforcing", "comment": comt, "result": True, "changes": {}} 40 assert selinux.mode("Enforcing") == ret 41 42 with patch.dict(selinux.__opts__, {"test": True}): 43 comt = "SELinux mode is set to be changed to Permissive" 44 ret = { 45 "name": "Permissive", 46 "comment": comt, 47 "result": None, 48 "changes": {"new": "Permissive", "old": "Enforcing"}, 49 } 50 assert selinux.mode("Permissive") == ret 51 52 with patch.dict(selinux.__opts__, {"test": False}): 53 comt = "SELinux has been set to Permissive mode" 54 ret = { 55 "name": "Permissive", 56 "comment": comt, 57 "result": True, 58 "changes": {"new": "Permissive", "old": "Enforcing"}, 59 } 60 assert selinux.mode("Permissive") == ret 61 62 comt = "Failed to set SELinux to Permissive mode" 63 ret.update( 64 {"name": "Permissive", "comment": comt, "result": False, "changes": {}} 65 ) 66 assert selinux.mode("Permissive") == ret 67 68 69def test_boolean(): 70 """ 71 Test to set up an SELinux boolean. 72 """ 73 name = "samba_create_home_dirs" 74 value = True 75 ret = {"name": name, "changes": {}, "result": False, "comment": ""} 76 77 mock_en = MagicMock(return_value=[]) 78 with patch.dict(selinux.__salt__, {"selinux.list_sebool": mock_en}): 79 comt = "Boolean {} is not available".format(name) 80 ret.update({"comment": comt}) 81 assert selinux.boolean(name, value) == ret 82 83 mock_bools = MagicMock(return_value={name: {"State": "on", "Default": "on"}}) 84 with patch.dict(selinux.__salt__, {"selinux.list_sebool": mock_bools}): 85 comt = "None is not a valid value for the boolean" 86 ret.update({"comment": comt}) 87 assert selinux.boolean(name, None) == ret 88 89 comt = "Boolean is in the correct state" 90 ret.update({"comment": comt, "result": True}) 91 assert selinux.boolean(name, value, True) == ret 92 93 comt = "Boolean is in the correct state" 94 ret.update({"comment": comt, "result": True}) 95 assert selinux.boolean(name, value) == ret 96 97 mock_bools = MagicMock(return_value={name: {"State": "off", "Default": "on"}}) 98 mock = MagicMock(side_effect=[True, False]) 99 with patch.dict( 100 selinux.__salt__, 101 {"selinux.list_sebool": mock_bools, "selinux.setsebool": mock}, 102 ): 103 with patch.dict(selinux.__opts__, {"test": True}): 104 comt = "Boolean samba_create_home_dirs is set to be changed to on" 105 ret.update({"comment": comt, "result": None}) 106 assert selinux.boolean(name, value) == ret 107 108 with patch.dict(selinux.__opts__, {"test": False}): 109 comt = "Boolean samba_create_home_dirs has been set to on" 110 ret.update({"comment": comt, "result": True}) 111 ret.update({"changes": {"State": {"old": "off", "new": "on"}}}) 112 assert selinux.boolean(name, value) == ret 113 114 comt = "Failed to set the boolean samba_create_home_dirs to on" 115 ret.update({"comment": comt, "result": False}) 116 ret.update({"changes": {}}) 117 assert selinux.boolean(name, value) == ret 118