From 101f9a226b2f4b9faac2d0ee25d9fe7debac41b2 Mon Sep 17 00:00:00 2001
From: Richard C Isaacson <richard.c.isaacson@gmail.com>
Date: Thu, 20 Feb 2014 11:11:00 -0500
Subject: [PATCH] File - selinux tests in new framework.

---
 .../roles/test_file/tasks/main.yml            | 25 +++++++++++-----
 .../roles/test_file/tasks/selinux_tests.yml   | 29 +++++++++++++++++++
 2 files changed, 47 insertions(+), 7 deletions(-)
 create mode 100644 tests_new/integration/roles/test_file/tasks/selinux_tests.yml

diff --git a/tests_new/integration/roles/test_file/tasks/main.yml b/tests_new/integration/roles/test_file/tasks/main.yml
index a6b1a790167..399547076e0 100644
--- a/tests_new/integration/roles/test_file/tasks/main.yml
+++ b/tests_new/integration/roles/test_file/tasks/main.yml
@@ -29,7 +29,7 @@
   assert: { that: "file_result.changed == false" }
 
 - name: verify that the state is that of a file
-  assert: { that: "file_result.state == \"file\"" }
+  assert: { that: "file_result.state == 'file'" }
 
 - name: verify that we are checking an absent file
   file: path={{output_dir}}/bar.txt state=absent
@@ -39,7 +39,7 @@
   assert: { that: "file2_result.changed == false" }
 
 - name: verify that the file was marked as changed
-  assert: { that: "file2_result.state == \"absent\"" }
+  assert: { that: "file2_result.state == 'absent'" }
 
 - name: verify we can touch a file
   file: path={{output_dir}}/baz.txt state=touch
@@ -49,10 +49,10 @@
   assert: { that: "file3_result.changed == true" }
 
 - name: verify that the state is that of a file
-  assert: { that: "file3_result.state == \"file\"" }
+  assert: { that: "file3_result.state == 'file'" }
 
 - name: assert that the test file has a mode of 0644
-  assert: { that: "file3_result.mode == \"0644\"" }
+  assert: { that: "file3_result.mode == '0644'" }
 
 - name: change file mode
   file: path={{output_dir}}/baz.txt mode=0600
@@ -62,7 +62,7 @@
   assert: { that: "file4_result.changed == true" }
 
 - name: assert that the test file has a mode of 0600
-  assert: { that: "file4_result.mode == \"0600\"" }
+  assert: { that: "file4_result.mode == '0600'" }
 
 - name: change ownership and group
   file: path={{output_dir}}/baz.txt owner=1000 group=1000
@@ -89,9 +89,20 @@
   assert: { that: "file7_result.changed == true" }
 
 - name: assert that the test file has a mode of 0600
-  assert: { that: "file7_result.state == \"directory\"" }
+  assert: { that: "file7_result.state == 'directory'" }
 
-# FIXME selinux
+- name: determine if selinux is installed
+  shell: which getenforce || exit 0
+  register: selinux_installed
+
+- name: determine if selinux is enabled
+  shell: getenforce | grep -q Disabled || echo yes
+  register: selinux_enabled
+  when: selinux_installed.stdout != ""
+  ignore_errors: true
+
+- include: selinux_tests.yml
+  when: selinux_enabled
 
 - name: remote directory foobar
   file: path={{output_dir}}/foobar state=absent
diff --git a/tests_new/integration/roles/test_file/tasks/selinux_tests.yml b/tests_new/integration/roles/test_file/tasks/selinux_tests.yml
new file mode 100644
index 00000000000..7c898d46fc1
--- /dev/null
+++ b/tests_new/integration/roles/test_file/tasks/selinux_tests.yml
@@ -0,0 +1,29 @@
+# Test code for the file module - selinux subtasks.
+# (c) 2014, Richard Isaacson <richard.c.isaacson@gmail.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+- name: touch a file for testing
+  file: path={{output_dir}}/foo-se.txt state=file
+
+- name: verify that the file was marked as changed
+  assert: { that: "file_result.changed == true" }
+
+- name: assert touch a file for testing matches expected selinux context
+  assert: { that: "file_result.secontext == 'unconfined_u:object_r:admin_home_t:s0'" }
+
+- name: remove the file used for testing
+  file: path={{output_dir}}/foo-se.txt state=absent
\ No newline at end of file