New and improved tests for file type SELinux contexts

3 files changed, 83 insertions, 28 deletions

diff --git a/lib/puppet/util/selinux.rb b/lib/puppet/util/selinux.rb
index 6a9bcaf79..c25773344 100644
--- a/lib/puppet/util/selinux.rb
+++ b/lib/puppet/util/selinux.rb
@@ -51,7 +51,7 @@ module Puppet::Util::SELinux
     # out to the three (or four) component parts.  Supports :seluser, :selrole,
     # :seltype, and on systems with range support, :selrange.
     def parse_selinux_context(component, context)
-        if context == "unlabeled"
+        if context.nil? or context == "unlabeled"
             return nil
         end
         unless context =~ /^[a-z0-9_]+:[a-z0-9_]+:[a-z0-9_]+(:[a-z0-9_])?/
diff --git a/spec/unit/other/selinux.rb b/spec/unit/other/selinux.rb
index 26cd84021..e4bdf390b 100644
--- a/spec/unit/other/selinux.rb
+++ b/spec/unit/other/selinux.rb
@@ -5,33 +5,6 @@ require File.dirname(__FILE__) + '/../../spec_helper'
 require 'puppet/type/selboolean'
 require 'puppet/type/selmodule'
 
-describe Puppet.type(:file), " when manipulating file contexts" do
-	before :each do
-	        @file = Puppet::Type::File.create(
-			:name => "/tmp/foo",
-			:ensure => "file",
-			:seluser => "user_u",
-			:selrole => "role_r",
-			:seltype => "type_t",
-			:selrange => "s0" )
-	end
-	it "should use :seluser to get/set an SELinux user file context attribute" do
-		@file.property(:seluser).should == "user_u"
-	end
-	it "should use :selrole to get/set an SELinux role file context attribute" do
-		@file.property(:selrole).should == "role_r"
-	end
-	it "should use :seltype to get/set an SELinux user file context attribute" do
-		@file.property(:seltype).should == "type_t"
-	end
-	it "should use :selrange to get/set an SELinux range file context attribute" do
-		@file.property(:seltype).should == "s0"
-	end
-	after :each do
-		Puppet::Type::File.clear()
-	end
-end
-
 describe Puppet.type(:selboolean), " when manipulating booleans" do
 	before :each do
 		@bool = Puppet::Type::Selboolean.create(
diff --git a/spec/unit/type/file/selinux.rb b/spec/unit/type/file/selinux.rb
new file mode 100644
index 000000000..5e2c3539c
--- /dev/null
+++ b/spec/unit/type/file/selinux.rb
@@ -0,0 +1,82 @@
+#!/usr/bin/env ruby
+
+Dir.chdir(File.dirname(__FILE__)) { (s = lambda { |f| File.exist?(f) ? require(f) : Dir.chdir("..") { s.call(f) } }).call("spec/spec_helper.rb") }
+
+
+[:seluser, :selrole, :seltype, :selrange].each do |param|
+property = Puppet::Type.type(:file).attrclass(param)
+    describe property do
+        before do
+            @resource = mock 'resource'
+            @resource.stubs(:[]).with(:path).returns "/my/file"
+            @sel = property.new :resource => @resource
+        end
+
+        it "retrieve on #{param} should return :absent if the file isn't statable" do
+            @resource.expects(:stat).returns nil
+            @sel.retrieve.should == :absent
+        end
+
+        it "should retrieve nil for #{param} if there is no SELinux support" do
+            stat = stub 'stat', :ftype => "foo"
+            @resource.expects(:stat).returns stat
+            @sel.expects(:get_selinux_current_context).with("/my/file").returns nil
+            @sel.retrieve.should be_nil
+        end
+
+        it "should retrieve #{param} if a SELinux context is found with a range" do
+            stat = stub 'stat', :ftype => "foo"
+            @resource.expects(:stat).returns stat
+            @sel.expects(:get_selinux_current_context).with("/my/file").returns "user_u:role_r:type_t:s0"
+            expectedresult = case param
+                when :seluser then "user_u"
+                when :selrole then "role_r"
+                when :seltype then "type_t"
+                when :selrange then "s0"
+            end
+            @sel.retrieve.should == expectedresult
+        end
+
+        it "should retrieve #{param} if a SELinux context is found without a range" do
+            stat = stub 'stat', :ftype => "foo"
+            @resource.expects(:stat).returns stat
+            @sel.expects(:get_selinux_current_context).with("/my/file").returns "user_u:role_r:type_t"
+            expectedresult = case param
+                when :seluser then "user_u"
+                when :selrole then "role_r"
+                when :seltype then "type_t"
+                when :selrange then nil
+            end
+            @sel.retrieve.should == expectedresult
+        end
+
+        it "should handle no default gracefully" do
+            @sel.expects(:get_selinux_default_context).with("/my/file").returns nil
+            @sel.default.must be_nil
+        end
+
+        it "should be able to detect matchpathcon defaults" do
+            @sel.expects(:get_selinux_default_context).with("/my/file").returns "user_u:role_r:type_t:s0"
+            expectedresult = case param
+                when :seluser then "user_u"
+                when :selrole then "role_r"
+                when :seltype then "type_t"
+                when :selrange then "s0"
+            end
+            @sel.default.must == expectedresult
+        end
+
+        it "should be able to set a new context" do
+            stat = stub 'stat', :ftype => "foo"
+            @resource.expects(:stat).returns stat
+            @sel.should = %w{newone}
+            @sel.expects(:set_selinux_context).with("/my/file", ["newone"], param)
+            @sel.sync
+        end
+
+        after do
+            Puppet::Type.type(:file).clear
+        end
+    end
+end
+