rpms / rhel-system-roles

Clone
Source Code
GIT

Blame SOURCES/selinux-tier1-tags.diff

c7-alt c7-extras c8 c8-beta c8s c9 c9-beta
  1.   8b3abe4e4590865efcb8f2932a8f8f10bf7153a7
  2.   SOURCES
  3.   selinux-tier1-tags.diff
Blob History Raw
8b3abe 
diff --git a/tests/set_selinux_variables.yml b/tests/set_selinux_variables.yml
8b3abe 
index f294101..7571066 100644
8b3abe 
--- a/tests/set_selinux_variables.yml
8b3abe 
+++ b/tests/set_selinux_variables.yml
8b3abe 
@@ -1,4 +1,12 @@
8b3abe 
 ---
8b3abe 
+- name: Install SELinux tool semanage on Fedora
8b3abe 
+  package:
8b3abe 
+    name:
8b3abe 
+      - policycoreutils-python-utils
8b3abe 
+    state: present
8b3abe 
+  when: ansible_distribution == "Fedora" or
8b3abe 
+    ( ansible_distribution_major_version > "7" and
8b3abe 
+      ( ansible_distribution == "CentOS" or ansible_distribution == "RedHat" ))
8b3abe 
 - name: Get local modifications - boolean
8b3abe 
   command: /usr/sbin/semanage boolean -l -n -C
8b3abe 
   register: selinux_role_boolean
8b3abe 
diff --git a/tests/tests_boolean.yml b/tests/tests_boolean.yml
8b3abe 
index 47eafc0..ca85922 100644
8b3abe 
--- a/tests/tests_boolean.yml
8b3abe 
+++ b/tests/tests_boolean.yml
8b3abe 
@@ -1,5 +1,6 @@
8b3abe
8b3abe 
 - name: Check if selinux role sets SELinux booleans
8b3abe 
+  tags: [ 'tests::tier1', 'tests::expfail' ]
8b3abe 
   hosts: all
8b3abe 
   become: true
8b3abe
8b3abe 
@@ -12,7 +13,7 @@
8b3abe 
         selinux_booleans:
8b3abe 
           - { name: 'samba_enable_home_dirs', state: 'on', persistent: 'yes' }
8b3abe
8b3abe 
-    - include: set_selinux_variables.yml
8b3abe 
+    - import_tasks: set_selinux_variables.yml
8b3abe 
     - name: save state after initial changes and before other changes
8b3abe 
       set_fact:
8b3abe 
         boolean_before: "{{ selinux_role_boolean.stdout_lines }}"
8b3abe 
diff --git a/tests/tests_default.yml b/tests/tests_default.yml
8b3abe 
index a837c73..25bf39d 100644
8b3abe 
--- a/tests/tests_default.yml
8b3abe 
+++ b/tests/tests_default.yml
8b3abe 
@@ -1,5 +1,6 @@
8b3abe
8b3abe 
 - name: Ensure that the role runs with default parameters
8b3abe 
+  tags: tests::tier1
8b3abe 
   hosts: all
8b3abe
8b3abe 
   roles:
8b3abe 
diff --git a/tests/tests_default_vars.yml b/tests/tests_default_vars.yml
8b3abe 
index b6a6b5a..7cd321d 100644
8b3abe 
--- a/tests/tests_default_vars.yml
8b3abe 
+++ b/tests/tests_default_vars.yml
8b3abe 
@@ -1,4 +1,5 @@
8b3abe 
 - name: Ensure that the role declares all paremeters in defaults
8b3abe 
+  tags: tests::tier1
8b3abe 
   hosts: all
8b3abe
8b3abe 
   roles:
8b3abe 
diff --git a/tests/tests_fcontext.yml b/tests/tests_fcontext.yml
8b3abe 
index 0a411fb..f4a3923 100644
8b3abe 
--- a/tests/tests_fcontext.yml
8b3abe 
+++ b/tests/tests_fcontext.yml
8b3abe 
@@ -1,5 +1,6 @@
8b3abe
8b3abe 
 - name: Check if selinux role sets SELinux fcontext mappings
8b3abe 
+  tags: tests::tier1
8b3abe 
   hosts: all
8b3abe 
   become: true
8b3abe
8b3abe 
@@ -13,7 +14,7 @@
8b3abe 
         selinux_fcontexts:
8b3abe 
           - { target: '/tmp/test_dir1(/.*)?', setype: 'user_home_dir_t', ftype: 'd' }
8b3abe
8b3abe 
-    - include: set_selinux_variables.yml
8b3abe 
+    - import_tasks: set_selinux_variables.yml
8b3abe 
     - name: save state after initial changes and before other changes
8b3abe 
       set_fact:
8b3abe 
         fcontext_before: "{{ selinux_role_fcontext.stdout }}"
8b3abe 
diff --git a/tests/tests_login.yml b/tests/tests_login.yml
8b3abe 
index efa826d..e4f55ca 100644
8b3abe 
--- a/tests/tests_login.yml
8b3abe 
+++ b/tests/tests_login.yml
8b3abe 
@@ -1,5 +1,6 @@
8b3abe
8b3abe 
 - name: Check if selinux role sets SELinux login mappings
8b3abe 
+  tags: tests::tier1
8b3abe 
   hosts: all
8b3abe 
   become: true
8b3abe
8b3abe 
@@ -18,7 +19,7 @@
8b3abe 
           - { login: 'sar-user', seuser: 'staff_u', serange: 's0-s0:c0.c1023', state: 'present' }
8b3abe
8b3abe
8b3abe 
-    - include: set_selinux_variables.yml
8b3abe 
+    - import_tasks: set_selinux_variables.yml
8b3abe 
     - name: save state after initial changes and before other changes
8b3abe 
       set_fact:
8b3abe 
         login_before: "{{ selinux_role_login.stdout }}"
8b3abe 
diff --git a/tests/tests_port.yml b/tests/tests_port.yml
8b3abe 
index 446f79d..03276b5 100644
8b3abe 
--- a/tests/tests_port.yml
8b3abe 
+++ b/tests/tests_port.yml
8b3abe 
@@ -1,5 +1,6 @@
8b3abe
8b3abe 
 - name: Check if selinux role sets SELinux port mapping
8b3abe 
+  tags: tests::tier1
8b3abe 
   hosts: all
8b3abe 
   become: true
8b3abe
8b3abe 
@@ -29,7 +30,7 @@
8b3abe 
         selinux_ports:
8b3abe 
           - { ports: '22022', proto: 'tcp', setype: 'ssh_port_t', state: 'present' }
8b3abe
8b3abe 
-    - include: set_selinux_variables.yml
8b3abe 
+    - import_tasks: set_selinux_variables.yml
8b3abe 
     - name: save state after other changes
8b3abe 
       set_fact:
8b3abe 
         port_after: "{{ selinux_role_port.stdout }}"
8b3abe 
diff --git a/tests/tests_selinux_disabled.yml b/tests/tests_selinux_disabled.yml
8b3abe 
index afd23e4..d30de2b 100644
8b3abe 
--- a/tests/tests_selinux_disabled.yml
8b3abe 
+++ b/tests/tests_selinux_disabled.yml
8b3abe 
@@ -18,7 +19,9 @@
8b3abe 
         name:
8b3abe 
           - policycoreutils-python-utils
8b3abe 
         state: present
8b3abe 
-      when: ansible_distribution == "Fedora"
8b3abe 
+      when: ansible_distribution == "Fedora" or
8b3abe 
+        ( ansible_distribution_major_version > "7" and
8b3abe 
+          ( ansible_distribution == "CentOS" or ansible_distribution == "RedHat" ))
8b3abe
8b3abe 
     - name: Add a Linux System Roles SELinux User
8b3abe 
       user:
8b3abe 
@@ -67,17 +71,28 @@
8b3abe 
       assert:
8b3abe 
         that: "{{ ansible_selinux.config_mode == 'enforcing' }}"
8b3abe 
         msg: "SELinux config mode should be enforcing instead of {{ ansible_selinux.config_mode }}"
8b3abe 
-    - name: Restore original /etc/selinux/config
8b3abe 
-      copy:
8b3abe 
-        remote_src: true
8b3abe 
-        dest: /etc/selinux/config
8b3abe 
-        src: /etc/selinux/config.test_selinux_disabled
8b3abe 
-    - name: Remove /etc/selinux/config backup
8b3abe 
-      file:
8b3abe 
-        path: /etc/selinux/config.test_selinux_disabled
8b3abe 
-        state: absent
8b3abe 
-    - name: Remove Linux System Roles SELinux User
8b3abe 
-      user:
8b3abe 
-        name: sar-user
8b3abe 
-        remove: yes
8b3abe 
-        state: absent
8b3abe 
+
8b3abe 
+    - name: Cleanup
8b3abe 
+      tags: [ 'tests::cleanup' ]
8b3abe 
+      block:
8b3abe 
+        - name: Restore original /etc/selinux/config
8b3abe 
+          copy:
8b3abe 
+            remote_src: true
8b3abe 
+            dest: /etc/selinux/config
8b3abe 
+            src: /etc/selinux/config.test_selinux_disabled
8b3abe 
+
8b3abe 
+        - name: Remove /etc/selinux/config backup
8b3abe 
+          file:
8b3abe 
+            path: /etc/selinux/config.test_selinux_disabled
8b3abe 
+            state: absent
8b3abe 
+
8b3abe 
+        - name: Remove Linux System Roles SELinux User
8b3abe 
+          user:
8b3abe 
+            name: sar-user
8b3abe 
+            remove: yes
8b3abe 
+            state: absent
8b3abe 
+
8b3abe 
+        - import_role:
8b3abe 
+            name: selinux
8b3abe 
+          vars:
8b3abe 
+            selinux_all_purge: true

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation