summaryrefslogtreecommitdiffstats
path: root/tests/functional/glusterd/test_glusterd_selinux.py
blob: 1790780bc22fee88cf839e2c4acc68e9e9ec8a1d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#  Copyright (C) 2020 Red Hat, Inc. <http://www.redhat.com>
#
#  This program is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2 of the License, or
#  any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License along
#  with this program; if not, write to the Free Software Foundation, Inc.,
#  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

"""
    Description:
    Test Cases in this module tests Gluster against SELinux Labels and Policies
"""

import pytest
from glusto.core import Glusto as g
from glustolibs.gluster.gluster_base_class import GlusterBaseClass
from glustolibs.gluster.glusterfile import file_exists


class TestGlusterAgainstSELinux(GlusterBaseClass):
    """Glusterd checks against SELinux Labels and Policies
    """

    @staticmethod
    def run_cmd(host, cmd, opts='', operate_on=''):
        if opts:
            opts = '-'+opts
        command = "{} {} {}".format(cmd, opts, operate_on)
        rcode, rout, rerr = g.run(host, command)
        if not rcode:
            return True, rout

        g.log.error("On '%s', '%s' returned '%s'", host, command, rerr)
        return False, rout

    @pytest.mark.test_selinux_label
    def test_selinux_label(self):
        """
        TestCase:
        1. Check the existence of '/usr/lib/firewalld/services/glusterfs.xml'
        2. Validate the owner of this file as 'glusterfs-server'
        3. Validate SELinux label context as 'system_u:object_r:lib_t:s0'
        """

        fqpath = '/usr/lib/firewalld/services/glusterfs.xml'

        for server in self.all_servers_info:
            # Check existence of xml file
            self.assertTrue(file_exists(server, fqpath), "Failed to verify "
                            "existence of '{}' in {} ".format(fqpath, server))
            g.log.info("Validated the existence of required xml file")

            # Check owner of xml file
            status, result = self.run_cmd(server, 'rpm', 'qf', fqpath)
            self.assertTrue(status, "Fail: Not able to find owner for {} on "
                            "{}".format(fqpath, server))
            exp_str = 'glusterfs-server'
            self.assertIn(exp_str, result, "Fail: Owner of {} should be "
                          "{} on {}".format(fqpath, exp_str, server))

            # Validate SELinux label
            status, result = self.run_cmd(server, 'ls', 'lZ', fqpath)
            self.assertTrue(status, "Fail: Not able to find SELinux label "
                            "for {} on {}".format(fqpath, server))
            exp_str = 'system_u:object_r:lib_t:s0'
            self.assertIn(exp_str, result, "Fail: SELinux label on {}"
                          "should be {} on {}".format(fqpath, exp_str, server))