diff --git a/lib/ansible/module_utils/facts/system/selinux.py b/lib/ansible/module_utils/facts/system/selinux.py index e9b166f1ce..c3f88fa979 100644 --- a/lib/ansible/module_utils/facts/system/selinux.py +++ b/lib/ansible/module_utils/facts/system/selinux.py @@ -26,9 +26,11 @@ try: except ImportError: HAVE_SELINUX = False -SELINUX_MODE_DICT = {1: 'enforcing', - 0: 'permissive', - -1: 'disabled'} +SELINUX_MODE_DICT = { + 1: 'enforcing', + 0: 'permissive', + -1: 'disabled' +} class SelinuxFactCollector(BaseFactCollector): @@ -39,17 +41,20 @@ class SelinuxFactCollector(BaseFactCollector): facts_dict = {} selinux_facts = {} - # This is weird. The value of the facts 'selinux' key can be False or a dict + # If selinux library is missing, only set the status and selinux_python_present since + # there is no way to tell if SELinux is enabled or disabled on the system + # without the library. if not HAVE_SELINUX: - facts_dict['selinux'] = False + selinux_facts['status'] = 'Missing selinux Python library' + facts_dict['selinux'] = selinux_facts facts_dict['selinux_python_present'] = False return facts_dict + # Set a boolean for testing whether the Python library is present facts_dict['selinux_python_present'] = True if not selinux.is_selinux_enabled(): selinux_facts['status'] = 'disabled' - # NOTE: this could just return in the above clause and the rest of this is up an indent -akl else: selinux_facts['status'] = 'enabled' diff --git a/test/units/module_utils/facts/test_collectors.py b/test/units/module_utils/facts/test_collectors.py index 4e00b40c03..6311934c3b 100644 --- a/test/units/module_utils/facts/test_collectors.py +++ b/test/units/module_utils/facts/test_collectors.py @@ -278,7 +278,7 @@ class TestSelinuxFacts(BaseFactsTest): fact_collector = self.collector_class() facts_dict = fact_collector.collect(module=module) self.assertIsInstance(facts_dict, dict) - self.assertFalse(facts_dict['selinux']) + self.assertEqual(facts_dict['selinux']['status'], 'Missing selinux Python library') return facts_dict