From 71e05400167459c40683b87479ec96496a5d3570 Mon Sep 17 00:00:00 2001
From: Sam Doran <sdoran@ansible.com>
Date: Thu, 5 Oct 2017 09:19:08 -0400
Subject: [PATCH] Make ansible_selinux facts a consistent type (#31065)

* Make ansible_selinux facts a consistent type

Rather than returning a bool if the Python library is missing, return a dict with one key containing a message explaining there is no way to tell the status of SELinux on the system becasue the Python library is not present.

* Fix unit test

(cherry picked from commit e7902d888c2b42b5834328200fcfbf94484219cd)
---
 .../module_utils/facts/system/selinux.py        | 17 +++++++++++------
 .../units/module_utils/facts/test_collectors.py |  2 +-
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/lib/ansible/module_utils/facts/system/selinux.py b/lib/ansible/module_utils/facts/system/selinux.py
index e9b166f1ce..c3f88fa979 100644
--- a/lib/ansible/module_utils/facts/system/selinux.py
+++ b/lib/ansible/module_utils/facts/system/selinux.py
@@ -26,9 +26,11 @@ try:
 except ImportError:
     HAVE_SELINUX = False
 
-SELINUX_MODE_DICT = {1: 'enforcing',
-                     0: 'permissive',
-                     -1: 'disabled'}
+SELINUX_MODE_DICT = {
+    1: 'enforcing',
+    0: 'permissive',
+    -1: 'disabled'
+}
 
 
 class SelinuxFactCollector(BaseFactCollector):
@@ -39,17 +41,20 @@ class SelinuxFactCollector(BaseFactCollector):
         facts_dict = {}
         selinux_facts = {}
 
-        # This is weird. The value of the facts 'selinux' key can be False or a dict
+        # If selinux library is missing, only set the status and selinux_python_present since
+        # there is no way to tell if SELinux is enabled or disabled on the system
+        # without the library.
         if not HAVE_SELINUX:
-            facts_dict['selinux'] = False
+            selinux_facts['status'] = 'Missing selinux Python library'
+            facts_dict['selinux'] = selinux_facts
             facts_dict['selinux_python_present'] = False
             return facts_dict
 
+        # Set a boolean for testing whether the Python library is present
         facts_dict['selinux_python_present'] = True
 
         if not selinux.is_selinux_enabled():
             selinux_facts['status'] = 'disabled'
-        # NOTE: this could just return in the above clause and the rest of this is up an indent -akl
         else:
             selinux_facts['status'] = 'enabled'
 
diff --git a/test/units/module_utils/facts/test_collectors.py b/test/units/module_utils/facts/test_collectors.py
index 4e00b40c03..6311934c3b 100644
--- a/test/units/module_utils/facts/test_collectors.py
+++ b/test/units/module_utils/facts/test_collectors.py
@@ -278,7 +278,7 @@ class TestSelinuxFacts(BaseFactsTest):
             fact_collector = self.collector_class()
             facts_dict = fact_collector.collect(module=module)
             self.assertIsInstance(facts_dict, dict)
-            self.assertFalse(facts_dict['selinux'])
+            self.assertEqual(facts_dict['selinux']['status'], 'Missing selinux Python library')
             return facts_dict