From 147b778431a8fe8775278b315bfc7a84a50d43b2 Mon Sep 17 00:00:00 2001
From: Jarkko Oranen <oranenj@iki.fi>
Date: Sat, 4 Feb 2017 20:03:28 +0200
Subject: [PATCH] Fix the acceptance tests

---
 spec/acceptance/class_spec.rb | 51 ++++++++++++++++++++++++++++-------
 1 file changed, 41 insertions(+), 10 deletions(-)

diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb
index 8c00345b..63fc836d 100644
--- a/spec/acceptance/class_spec.rb
+++ b/spec/acceptance/class_spec.rb
@@ -15,12 +15,44 @@ class { 'selinux': mode => 'enforcing' }
         protocol => 'tcp',
       }
 
-      # with puppet4 I would use a HERE DOC to make this pretty,
-      # but with puppet3 it's not possible.
+      # just something simple I found via Google:
+      file {'/tmp/selinux_simple_policy.te':
+        ensure  => 'file',
+        content => @("EOF")
+        module puppet_selinux_simple_policy 1.0;
+        require {
+            type httpd_log_t;
+            type postfix_postdrop_t;
+            class dir getattr;
+            class file { read getattr };
+        }
+        allow postfix_postdrop_t httpd_log_t:file getattr;
+        | EOF
+      }
+
+      file {'/tmp/selinux_test_policy.te':
+        ensure  => 'file',
+        content => @("EOF")
+        policy_module(puppet_selinux_test_policy, 1.0.0)
+        gen_tunable(puppet_selinux_test_policy_bool, false)
+        type puppet_selinux_test_policy_t;
+        type puppet_selinux_test_policy_exec_t;
+        init_daemon_domain(puppet_selinux_test_policy_t, puppet_selinux_test_policy_exec_t)
+        type puppet_selinux_test_policy_port_t;
+        corenet_port(puppet_selinux_test_policy_port_t)
+        | EOF
+      }
+
+      selinux::module { 'puppet_selinux_simple_policy':
+        source_te => 'file:///tmp/selinux_simple_policy.te',
+        builder   => 'simple',
+        require   => File['/tmp/selinux_simple_policy.te']
+      }
+
       selinux::module { 'puppet_selinux_test_policy':
-        content => "policy_module(puppet_selinux_test_policy, 1.0.0)\ngen_tunable(puppet_selinux_test_policy_bool, false)\ntype puppet_selinux_test_policy_t;\ntype puppet_selinux_test_policy_exec_t;\ninit_daemon_domain(puppet_selinux_test_policy_t, puppet_selinux_test_policy_exec_t)\ntype puppet_selinux_test_policy_port_t;\ncorenet_port(puppet_selinux_test_policy_port_t)\n",
-        prefix => '',
-        syncversion => undef,
+        source_te   => 'file:///tmp/selinux_test_policy.te',
+        builder     => 'refpolicy',
+        require     => File['/tmp/selinux_test_policy.te']
       }
 
       Class['selinux'] ->
@@ -76,14 +108,13 @@ class { 'selinux': mode => 'enforcing' }
     its(:stdout) { is_expected.to match(%r{^Enforcing$}) }
   end
 
-  context 'the test module source should exist and the module should be loaded' do
-    describe file('/usr/share/selinux/puppet_selinux_test_policy.te') do
-      it { is_expected.to be_file }
-    end
-
+  context 'the compiled modules should be loaded' do
     describe command('semodule -l | grep puppet_selinux_test_policy') do
       its(:stdout) { is_expected.to match(%r{puppet_selinux_test_policy}) }
     end
+    describe command('semodule -l | grep puppet_selinux_simple_policy') do
+      its(:stdout) { is_expected.to match(%r{puppet_selinux_simple_policy}) }
+    end
   end
 
   context 'the test file should have the specified file context' do