Add spec tests for the module build functionality

voxpupuli · Feb 4, 2017 · 292981a · 292981a
1 parent 016102c
commit 292981a
Show file tree

Hide file tree

Showing 2 changed files with 74 additions and 17 deletions.
diff --git a/spec/default_module_facts.yml b/spec/default_module_facts.yml
@@ -5,3 +5,5 @@ operatingsystemmajrelease: '7'
 # concat facts
 id: 0
 path: /tmp
+# custom fact for module building:
+selinux_agent_vardir: /var/lib/puppet
diff --git a/spec/defines/selinux_module_spec.rb b/spec/defines/selinux_module_spec.rb
@@ -8,56 +8,111 @@
       let(:facts) do
         facts
       end
+      let(:workdir) do
+        '/var/lib/puppet/puppet-selinux/modules/mymodule'
+      end
 
       context 'ordering' do
         let(:params) do
           {
-            source: 'puppet:///modules/mymodule/selinux/mymodule.te'
+            source_te: 'puppet:///modules/mymodule/selinux/mymodule.te'
           }
         end
         it { is_expected.to contain_selinux__module('mymodule').that_requires('Anchor[selinux::module pre]') }
         it { is_expected.to contain_selinux__module('mymodule').that_comes_before('Anchor[selinux::module post]') }
       end
 
-      context 'present case' do
+      context 'present case with refpolicy' do
         let(:params) do
           {
-            source: 'puppet:///modules/mymodule/selinux/mymodule.te'
+            source_te: 'puppet:///modules/mymodule/selinux/mymodule.te',
+            builder: 'refpolicy'
           }
         end
 
-        it do
-          is_expected.to contain_file('/usr/share/selinux/mymodule.te').that_notifies('Exec[/usr/share/selinux/mymodule.pp]')
-          is_expected.to contain_exec('/usr/share/selinux/mymodule.pp').with(command: 'make -f /usr/share/selinux/devel/Makefile mymodule.pp')
-          is_expected.to contain_selmodule('mymodule').with_ensure('present')
+        it { is_expected.to contain_file(workdir) }
+        it { is_expected.to contain_file("#{workdir}/mymodule.te").that_notifies('Exec[clean-module-mymodule]') }
+        it { is_expected.to contain_exec('clean-module-mymodule').with(command: "rm -f 'mymodule.pp' loaded", cwd: workdir) }
+        it { is_expected.to contain_exec('build-module-mymodule').with(command: 'make -f /usr/share/selinux/devel/Makefile mymodule.pp || (rm -f mymodule.pp loaded && exit 1)', creates: "#{workdir}/mymodule.pp") }
+        it { is_expected.to contain_exec('install-module-mymodule').with(command: 'semodule -i mymodule.pp && touch loaded', cwd: workdir, creates: "#{workdir}/loaded") }
+        it { is_expected.to contain_selmodule('mymodule').with_ensure('present', selmodulepath: "#{workdir}/module.pp") }
+      end
+
+      context 'present case with refpolicy' do
+        let(:params) do
+          {
+            source_if: 'puppet:///modules/mymodule/selinux/mymodule.if',
+            source_fc: 'puppet:///modules/mymodule/selinux/mymodule.fc',
+            builder: 'refpolicy'
+          }
         end
+
+        it { is_expected.to contain_file(workdir) }
+        it { is_expected.to contain_file("#{workdir}/mymodule.if").that_notifies('Exec[clean-module-mymodule]') }
+        it { is_expected.to contain_file("#{workdir}/mymodule.fc").that_notifies('Exec[clean-module-mymodule]') }
+        it { is_expected.to contain_exec('clean-module-mymodule').with(command: "rm -f 'mymodule.pp' loaded", cwd: workdir) }
+        it { is_expected.to contain_exec('build-module-mymodule').with(command: 'make -f /usr/share/selinux/devel/Makefile mymodule.pp || (rm -f mymodule.pp loaded && exit 1)', creates: "#{workdir}/mymodule.pp") }
+        it { is_expected.to contain_exec('install-module-mymodule').with(command: 'semodule -i mymodule.pp && touch loaded', cwd: workdir, creates: "#{workdir}/loaded") }
+        it { is_expected.to contain_selmodule('mymodule').with_ensure('present', selmodulepath: "#{workdir}/module.pp") }
       end
 
-      context 'present case and prefix set' do
+      context 'present case with refpolicy' do
         let(:params) do
           {
-            source: 'puppet:///modules/mymodule/selinux/mymodule.te',
-            prefix: 'local_'
+            source_te: 'puppet:///modules/mymodule/selinux/mymodule.te',
+            source_if: 'puppet:///modules/mymodule/selinux/mymodule.if',
+            source_fc: 'puppet:///modules/mymodule/selinux/mymodule.fc',
+            builder: 'refpolicy'
           }
         end
 
-        it do
-          is_expected.to contain_file('/usr/share/selinux/local_mymodule.te').that_notifies('Exec[/usr/share/selinux/local_mymodule.pp]')
-          is_expected.to contain_exec('/usr/share/selinux/local_mymodule.pp').with(command: 'make -f /usr/share/selinux/devel/Makefile local_mymodule.pp')
-          is_expected.to contain_selmodule('mymodule').with_ensure('present')
+        it { is_expected.to contain_file(workdir) }
+        it { is_expected.to contain_file("#{workdir}/mymodule.te").that_notifies('Exec[clean-module-mymodule]') }
+        it { is_expected.to contain_file("#{workdir}/mymodule.if").that_notifies('Exec[clean-module-mymodule]') }
+        it { is_expected.to contain_file("#{workdir}/mymodule.fc").that_notifies('Exec[clean-module-mymodule]') }
+        it { is_expected.to contain_exec('clean-module-mymodule').with(command: "rm -f 'mymodule.pp' loaded", cwd: workdir) }
+        it { is_expected.to contain_exec('build-module-mymodule').with(command: 'make -f /usr/share/selinux/devel/Makefile mymodule.pp || (rm -f mymodule.pp loaded && exit 1)', creates: "#{workdir}/mymodule.pp") }
+        it { is_expected.to contain_exec('install-module-mymodule').with(command: 'semodule -i mymodule.pp && touch loaded', cwd: workdir, creates: "#{workdir}/loaded") }
+        it { is_expected.to contain_selmodule('mymodule').with_ensure('present', selmodulepath: "#{workdir}/module.pp") }
+      end
+
+      context 'present case with simple builder' do
+        let(:params) do
+          {
+            source_te: 'puppet:///modules/mymodule/selinux/mymodule.te',
+            builder: 'simple'
+          }
         end
+
+        it { is_expected.to contain_file(workdir) }
+        it { is_expected.to contain_file("#{workdir}/mymodule.te").that_notifies('Exec[clean-module-mymodule]') }
+        it { is_expected.to contain_exec('clean-module-mymodule').with(command: "rm -f 'mymodule.pp' loaded", cwd: workdir) }
+        it { is_expected.to contain_exec('build-module-mymodule').with(command: '/var/lib/puppet/puppet-selinux/modules/selinux_build_module.sh mymodule || (rm -f mymodule.pp loaded && exit 1)', creates: "#{workdir}/mymodule.pp") }
+        it { is_expected.to contain_exec('install-module-mymodule').with(command: 'semodule -i mymodule.pp && touch loaded', cwd: workdir, creates: "#{workdir}/loaded") }
+        it { is_expected.to contain_selmodule('mymodule').with_ensure('present', selmodulepath: "#{workdir}/module.pp") }
       end
 
-      context 'absent case' do
+      context 'unsupported source with simple builder' do
         let(:params) do
           {
-            ensure: 'absent'
+            source_if: 'puppet:///modules/mymodule/selinux/mymodule.te',
+            builder: 'simple'
           }
         end
 
         it do
-          is_expected.to contain_selmodule('mymodule').with_ensure('absent')
+          is_expected.to raise_error(Puppet::Error, %r{simple builder does not support})
+        end
+      end
+      context 'absent case' do
+        let(:params) do
+          {
+            ensure: 'absent'
+          }
         end
+
+        it { is_expected.to contain_selmodule('mymodule').with_ensure('absent') }
+        it { is_expected.not_to contain_file(workdir) }
       end
     end
   end