diff --git a/spec/default_module_facts.yml b/spec/default_module_facts.yml index 5b9d0daf..914dbea7 100644 --- a/spec/default_module_facts.yml +++ b/spec/default_module_facts.yml @@ -5,3 +5,5 @@ operatingsystemmajrelease: '7' # concat facts id: 0 path: /tmp +# custom fact for module building: +selinux_agent_vardir: /var/lib/puppet diff --git a/spec/defines/selinux_module_spec.rb b/spec/defines/selinux_module_spec.rb index 5139f7c6..79d9cc29 100644 --- a/spec/defines/selinux_module_spec.rb +++ b/spec/defines/selinux_module_spec.rb @@ -8,56 +8,111 @@ let(:facts) do facts end + let(:workdir) do + '/var/lib/puppet/puppet-selinux/modules/mymodule' + end context 'ordering' do let(:params) do { - source: 'puppet:///modules/mymodule/selinux/mymodule.te' + source_te: 'puppet:///modules/mymodule/selinux/mymodule.te' } end it { is_expected.to contain_selinux__module('mymodule').that_requires('Anchor[selinux::module pre]') } it { is_expected.to contain_selinux__module('mymodule').that_comes_before('Anchor[selinux::module post]') } end - context 'present case' do + context 'present case with refpolicy' do let(:params) do { - source: 'puppet:///modules/mymodule/selinux/mymodule.te' + source_te: 'puppet:///modules/mymodule/selinux/mymodule.te', + builder: 'refpolicy' } end - it do - is_expected.to contain_file('/usr/share/selinux/mymodule.te').that_notifies('Exec[/usr/share/selinux/mymodule.pp]') - is_expected.to contain_exec('/usr/share/selinux/mymodule.pp').with(command: 'make -f /usr/share/selinux/devel/Makefile mymodule.pp') - is_expected.to contain_selmodule('mymodule').with_ensure('present') + it { is_expected.to contain_file(workdir) } + it { is_expected.to contain_file("#{workdir}/mymodule.te").that_notifies('Exec[clean-module-mymodule]') } + it { is_expected.to contain_exec('clean-module-mymodule').with(command: "rm -f 'mymodule.pp' loaded", cwd: workdir) } + it { is_expected.to contain_exec('build-module-mymodule').with(command: 'make -f /usr/share/selinux/devel/Makefile mymodule.pp || (rm -f mymodule.pp loaded && exit 1)', creates: "#{workdir}/mymodule.pp") } + it { is_expected.to contain_exec('install-module-mymodule').with(command: 'semodule -i mymodule.pp && touch loaded', cwd: workdir, creates: "#{workdir}/loaded") } + it { is_expected.to contain_selmodule('mymodule').with_ensure('present', selmodulepath: "#{workdir}/module.pp") } + end + + context 'present case with refpolicy' do + let(:params) do + { + source_if: 'puppet:///modules/mymodule/selinux/mymodule.if', + source_fc: 'puppet:///modules/mymodule/selinux/mymodule.fc', + builder: 'refpolicy' + } end + + it { is_expected.to contain_file(workdir) } + it { is_expected.to contain_file("#{workdir}/mymodule.if").that_notifies('Exec[clean-module-mymodule]') } + it { is_expected.to contain_file("#{workdir}/mymodule.fc").that_notifies('Exec[clean-module-mymodule]') } + it { is_expected.to contain_exec('clean-module-mymodule').with(command: "rm -f 'mymodule.pp' loaded", cwd: workdir) } + it { is_expected.to contain_exec('build-module-mymodule').with(command: 'make -f /usr/share/selinux/devel/Makefile mymodule.pp || (rm -f mymodule.pp loaded && exit 1)', creates: "#{workdir}/mymodule.pp") } + it { is_expected.to contain_exec('install-module-mymodule').with(command: 'semodule -i mymodule.pp && touch loaded', cwd: workdir, creates: "#{workdir}/loaded") } + it { is_expected.to contain_selmodule('mymodule').with_ensure('present', selmodulepath: "#{workdir}/module.pp") } end - context 'present case and prefix set' do + context 'present case with refpolicy' do let(:params) do { - source: 'puppet:///modules/mymodule/selinux/mymodule.te', - prefix: 'local_' + source_te: 'puppet:///modules/mymodule/selinux/mymodule.te', + source_if: 'puppet:///modules/mymodule/selinux/mymodule.if', + source_fc: 'puppet:///modules/mymodule/selinux/mymodule.fc', + builder: 'refpolicy' } end - it do - is_expected.to contain_file('/usr/share/selinux/local_mymodule.te').that_notifies('Exec[/usr/share/selinux/local_mymodule.pp]') - is_expected.to contain_exec('/usr/share/selinux/local_mymodule.pp').with(command: 'make -f /usr/share/selinux/devel/Makefile local_mymodule.pp') - is_expected.to contain_selmodule('mymodule').with_ensure('present') + it { is_expected.to contain_file(workdir) } + it { is_expected.to contain_file("#{workdir}/mymodule.te").that_notifies('Exec[clean-module-mymodule]') } + it { is_expected.to contain_file("#{workdir}/mymodule.if").that_notifies('Exec[clean-module-mymodule]') } + it { is_expected.to contain_file("#{workdir}/mymodule.fc").that_notifies('Exec[clean-module-mymodule]') } + it { is_expected.to contain_exec('clean-module-mymodule').with(command: "rm -f 'mymodule.pp' loaded", cwd: workdir) } + it { is_expected.to contain_exec('build-module-mymodule').with(command: 'make -f /usr/share/selinux/devel/Makefile mymodule.pp || (rm -f mymodule.pp loaded && exit 1)', creates: "#{workdir}/mymodule.pp") } + it { is_expected.to contain_exec('install-module-mymodule').with(command: 'semodule -i mymodule.pp && touch loaded', cwd: workdir, creates: "#{workdir}/loaded") } + it { is_expected.to contain_selmodule('mymodule').with_ensure('present', selmodulepath: "#{workdir}/module.pp") } + end + + context 'present case with simple builder' do + let(:params) do + { + source_te: 'puppet:///modules/mymodule/selinux/mymodule.te', + builder: 'simple' + } end + + it { is_expected.to contain_file(workdir) } + it { is_expected.to contain_file("#{workdir}/mymodule.te").that_notifies('Exec[clean-module-mymodule]') } + it { is_expected.to contain_exec('clean-module-mymodule').with(command: "rm -f 'mymodule.pp' loaded", cwd: workdir) } + it { is_expected.to contain_exec('build-module-mymodule').with(command: '/var/lib/puppet/puppet-selinux/modules/selinux_build_module.sh mymodule || (rm -f mymodule.pp loaded && exit 1)', creates: "#{workdir}/mymodule.pp") } + it { is_expected.to contain_exec('install-module-mymodule').with(command: 'semodule -i mymodule.pp && touch loaded', cwd: workdir, creates: "#{workdir}/loaded") } + it { is_expected.to contain_selmodule('mymodule').with_ensure('present', selmodulepath: "#{workdir}/module.pp") } end - context 'absent case' do + context 'unsupported source with simple builder' do let(:params) do { - ensure: 'absent' + source_if: 'puppet:///modules/mymodule/selinux/mymodule.te', + builder: 'simple' } end it do - is_expected.to contain_selmodule('mymodule').with_ensure('absent') + is_expected.to raise_error(Puppet::Error, %r{simple builder does not support}) + end + end + context 'absent case' do + let(:params) do + { + ensure: 'absent' + } end + + it { is_expected.to contain_selmodule('mymodule').with_ensure('absent') } + it { is_expected.not_to contain_file(workdir) } end end end