6 files changed, 153 insertions, 2 deletions

diff --git a/spec/classes/tripleo_firewall_spec.rb b/spec/classes/tripleo_firewall_spec.rb
index aa5d1d7..27ac62a 100644
--- a/spec/classes/tripleo_firewall_spec.rb
+++ b/spec/classes/tripleo_firewall_spec.rb
@@ -51,7 +51,7 @@ describe 'tripleo::firewall' do
           :state   => ['NEW'],
         )
         is_expected.to contain_firewall('003 accept ssh').with(
-          :port   => '22',
+          :dport   => '22',
           :proto  => 'tcp',
           :action => 'accept',
           :state  => ['NEW'],
@@ -74,7 +74,9 @@ describe 'tripleo::firewall' do
           :firewall_rules => {
             '300 add custom application 1' => {'port' => '999', 'proto' => 'udp', 'action' => 'accept'},
             '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
-            '302 fwd custom cidr 1'        => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'}
+            '302 fwd custom cidr 1'        => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'},
+            '303 add custom application 3' => {'dport' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
+            '304 add custom application 4' => {'sport' => '1000', 'proto' => 'tcp', 'action' => 'accept'}
           }
         )
       end
@@ -95,6 +97,18 @@ describe 'tripleo::firewall' do
           :chain   => 'FORWARD',
           :destination  => '192.0.2.0/24',
         )
+        is_expected.to contain_firewall('303 add custom application 3').with(
+          :dport   => '8081',
+          :proto  => 'tcp',
+          :action => 'accept',
+          :state  => ['NEW'],
+        )
+        is_expected.to contain_firewall('304 add custom application 4').with(
+          :sport   => '1000',
+          :proto  => 'tcp',
+          :action => 'accept',
+          :state  => ['NEW'],
+        )
       end
     end
 
diff --git a/spec/classes/tripleo_selinux_spec.rb b/spec/classes/tripleo_selinux_spec.rb
new file mode 100644
index 0000000..301006b
--- /dev/null
+++ b/spec/classes/tripleo_selinux_spec.rb
@@ -0,0 +1,106 @@
+# Copyright (C) 2014 eNovance SAS <licensing@enovance.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Unit tests for tripleo::selinux
+#
+
+require 'spec_helper'
+
+describe 'tripleo::selinux' do
+
+  shared_examples_for 'manage selinux' do
+
+    context 'with selinux enforcing' do
+      before :each do
+        facts.merge!( :selinux_current_mode => 'enforcing' )
+      end
+
+      let :params do
+        { :mode       => 'disabled',
+          :booleans   => ['foo', 'bar'],
+          :modules    => ['module1', 'module2'],
+          :directory  => '/path/to/modules'}
+      end
+
+      it 'runs setenforce 0' do
+        is_expected.to contain_exec('/sbin/setenforce 0')
+      end
+
+      it 'enables the SELinux boolean' do
+        is_expected.to contain_selboolean('foo').with(
+          :persistent => true,
+          :value      => 'on',
+        )
+      end
+
+      it 'enables the SELinux modules' do
+        is_expected.to contain_selmodule('module1').with(
+          :ensure       => 'present',
+          :selmoduledir => '/path/to/modules',
+        )
+      end
+
+    end
+
+    context 'with selinux disabled' do
+      before :each do
+        facts.merge!( :selinux => 'false' )
+      end
+
+      let :params do
+        { :mode       => 'enforcing',
+          :booleans   => ['foo', 'bar'],
+          :modules    => ['module1', 'module2'],
+          :directory  => '/path/to/modules'}
+      end
+
+      it 'runs setenforce 1' do
+        is_expected.to contain_exec('/sbin/setenforce 1')
+      end
+
+      it 'enables the SELinux boolean' do
+        is_expected.to contain_selboolean('foo').with(
+          :persistent => true,
+          :value      => 'on',
+        )
+      end
+
+      it 'enables the SELinux modules' do
+        is_expected.to contain_selmodule('module1').with(
+          :ensure       => 'present',
+          :selmoduledir => '/path/to/modules',
+        )
+      end
+
+    end
+
+  end
+
+  context 'on Debian platforms' do
+    let :facts do
+      { :osfamily               => 'Debian' }
+    end
+
+    it_raises 'a Puppet::Error', /OS family unsuppored yet \(Debian\), SELinux support is only limited to RedHat family OS/
+  end
+
+  context 'on RedHat platforms' do
+    let :facts do
+      { :osfamily => 'RedHat' }
+    end
+
+    it_configures 'manage selinux'
+  end
+
+end
diff --git a/spec/fixtures/hiera.yaml b/spec/fixtures/hiera.yaml
new file mode 100644
index 0000000..1dc3360
--- /dev/null
+++ b/spec/fixtures/hiera.yaml
@@ -0,0 +1,7 @@
+---
+:backends:
+  - yaml
+:yaml:
+  :datadir: './spec/fixtures/hieradata'
+:hierarchy:
+  - default
diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml
new file mode 100644
index 0000000..0d0c944
--- /dev/null
+++ b/spec/fixtures/hieradata/default.yaml
@@ -0,0 +1,3 @@
+my_hash:
+  network: '127.0.0.1'
+not_hash: string
diff --git a/spec/functions/lookup_hiera_hash_spec.rb b/spec/functions/lookup_hiera_hash_spec.rb
new file mode 100644
index 0000000..ffaf8b5
--- /dev/null
+++ b/spec/functions/lookup_hiera_hash_spec.rb
@@ -0,0 +1,20 @@
+require 'spec_helper'
+require 'puppet'
+
+# puppet 4.0 call_function() has no visibility of 3.x functions and will fail anyway
+unless Puppet.version =~ /^4\.0/
+  describe 'lookup_hiera_hash' do
+    # working version
+    it { should run.with_params('my_hash', 'network').and_return('127.0.0.1') }
+    # raise if key does not exist
+    it { should run.with_params('my_hash', 'not_network').and_raise_error(Puppet::ParseError) }
+    # raise if hash value returned by hiera is not a hash
+    it { should run.with_params('not_hash', 'key').and_raise_error(Puppet::ParseError) }
+    # raise if arguments are not two
+    it { should run.with_params('hash', 'key', 'unexpected').and_raise_error(ArgumentError) }
+    it { should run.with_params('hash').and_raise_error(ArgumentError) }
+    # raise if arguments are not strings
+    it { should run.with_params({}, 'key').and_raise_error(Puppet::ParseError) }
+    it { should run.with_params('hash', true).and_raise_error(Puppet::ParseError) }
+  end
+end
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 15d5eab..251160e 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -6,6 +6,7 @@ fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures'))
 RSpec.configure do |c|
   c.alias_it_should_behave_like_to :it_configures, 'configures'
   c.alias_it_should_behave_like_to :it_raises, 'raises'
+  c.hiera_config = File.join(fixture_path, 'hiera.yaml')
   c.module_path = File.join(fixture_path, 'modules')
   c.manifest_dir = File.join(fixture_path, 'manifests')