From 8e533aaf447022c62865130f2ffc88690f06aef1 Mon Sep 17 00:00:00 2001 From: James Slagle Date: Fri, 22 Apr 2016 09:30:38 -0400 Subject: Add tripleo::selinux Adds a class to configure SELinux. The code is taken from puppet-openstack-cloud: https://github.com/redhat-cip/puppet-openstack-cloud This allows to share the same code for usage by both the Undercloud and Overcloud. Co-Authored By: Emilien Macchi Co-Authored By: Yanis Guenane blueprint undercloud-elements Change-Id: If214005df733d41c2fa4e197df247d8a14baaa14 --- spec/classes/tripleo_selinux_spec.rb | 106 +++++++++++++++++++++++++++++++++++ 1 file changed, 106 insertions(+) create mode 100644 spec/classes/tripleo_selinux_spec.rb (limited to 'spec') diff --git a/spec/classes/tripleo_selinux_spec.rb b/spec/classes/tripleo_selinux_spec.rb new file mode 100644 index 0000000..301006b --- /dev/null +++ b/spec/classes/tripleo_selinux_spec.rb @@ -0,0 +1,106 @@ +# Copyright (C) 2014 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for tripleo::selinux +# + +require 'spec_helper' + +describe 'tripleo::selinux' do + + shared_examples_for 'manage selinux' do + + context 'with selinux enforcing' do + before :each do + facts.merge!( :selinux_current_mode => 'enforcing' ) + end + + let :params do + { :mode => 'disabled', + :booleans => ['foo', 'bar'], + :modules => ['module1', 'module2'], + :directory => '/path/to/modules'} + end + + it 'runs setenforce 0' do + is_expected.to contain_exec('/sbin/setenforce 0') + end + + it 'enables the SELinux boolean' do + is_expected.to contain_selboolean('foo').with( + :persistent => true, + :value => 'on', + ) + end + + it 'enables the SELinux modules' do + is_expected.to contain_selmodule('module1').with( + :ensure => 'present', + :selmoduledir => '/path/to/modules', + ) + end + + end + + context 'with selinux disabled' do + before :each do + facts.merge!( :selinux => 'false' ) + end + + let :params do + { :mode => 'enforcing', + :booleans => ['foo', 'bar'], + :modules => ['module1', 'module2'], + :directory => '/path/to/modules'} + end + + it 'runs setenforce 1' do + is_expected.to contain_exec('/sbin/setenforce 1') + end + + it 'enables the SELinux boolean' do + is_expected.to contain_selboolean('foo').with( + :persistent => true, + :value => 'on', + ) + end + + it 'enables the SELinux modules' do + is_expected.to contain_selmodule('module1').with( + :ensure => 'present', + :selmoduledir => '/path/to/modules', + ) + end + + end + + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + it_raises 'a Puppet::Error', /OS family unsuppored yet \(Debian\), SELinux support is only limited to RedHat family OS/ + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'manage selinux' + end + +end -- cgit 1.2.3-korg