1

Could anyone advise how I can write a chefspec test for the following recipe code please? 

  {'tomcat_exec_t' => '/apps/.*/bin(/.*)?',
  'tomcat_unit_file_t' => '/usr/lib/systemd/system/tomcat@.*.service',
  'tomcat_cache_t' => '/apps/.*/temp(/.*)?',
  'tomcat_cache_t' => '/apps/.*/work(/.*)?',
  'etc_t' => '/apps/.*/conf(/.*)?',
  'tomcat_log_t' => '/apps/.*/logs(/.*)?',
  'tomcat_var_run_t' => '/apps/.*/logs/tomcat.pid',
  'lib_t' => '/apps/.*/lib(/.*)?',
  'tomcat_var_lib_t' => '/apps/.*/webapps(/.*)?'}.each do |sc, f|
    selinux_policy_fcontext f do
      secontext sc
    end
  end

I've tried a couple of things like below but I guess this fails because the execute is carried out by the selinux_policy cookbook. 

expect(chef_run).to run_execute('selinux-fcontext-tomcat_exec_t-addormodify')
  end

and this fails because there is no method defined:

expect(chef_run).to create_selinux-fcontext('selinux-fcontext-tomcat_exec_t-addormodify').with(
      fspec: '/apps/.*/bin(/.*)?',
      secontext: 'fcontext'
    )

So I'm not really sure what else can be done.

Any help would be really appreciated.

Thanks,

Edward

Edward
  • 33
  • 8

1 Answers1

0

You may have to write your own matchers depending on whether or not the selinux cookbook provides them for you. Check in the libraries directory.

In either case, you would want

expect(chef_run).to create_selinux_policy_fcontext('selinux-fcontext-tomcat_exec_t-addormodify').with(
  fspec: '/apps/.*/bin(/.*)?',
  secontext: 'fcontext'
end

I'm assuming that the default action is create, otherwise you'd replace create with the appropriate action

Tejay Cardon
  • 4,193
  • 2
  • 16
  • 31
  • Thanks Tejay, I literally just realised :) https://github.com/BackSlasher/chef-selinuxpolicy/blob/master/libraries/matchers.rb – Edward Aug 13 '15 at 13:56