Fix puppet resource acceptance tests

The dport/sport test needs iptables-persistent pre-installed in order
for the iptables_persistent_version fact to work.

This commit also changes the test to create the rule with a comment and
with the default protocol so that the puppet resource command is
checking the existence of a resource and not creating a new one or
altering an existing one.

After those changes, checking stderr still fails because of puppet's
deprecation warnings. This commit fixes puppet.conf to avoid the
warnings so that we can actually check stderr. With that accomplished I
added checks for stderr to the other puppet resource tests since they
should now be reliable.

diff --git a/spec/acceptance/resource_cmd_spec.rb b/spec/acceptance/resource_cmd_spec.rb
index 20b6b15e8540780228dc4e29e3131b0c65a7ae7e..5359a17f0e04ec7f26e6075aa0330e29e072eb0c 100644 (file)
--- a/spec/acceptance/resource_cmd_spec.rb
+++ b/spec/acceptance/resource_cmd_spec.rb
@@ -4,12 +4,18 @@ require 'spec_helper_acceptance'
 # existing ruleset scenarios. This will give the parsing capabilities of the
 # code a good work out.
 describe 'puppet resource firewall command:', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+  before(:all) do
+    # In order to properly check stderr for anomalies we need to fix the deprecation warnings from puppet.conf.
+    config = shell('puppet config print config').stdout
+    shell("sed -i -e \'s/^templatedir.*$//\' #{config}")
+  end
+
   context 'make sure it returns no errors when executed on a clean machine' do
     it do
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, some boxes come with rules, that is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -38,7 +44,7 @@ describe 'puppet resource firewall command:', :unless => UNSUPPORTED_PLATFORMS.i
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, testing preexisting rules, output is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -53,7 +59,7 @@ describe 'puppet resource firewall command:', :unless => UNSUPPORTED_PLATFORMS.i
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, testing preexisting rules, output is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -70,7 +76,7 @@ describe 'puppet resource firewall command:', :unless => UNSUPPORTED_PLATFORMS.i
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, testing preexisting rules, output is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -85,7 +91,7 @@ describe 'puppet resource firewall command:', :unless => UNSUPPORTED_PLATFORMS.i
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, testing preexisting rules, output is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -103,7 +109,7 @@ describe 'puppet resource firewall command:', :unless => UNSUPPORTED_PLATFORMS.i
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, testing preexisting rules, output is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -122,7 +128,7 @@ describe 'puppet resource firewall command:', :unless => UNSUPPORTED_PLATFORMS.i
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, testing preexisting rules, output is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -132,8 +138,13 @@ describe 'puppet resource firewall command:', :unless => UNSUPPORTED_PLATFORMS.i
   if default['platform'] !~ /el-5/
     context 'dport/sport with ip6tables' do
       before :all do
+        if fact('osfamily') == 'Debian'
+          shell('echo "iptables-persistent iptables-persistent/autosave_v4 boolean false" | debconf-set-selections')
+          shell('echo "iptables-persistent iptables-persistent/autosave_v6 boolean false" | debconf-set-selections')
+          shell('apt-get install iptables-persistent -y')
+        end
         ip6tables_flush_all_tables
-        shell('ip6tables -A INPUT -d fe80::/64 -p udp -m udp --dport 546 --sport 547 -j ACCEPT')
+        shell('ip6tables -A INPUT -d fe80::/64 -p tcp -m tcp --dport 546 --sport 547 -j ACCEPT -m comment --comment 000-foobar')
       end
       it do
         shell('puppet resource firewall \'000-foobar\' provider=ip6tables') do |r|