From d0f4c84879d6d305303fd232ff96bd2a7580e8ad Mon Sep 17 00:00:00 2001
From: Colleen Murphy <colleen@puppetlabs.com>
Date: Tue, 30 Dec 2014 12:46:55 -0800
Subject: [PATCH] Fix puppet resource acceptance tests

The dport/sport test needs iptables-persistent pre-installed in order
for the iptables_persistent_version fact to work.

This commit also changes the test to create the rule with a comment and
with the default protocol so that the puppet resource command is
checking the existence of a resource and not creating a new one or
altering an existing one.

After those changes, checking stderr still fails because of puppet's
deprecation warnings. This commit fixes puppet.conf to avoid the
warnings so that we can actually check stderr. With that accomplished I
added checks for stderr to the other puppet resource tests since they
should now be reliable.
---
 spec/acceptance/resource_cmd_spec.rb | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/spec/acceptance/resource_cmd_spec.rb b/spec/acceptance/resource_cmd_spec.rb
index 20b6b15..5359a17 100644
--- a/spec/acceptance/resource_cmd_spec.rb
+++ b/spec/acceptance/resource_cmd_spec.rb
@@ -4,12 +4,18 @@ require 'spec_helper_acceptance'
 # existing ruleset scenarios. This will give the parsing capabilities of the
 # code a good work out.
 describe 'puppet resource firewall command:', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+  before(:all) do
+    # In order to properly check stderr for anomalies we need to fix the deprecation warnings from puppet.conf.
+    config = shell('puppet config print config').stdout
+    shell("sed -i -e \'s/^templatedir.*$//\' #{config}")
+  end
+
   context 'make sure it returns no errors when executed on a clean machine' do
     it do
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, some boxes come with rules, that is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -38,7 +44,7 @@ describe 'puppet resource firewall command:', :unless => UNSUPPORTED_PLATFORMS.i
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, testing preexisting rules, output is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -53,7 +59,7 @@ describe 'puppet resource firewall command:', :unless => UNSUPPORTED_PLATFORMS.i
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, testing preexisting rules, output is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -70,7 +76,7 @@ describe 'puppet resource firewall command:', :unless => UNSUPPORTED_PLATFORMS.i
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, testing preexisting rules, output is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -85,7 +91,7 @@ describe 'puppet resource firewall command:', :unless => UNSUPPORTED_PLATFORMS.i
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, testing preexisting rules, output is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -103,7 +109,7 @@ describe 'puppet resource firewall command:', :unless => UNSUPPORTED_PLATFORMS.i
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, testing preexisting rules, output is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -122,7 +128,7 @@ describe 'puppet resource firewall command:', :unless => UNSUPPORTED_PLATFORMS.i
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, testing preexisting rules, output is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -132,8 +138,13 @@ describe 'puppet resource firewall command:', :unless => UNSUPPORTED_PLATFORMS.i
   if default['platform'] !~ /el-5/
     context 'dport/sport with ip6tables' do
       before :all do
+        if fact('osfamily') == 'Debian'
+          shell('echo "iptables-persistent iptables-persistent/autosave_v4 boolean false" | debconf-set-selections')
+          shell('echo "iptables-persistent iptables-persistent/autosave_v6 boolean false" | debconf-set-selections')
+          shell('apt-get install iptables-persistent -y')
+        end
         ip6tables_flush_all_tables
-        shell('ip6tables -A INPUT -d fe80::/64 -p udp -m udp --dport 546 --sport 547 -j ACCEPT')
+        shell('ip6tables -A INPUT -d fe80::/64 -p tcp -m tcp --dport 546 --sport 547 -j ACCEPT -m comment --comment 000-foobar')
       end
       it do
         shell('puppet resource firewall \'000-foobar\' provider=ip6tables') do |r|
-- 
2.45.2