Fix puppet resource acceptance tests

The dport/sport test needs iptables-persistent pre-installed in order
for the iptables_persistent_version fact to work.

This commit also changes the test to create the rule with a comment and
with the default protocol so that the puppet resource command is
checking the existence of a resource and not creating a new one or
altering an existing one.

After those changes, checking stderr still fails because of puppet's
deprecation warnings. This commit fixes puppet.conf to avoid the
warnings so that we can actually check stderr. With that accomplished I
added checks for stderr to the other puppet resource tests since they
should now be reliable.

spec/acceptance/resource_cmd_spec.rb

@@ -4,12 +4,18 @@
 # existing ruleset scenarios. This will give the parsing capabilities of the
 # code a good work out.
 describe 'puppet resource firewall command:', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+  before(:all) do
+    # In order to properly check stderr for anomalies we need to fix the deprecation warnings from puppet.conf.
+    config = shell('puppet config print config').stdout
+    shell("sed -i -e \'s/^templatedir.*$//\' #{config}")
+  end
+
   context 'make sure it returns no errors when executed on a clean machine' do
     it do
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, some boxes come with rules, that is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -38,7 +44,7 @@
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, testing preexisting rules, output is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -53,7 +59,7 @@
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, testing preexisting rules, output is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -70,7 +76,7 @@
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, testing preexisting rules, output is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -85,7 +91,7 @@
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, testing preexisting rules, output is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -103,7 +109,7 @@
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, testing preexisting rules, output is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -122,7 +128,7 @@
       shell('puppet resource firewall') do |r|
         r.exit_code.should be_zero
         # don't check stdout, testing preexisting rules, output is normal
-        # don't check stderr, puppet throws deprecation warnings
+        r.stderr.should be_empty
       end
     end
   end
@@ -132,8 +138,13 @@
   if default['platform'] !~ /el-5/
     context 'dport/sport with ip6tables' do
       before :all do
+        if fact('osfamily') == 'Debian'
+          shell('echo "iptables-persistent iptables-persistent/autosave_v4 boolean false" | debconf-set-selections')
+          shell('echo "iptables-persistent iptables-persistent/autosave_v6 boolean false" | debconf-set-selections')
+          shell('apt-get install iptables-persistent -y')
+        end
         ip6tables_flush_all_tables
-        shell('ip6tables -A INPUT -d fe80::/64 -p udp -m udp --dport 546 --sport 547 -j ACCEPT')
+        shell('ip6tables -A INPUT -d fe80::/64 -p tcp -m tcp --dport 546 --sport 547 -j ACCEPT -m comment --comment 000-foobar')
       end
       it do
         shell('puppet resource firewall \'000-foobar\' provider=ip6tables') do |r|