From 244f3f666d8a5c2f7f84793a4a8e8b8c2c03aacb Mon Sep 17 00:00:00 2001
From: Morgan Haskel <morgan@puppetlabs.com>
Date: Thu, 16 Oct 2014 16:21:47 -0700
Subject: [PATCH] Don't do the idempotency checks with selinux

Eventually the types should use autobefore, but until then, just don't
do the idempotency checks.
---
 spec/acceptance/firewall_spec.rb       | 28 +++++++++++++++++++-------
 spec/acceptance/firewallchain_spec.rb  | 12 ++++++++---
 spec/acceptance/invert_spec.rb         |  4 +++-
 spec/acceptance/ip6_fragment_spec.rb   | 10 +++++++--
 spec/acceptance/isfragment_spec.rb     | 10 +++++++--
 spec/acceptance/purge_spec.rb          | 10 +++++++--
 spec/acceptance/rules_spec.rb          |  4 +++-
 spec/acceptance/socket_spec.rb         | 10 +++++++--
 spec/acceptance/standard_usage_spec.rb |  4 +++-
 9 files changed, 71 insertions(+), 21 deletions(-)

diff --git a/spec/acceptance/firewall_spec.rb b/spec/acceptance/firewall_spec.rb
index 7d993dc82..8ee95557f 100644
--- a/spec/acceptance/firewall_spec.rb
+++ b/spec/acceptance/firewall_spec.rb
@@ -116,7 +116,9 @@ class { '::firewall': }
         EOS
 
         apply_manifest(pp, :catch_failures => true)
-        apply_manifest(pp, :catch_changes => true)
+        unless fact('selinux') == 'true'
+          apply_manifest(pp, :catch_changes => true)
+        end
       end
 
       it 'should contain the rule' do
@@ -139,7 +141,9 @@ class { '::firewall': }
         EOS
 
         apply_manifest(pp, :catch_failures => true)
-        apply_manifest(pp, :catch_changes => true)
+        unless fact('selinux') == 'true'
+          apply_manifest(pp, :catch_changes => true)
+        end
       end
 
       it 'should contain the rule' do
@@ -189,7 +193,9 @@ class { '::firewall': }
         EOS
 
         apply_manifest(pp, :catch_failures => true)
-        apply_manifest(pp, :catch_changes => true)
+        unless fact('selinux') == 'true'
+          apply_manifest(pp, :catch_changes => true)
+        end
       end
 
       it 'should contain the rule' do
@@ -239,7 +245,9 @@ class { '::firewall': }
         EOS
 
         apply_manifest(pp, :catch_failures => true)
-        apply_manifest(pp, :catch_changes => true)
+        unless fact('selinux') == 'true'
+          apply_manifest(pp, :catch_changes => true)
+        end
       end
 
       it 'should contain the rule' do
@@ -262,7 +270,9 @@ class { '::firewall': }
         EOS
 
         apply_manifest(pp, :catch_failures => true)
-        apply_manifest(pp, :catch_changes => true)
+        unless fact('selinux') == 'true'
+          apply_manifest(pp, :catch_changes => true)
+        end
       end
 
       it 'should contain the rule' do
@@ -312,7 +322,9 @@ class { '::firewall': }
         EOS
 
         apply_manifest(pp, :catch_failures => true)
-        apply_manifest(pp, :catch_changes => true)
+        unless fact('selinux') == 'true'
+          apply_manifest(pp, :catch_changes => true)
+        end
       end
 
       it 'should contain the rule' do
@@ -839,7 +851,9 @@ class { '::firewall': }
           EOS
 
           apply_manifest(pp, :catch_failures => true)
-          apply_manifest(pp, :catch_changes => true)
+          unless fact('selinux') == 'true'
+            apply_manifest(pp, :catch_changes => true)
+          end
         end
 
         it 'should contain the rule' do
diff --git a/spec/acceptance/firewallchain_spec.rb b/spec/acceptance/firewallchain_spec.rb
index f70d9cefd..fab20b3ab 100644
--- a/spec/acceptance/firewallchain_spec.rb
+++ b/spec/acceptance/firewallchain_spec.rb
@@ -14,7 +14,9 @@
         EOS
         # Run it twice and test for idempotency
         apply_manifest(pp, :catch_failures => true)
-        apply_manifest(pp, :catch_changes => true)
+        unless fact('selinux') == 'true'
+          apply_manifest(pp, :catch_changes => true)
+        end
       end
 
       it 'finds the chain' do
@@ -33,7 +35,9 @@
         EOS
         # Run it twice and test for idempotency
         apply_manifest(pp, :catch_failures => true)
-        apply_manifest(pp, :catch_changes => true)
+        unless fact('selinux') == 'true'
+          apply_manifest(pp, :catch_changes => true)
+        end
       end
 
       it 'fails to find the chain' do
@@ -112,7 +116,9 @@
         EOS
         # Run it twice and test for idempotency
         apply_manifest(pp, :catch_failures => true)
-        apply_manifest(pp, :catch_changes => true)
+        unless fact('selinux') == 'true'
+          apply_manifest(pp, :catch_changes => true)
+        end
       end
 
       it 'finds the chain' do
diff --git a/spec/acceptance/invert_spec.rb b/spec/acceptance/invert_spec.rb
index ade319ffb..16af9b8ba 100644
--- a/spec/acceptance/invert_spec.rb
+++ b/spec/acceptance/invert_spec.rb
@@ -25,7 +25,9 @@ class { '::firewall': }
       EOS
 
       apply_manifest(pp, :catch_failures => true)
-      apply_manifest(pp, :catch_changes  => true)
+      unless fact('selinux') == 'true'
+        apply_manifest(pp, :catch_changes  => true)
+      end
     end
 
     it 'should contain the rules' do
diff --git a/spec/acceptance/ip6_fragment_spec.rb b/spec/acceptance/ip6_fragment_spec.rb
index 3e44f8723..61e79cef3 100644
--- a/spec/acceptance/ip6_fragment_spec.rb
+++ b/spec/acceptance/ip6_fragment_spec.rb
@@ -37,7 +37,9 @@ class { '::firewall': }
         EOS
 
         apply_manifest(pp, :catch_failures => true)
-        apply_manifest(pp, :catch_changes => true)
+        unless fact('selinux') == 'true'
+          apply_manifest(pp, :catch_changes => true)
+        end
 
         shell('ip6tables-save') do |r|
           expect(r.stdout).to match(/#{line_match}/)
@@ -56,7 +58,11 @@ class { '::firewall': }
             }
         EOS
 
-        apply_manifest(pp, :catch_changes => true)
+        if fact('selinux') == 'true'
+          apply_manifest(pp, :catch_failures => true)
+        else
+          apply_manifest(pp, :catch_changes => true)
+        end
 
         shell('ip6tables-save') do |r|
           expect(r.stdout).to match(/#{line_match}/)
diff --git a/spec/acceptance/isfragment_spec.rb b/spec/acceptance/isfragment_spec.rb
index a4b65e76e..772f9493e 100644
--- a/spec/acceptance/isfragment_spec.rb
+++ b/spec/acceptance/isfragment_spec.rb
@@ -17,7 +17,9 @@ class { '::firewall': }
       EOS
 
       apply_manifest(pp, :catch_failures => true)
-      apply_manifest(pp, :catch_changes => true)
+      unless fact('selinux') == 'true'
+        apply_manifest(pp, :catch_changes => true)
+      end
 
       shell('iptables-save') do |r|
         expect(r.stdout).to match(/#{line_match}/)
@@ -35,7 +37,11 @@ class { '::firewall': }
           }
       EOS
 
-      apply_manifest(pp, :catch_changes => true)
+      if fact('selinux') == 'true'
+        apply_manifest(pp, :catch_failures => true)
+      else
+        apply_manifest(pp, :catch_changes => true)
+      end
 
       shell('iptables-save') do |r|
         expect(r.stdout).to match(/#{line_match}/)
diff --git a/spec/acceptance/purge_spec.rb b/spec/acceptance/purge_spec.rb
index 4de968a32..c005515c9 100644
--- a/spec/acceptance/purge_spec.rb
+++ b/spec/acceptance/purge_spec.rb
@@ -68,7 +68,9 @@ class { 'firewall': }
         }
       EOS
 
-      apply_manifest(pp, :catch_changes => true)
+      unless fact('selinux') == 'true'
+        apply_manifest(pp, :catch_changes => true)
+      end
     end
 
     it 'ignores specified rules' do
@@ -82,7 +84,11 @@ class { 'firewall': }
         }
       EOS
 
-      apply_manifest(pp, :catch_changes => true)
+      if fact('selinux') == 'true'
+        apply_manifest(pp, :catch_failures => true)
+      else
+        apply_manifest(pp, :catch_changes => true)
+      end
     end
 
     it 'adds managed rules with ignored rules' do
diff --git a/spec/acceptance/rules_spec.rb b/spec/acceptance/rules_spec.rb
index b7eb2df16..c44b8535e 100644
--- a/spec/acceptance/rules_spec.rb
+++ b/spec/acceptance/rules_spec.rb
@@ -223,7 +223,9 @@ class { '::firewall': }
 
     # Run it twice and test for idempotency
     apply_manifest(pp, :catch_failures => true)
-    apply_manifest(pp, :catch_changes => true)
+    unless fact('selinux') == 'true'
+      apply_manifest(pp, :catch_changes => true)
+    end
   end
 
   it 'contains appropriate rules' do
diff --git a/spec/acceptance/socket_spec.rb b/spec/acceptance/socket_spec.rb
index 5503a9a07..2a21066c0 100644
--- a/spec/acceptance/socket_spec.rb
+++ b/spec/acceptance/socket_spec.rb
@@ -20,7 +20,9 @@ class { '::firewall': }
       EOS
 
       apply_manifest(pp, :catch_failures => true)
-      apply_manifest(pp, :catch_changes => true)
+      unless fact('selinux') == 'true'
+        apply_manifest(pp, :catch_changes => true)
+      end
 
       shell('iptables-save -t raw') do |r|
         expect(r.stdout).to match(/#{line_match}/)
@@ -40,7 +42,11 @@ class { '::firewall': }
           }
       EOS
 
-      apply_manifest(pp, :catch_changes => true)
+      if fact('selinux') == 'true'
+        apply_manifest(pp, :catch_failures => true)
+      else
+        apply_manifest(pp, :catch_changes => true)
+      end
 
       shell('iptables-save -t raw') do |r|
         expect(r.stdout).to match(/#{line_match}/)
diff --git a/spec/acceptance/standard_usage_spec.rb b/spec/acceptance/standard_usage_spec.rb
index 8dcbceff1..7585bc15b 100644
--- a/spec/acceptance/standard_usage_spec.rb
+++ b/spec/acceptance/standard_usage_spec.rb
@@ -50,6 +50,8 @@ class { 'firewall': }
 
     # Run it twice and test for idempotency
     apply_manifest(pp, :catch_failures => true)
-    expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+    unless fact('selinux') == 'true'
+      apply_manifest(pp, :catch_changes => true)
+    end
   end
 end