From d20f03434ee9292c575a6d29f31015695bbd87b0 Mon Sep 17 00:00:00 2001
From: Jose Asuncion <jose.asuncion@gmail.com>
Date: Tue, 2 May 2017 17:39:24 -0700
Subject: [PATCH] make chef13 compatible

---
 .kitchen.yml                                  |  2 +-
 recipes/default.rb                            |  5 ++--
 .../default/serverspec/default_spec.rb        | 18 +++++++-------
 .../ipv6_default/serverspec/default_spec.rb   | 24 ++++++++++---------
 .../serverspec/list_of_tables_spec.rb         | 24 ++++++++++---------
 .../serverspec/list_of_tables_spec.rb         | 16 +++++++------
 6 files changed, 49 insertions(+), 40 deletions(-)

diff --git a/.kitchen.yml b/.kitchen.yml
index 05142cd..ccbf735 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -7,7 +7,7 @@ provisioner:
   data_path: test/shared
 
 platforms:
-  - name: centos-6.5
+  - name: ubuntu-16.04
 
 suites:
   - name: default
diff --git a/recipes/default.rb b/recipes/default.rb
index 87091dc..0e0a759 100644
--- a/recipes/default.rb
+++ b/recipes/default.rb
@@ -38,10 +38,11 @@
     node.rm_normal("simple_iptables", "ipv6")
     # Then run all the simple_iptables_* resources
     run_context.resource_collection.each do |resource|
-      if resource.kind_of?(Chef::Resource::SimpleIptablesRule)
+      puts resource.class.resource_name
+      if resource.class.resource_name.to_s == "simple_iptables_rule"
         Chef::Log.debug("about to run simple_iptables_rule[#{resource.chain}]")
         resource.run_action(resource.action)
-      elsif resource.kind_of?(Chef::Resource::SimpleIptablesPolicy)
+      elsif resource.class.resource_name.to_s == "simple_iptables_policy"
         Chef::Log.debug("about to run simple_iptables_policy[#{resource.chain}]")
         resource.run_action(resource.action)
       end
diff --git a/test/integration/default/serverspec/default_spec.rb b/test/integration/default/serverspec/default_spec.rb
index 1489196..4d96fe5 100644
--- a/test/integration/default/serverspec/default_spec.rb
+++ b/test/integration/default/serverspec/default_spec.rb
@@ -1,13 +1,15 @@
-require_relative '../../../kitchen/data/spec_helper'
+require "serverspec"
+
+set :backend, :exec
 
 describe iptables do
   it { should have_rule('-A INPUT -j simple_rule') }
-  it { should have_rule('-A simple_rule -p tcp -m tcp --dport 80 -j ACCEPT') }
-  it { should have_rule('-A INPUT -p tcp -m tcp --dport 81 -j ACCEPT') }
-  it { should have_rule('-A FORWARD -p tcp -m tcp --dport 82 -j ACCEPT') }
+  it { should have_rule('-A simple_rule -p tcp -m tcp --dport 80 -m comment --comment simple_rule -j ACCEPT') }
+  it { should have_rule('-A INPUT -p tcp -m tcp --dport 81 -m comment --comment rule_in_input_chain -j ACCEPT') }
+  it { should have_rule('-A FORWARD -p tcp -m tcp --dport 82 -m comment --comment rule_in_forward_chain -j ACCEPT') }
   it { should have_rule('-A INPUT -m state --state NEW -j jump_with_rule') }
-  it { should have_rule('-A jump_with_rule -p tcp -m tcp --dport 83 -j ACCEPT') }
-  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 84 -j ACCEPT') }
-  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 85 -j ACCEPT') }
+  it { should have_rule('-A jump_with_rule -p tcp -m tcp --dport 83 -m comment --comment jump_with_rule -j ACCEPT') }
+  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 84 -m comment --comment array_of_rules -j ACCEPT') }
+  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 85 -m comment --comment array_of_rules -j ACCEPT') }
   it { should have_rule('-A INPUT -j array_of_rules') }
-end
\ No newline at end of file
+end
diff --git a/test/integration/ipv6_default/serverspec/default_spec.rb b/test/integration/ipv6_default/serverspec/default_spec.rb
index 35c0967..48a4886 100644
--- a/test/integration/ipv6_default/serverspec/default_spec.rb
+++ b/test/integration/ipv6_default/serverspec/default_spec.rb
@@ -1,25 +1,27 @@
-require_relative '../../../kitchen/data/spec_helper'
+require 'serverspec'
+
+set :backend, :exec
 
 describe iptables do
   it { should have_rule('-A INPUT -j simple_rule') }
-  it { should have_rule('-A simple_rule -p tcp -m tcp --dport 80 -j ACCEPT') }
-  it { should have_rule('-A INPUT -p tcp -m tcp --dport 81 -j ACCEPT') }
-  it { should have_rule('-A FORWARD -p tcp -m tcp --dport 82 -j ACCEPT') }
+  it { should have_rule('-A simple_rule -p tcp -m tcp --dport 80 -m comment --comment simple_rule -j ACCEPT') }
+  it { should have_rule('-A INPUT -p tcp -m tcp --dport 81 -m comment --comment rule_in_input_chain -j ACCEPT') }
+  it { should have_rule('-A FORWARD -p tcp -m tcp --dport 82 -m comment --comment rule_in_forward_chain -j ACCEPT') }
+  it { should have_rule('-A jump_with_rule -p tcp -m tcp --dport 83 -m comment --comment jump_with_rule -j ACCEPT') }
+  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 84 -m comment --comment array_of_rules -j ACCEPT') }
+  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 85 -m comment --comment array_of_rules -j ACCEPT') }
   it { should have_rule('-A INPUT -m state --state NEW -j jump_with_rule') }
-  it { should have_rule('-A jump_with_rule -p tcp -m tcp --dport 83 -j ACCEPT') }
-  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 84 -j ACCEPT') }
-  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 85 -j ACCEPT') }
   it { should have_rule('-A INPUT -j array_of_rules') }
 end
 
 describe ip6tables do
   it { should have_rule('-A INPUT -j simple_rule') }
-  it { should have_rule('-A simple_rule -p tcp -m tcp --dport 80 -j ACCEPT') }
-  it { should have_rule('-A INPUT -p tcp -m tcp --dport 81 -j ACCEPT') }
+  it { should have_rule('-A simple_rule -p tcp -m tcp --dport 80 -m comment --comment simple_rule -j ACCEPT') }
+  it { should have_rule('-A INPUT -p tcp -m tcp --dport 81 -m comment --comment rule_in_input_chain -j ACCEPT') }
   it { should_not have_rule('-A FORWARD -p tcp -m tcp --dport 82 -j ACCEPT') }
   it { should_not have_rule('-A INPUT -m state --state NEW -j jump_with_rule') }
   it { should_not have_rule('-A jump_with_rule -p tcp -m tcp --dport 83 -j ACCEPT') }
-  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 84 -j ACCEPT') }
-  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 85 -j ACCEPT') }
+  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 84 -m comment --comment array_of_rules -j ACCEPT') }
+  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 85 -m comment --comment array_of_rules -j ACCEPT') }
   it { should have_rule('-A INPUT -j array_of_rules') }
 end
diff --git a/test/integration/ipv6_list_of_tables/serverspec/list_of_tables_spec.rb b/test/integration/ipv6_list_of_tables/serverspec/list_of_tables_spec.rb
index ca6fc31..f445d9b 100644
--- a/test/integration/ipv6_list_of_tables/serverspec/list_of_tables_spec.rb
+++ b/test/integration/ipv6_list_of_tables/serverspec/list_of_tables_spec.rb
@@ -1,14 +1,16 @@
-require_relative '../../../kitchen/data/spec_helper'
+require 'serverspec'
+
+set :backend, :exec
 
 describe iptables do
   it { should have_rule('-A INPUT -j simple_rule') }
-  it { should have_rule('-A simple_rule -p tcp -m tcp --dport 80 -j ACCEPT') }
-  it { should have_rule('-A INPUT -p tcp -m tcp --dport 81 -j ACCEPT') }
-  it { should have_rule('-A FORWARD -p tcp -m tcp --dport 82 -j ACCEPT') }
+  it { should have_rule('-A simple_rule -p tcp -m tcp --dport 80 -m comment --comment simple_rule -j ACCEPT') }
+  it { should have_rule('-A INPUT -p tcp -m tcp --dport 81 -m comment --comment rule_in_input_chain -j ACCEPT') }
+  it { should have_rule('-A FORWARD -p tcp -m tcp --dport 82 -m comment --comment rule_in_forward_chain -j ACCEPT') }
   it { should have_rule('-A INPUT -m state --state NEW -j jump_with_rule') }
-  it { should have_rule('-A jump_with_rule -p tcp -m tcp --dport 83 -j ACCEPT') }
-  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 84 -j ACCEPT') }
-  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 85 -j ACCEPT') }
+  it { should have_rule('-A jump_with_rule -p tcp -m tcp --dport 83 -m comment --comment jump_with_rule -j ACCEPT') }
+  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 84 -m comment --comment array_of_rules -j ACCEPT') }
+  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 85 -m comment --comment array_of_rules -j ACCEPT') }
   it { should have_rule('-A INPUT -j array_of_rules') }
   it { should_not have_rule('*nat') }
   it { should have_rule('*mangle') }
@@ -18,13 +20,13 @@
 
 describe ip6tables do
   it { should have_rule('-A INPUT -j simple_rule') }
-  it { should have_rule('-A simple_rule -p tcp -m tcp --dport 80 -j ACCEPT') }
-  it { should have_rule('-A INPUT -p tcp -m tcp --dport 81 -j ACCEPT') }
+  it { should have_rule('-A simple_rule -p tcp -m tcp --dport 80 -m comment --comment simple_rule -j ACCEPT') }
+  it { should have_rule('-A INPUT -p tcp -m tcp --dport 81 -m comment --comment rule_in_input_chain -j ACCEPT') }
   it { should_not have_rule('-A FORWARD -p tcp -m tcp --dport 82 -j ACCEPT') }
   it { should_not have_rule('-A INPUT -m state --state NEW -j jump_with_rule') }
   it { should_not have_rule('-A jump_with_rule -p tcp -m tcp --dport 83 -j ACCEPT') }
-  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 84 -j ACCEPT') }
-  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 85 -j ACCEPT') }
+  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 84 -m comment --comment array_of_rules -j ACCEPT') }
+  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 85 -m comment --comment array_of_rules -j ACCEPT') }
   it { should have_rule('-A INPUT -j array_of_rules') }
   it { should_not have_rule('*nat') }
   it { should have_rule('*mangle') }
diff --git a/test/integration/list_of_tables/serverspec/list_of_tables_spec.rb b/test/integration/list_of_tables/serverspec/list_of_tables_spec.rb
index e82e9f6..c077f63 100644
--- a/test/integration/list_of_tables/serverspec/list_of_tables_spec.rb
+++ b/test/integration/list_of_tables/serverspec/list_of_tables_spec.rb
@@ -1,14 +1,16 @@
-require_relative '../../../kitchen/data/spec_helper'
+require 'serverspec'
+
+set :backend, :exec
 
 describe iptables do
   it { should have_rule('-A INPUT -j simple_rule') }
-  it { should have_rule('-A simple_rule -p tcp -m tcp --dport 80 -j ACCEPT') }
-  it { should have_rule('-A INPUT -p tcp -m tcp --dport 81 -j ACCEPT') }
-  it { should have_rule('-A FORWARD -p tcp -m tcp --dport 82 -j ACCEPT') }
+  it { should have_rule('-A simple_rule -p tcp -m tcp --dport 80 -m comment --comment simple_rule -j ACCEPT') }
+  it { should have_rule('-A INPUT -p tcp -m tcp --dport 81 -m comment --comment rule_in_input_chain -j ACCEPT') }
+  it { should have_rule('-A FORWARD -p tcp -m tcp --dport 82 -m comment --comment rule_in_forward_chain -j ACCEPT') }
   it { should have_rule('-A INPUT -m state --state NEW -j jump_with_rule') }
-  it { should have_rule('-A jump_with_rule -p tcp -m tcp --dport 83 -j ACCEPT') }
-  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 84 -j ACCEPT') }
-  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 85 -j ACCEPT') }
+  it { should have_rule('-A jump_with_rule -p tcp -m tcp --dport 83 -m comment --comment jump_with_rule -j ACCEPT') }
+  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 84 -m comment --comment array_of_rules -j ACCEPT') }
+  it { should have_rule('-A array_of_rules -p tcp -m tcp --dport 85 -m comment --comment array_of_rules -j ACCEPT') }
   it { should have_rule('-A INPUT -j array_of_rules') }
   it { should_not have_rule('*nat') }
   it { should have_rule('*mangle') }