firewalld-reload: fix CI tests

A new change in firewalld 2.0 no longer flushes all rules. This means the test cannot check for it. Instead we must check for the trusted sources that are added in firewalld. This is causing CI failures on main right now because this test was merged with CI running on f38 while the update to f39 was just merged before that. containers#826 containers#840 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
jakecorrenti · Jan 3, 2024 · d28d580 · d28d580
1 parent 01094d8
commit d28d580
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/test/100-bridge-iptables.bats b/test/100-bridge-iptables.bats
@@ -994,18 +994,26 @@ EOF
     run_in_host_netns firewall-cmd --reload
 
     # After a firewalld reload we expect rules to be deleted
-    expected_rc=1 run_in_host_netns iptables -S NETAVARK_FORWARD
+    # expected_rc=1 run_in_host_netns iptables -S NETAVARK_FORWARD
+    # There was a firewalld change in 3.0 that it no longer flushes all rules, howver we can still check if
+    # we are added to trusted.
+    run_in_host_netns firewall-cmd --zone=trusted --list-sources
+    assert "$output" == "" "no trusted sources"
 
     # start reload service on start it should restore the rules
     run_netavark_firewalld_reload
 
     # this run in the background so give it some time to add the rules
     sleep 1
     check_simple_bridge_iptables
+    run_in_host_netns firewall-cmd --zone=trusted --list-sources
+    assert "$output" == "10.88.0.0/16" "container subnet is trusted after start"
 
     run_in_host_netns firewall-cmd --reload
     sleep 1
     check_simple_bridge_iptables
+    run_in_host_netns firewall-cmd --zone=trusted --list-sources
+    assert "$output" == "10.88.0.0/16" "container subnet is trusted after reload"
 }
 
 @test "$fw_driver - port forwarding ipv4 - tcp with firewalld reload" {