From d28d580e8ee564ac62f3561e6c819e1cafede1ab Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Thu, 16 Nov 2023 14:53:55 +0100
Subject: [PATCH] firewalld-reload: fix CI tests

A new change in firewalld 2.0 no longer flushes all rules. This means
the test cannot check for it. Instead we must check for the trusted
sources that are added in firewalld.

This is causing CI failures on main right now because this test was
merged with CI running on f38 while the update to f39 was just merged
before that.

https://github.com/containers/netavark/pull/826
https://github.com/containers/netavark/pull/840

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 test/100-bridge-iptables.bats | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/test/100-bridge-iptables.bats b/test/100-bridge-iptables.bats
index 2b5165f10..881e2090f 100644
--- a/test/100-bridge-iptables.bats
+++ b/test/100-bridge-iptables.bats
@@ -994,7 +994,11 @@ EOF
     run_in_host_netns firewall-cmd --reload
 
     # After a firewalld reload we expect rules to be deleted
-    expected_rc=1 run_in_host_netns iptables -S NETAVARK_FORWARD
+    # expected_rc=1 run_in_host_netns iptables -S NETAVARK_FORWARD
+    # There was a firewalld change in 3.0 that it no longer flushes all rules, howver we can still check if
+    # we are added to trusted.
+    run_in_host_netns firewall-cmd --zone=trusted --list-sources
+    assert "$output" == "" "no trusted sources"
 
     # start reload service on start it should restore the rules
     run_netavark_firewalld_reload
@@ -1002,10 +1006,14 @@ EOF
     # this run in the background so give it some time to add the rules
     sleep 1
     check_simple_bridge_iptables
+    run_in_host_netns firewall-cmd --zone=trusted --list-sources
+    assert "$output" == "10.88.0.0/16" "container subnet is trusted after start"
 
     run_in_host_netns firewall-cmd --reload
     sleep 1
     check_simple_bridge_iptables
+    run_in_host_netns firewall-cmd --zone=trusted --list-sources
+    assert "$output" == "10.88.0.0/16" "container subnet is trusted after reload"
 }
 
 @test "$fw_driver - port forwarding ipv4 - tcp with firewalld reload" {