Révision c00bcf2d
Changed path to use fact. Partial conversion of execs to arrays
| manifests/init.pp | ||
|---|---|---|
| 235 | 235 |
if $purge_unmanaged_rules {
|
| 236 | 236 |
# Reload the nftables ruleset from the on-disk ruleset if there are differences or it is absent. -s must be used to ignore counters |
| 237 | 237 |
exec { 'nftables_memory_state_check':
|
| 238 |
command => 'echo "reloading nftables"',
|
|
| 239 |
path => ['/usr/sbin', '/sbin', '/usr/bin', '/bin'],
|
|
| 240 |
unless => "/usr/bin/test -s ${inmem_rules_hash_file} -a \"$(nft -s list ruleset | sha1sum)\" = \"$(cat ${inmem_rules_hash_file})\"",
|
|
| 238 |
command => ['echo', 'reloading_nftables'],
|
|
| 239 |
path => $facts['path'],
|
|
| 240 |
unless => ["test -s ${inmem_rules_hash_file} -a \"$(nft -s list ruleset | sha1sum)\" = \"$(cat ${inmem_rules_hash_file})\""],
|
|
| 241 | 241 |
notify => Service['nftables'], |
| 242 | 242 |
} |
| 243 | 243 |
|
| 244 | 244 |
# Generate nftables_hash upon any changes from the nftables service |
| 245 | 245 |
exec { 'nftables_generate_hash':
|
| 246 | 246 |
command => "nft -s list ruleset | sha1sum > ${inmem_rules_hash_file}",
|
| 247 |
path => ['/usr/sbin', '/sbin', '/usr/bin', '/bin'],
|
|
| 247 |
path => $facts['path'],
|
|
| 248 | 248 |
subscribe => Service['nftables'], |
| 249 | 249 |
refreshonly => true, |
| 250 | 250 |
} |
| spec/classes/nftables_spec.rb | ||
|---|---|---|
| 321 | 321 |
it { is_expected.not_to contain_file('/foo/bar') }
|
| 322 | 322 |
it {
|
| 323 | 323 |
is_expected.to contain_exec('nftables_memory_state_check').with(
|
| 324 |
command: %r{^echo "reloading nftables"$},
|
|
| 324 |
command: ["echo", "reloading_nftables"],
|
|
| 325 | 325 |
notify: 'Service[nftables]', |
| 326 |
unless: %r{^/usr/bin/test -s /foo/bar -a "\$\(nft -s list ruleset \| sha1sum\)" = "\$\(cat /foo/bar\)"$}
|
|
| 326 |
unless: ["test -s /foo/bar -a \"$(nft -s list ruleset | sha1sum)\" = \"$(cat /foo/bar)\""]
|
|
| 327 | 327 |
) |
| 328 | 328 |
} |
| 329 | 329 |
it {
|
Formats disponibles : Unified diff