Fixes #30962 - fix dhcpd.conf acl

theforeman · Oct 7, 2020 · 131a9af · 131a9af
1 parent 3838f92
commit 131a9af
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/manifests/proxydhcp.pp b/manifests/proxydhcp.pp
@@ -76,8 +76,10 @@
       exec { "Allow ${foreman_proxy::user} to read ${path}":
         command => "setfacl -R -m u:${foreman_proxy::user}:rx ${path}",
         path    => ['/bin', '/usr/bin'],
-        unless  => "getfacl -p ${path} | grep user:${foreman_proxy::user}:r-x",
-        require => Package['acl'],
+        require => [
+          Package['acl'],
+          Class['dhcp'],
+        ],
       }
     }
 

diff --git a/spec/classes/foreman_proxy__proxydhcp__spec.rb b/spec/classes/foreman_proxy__proxydhcp__spec.rb
@@ -79,8 +79,7 @@
           case facts[:osfamily]
           when 'RedHat', 'Debian'
             it do should contain_exec('Allow foreman-proxy to read /etc/dhcp').
-              with_command('setfacl -R -m u:foreman-proxy:rx /etc/dhcp').
-              with_unless('getfacl -p /etc/dhcp | grep user:foreman-proxy:r-x')
+              with_command('setfacl -R -m u:foreman-proxy:rx /etc/dhcp')
             end
           else
             it { should_not contain_exec('Allow foreman-proxy to read /etc/dhcp') }
@@ -89,8 +88,7 @@
           case facts[:osfamily]
           when 'RedHat', 'Debian'
             it do should contain_exec("Allow foreman-proxy to read #{leases_dir}").
-              with_command("setfacl -R -m u:foreman-proxy:rx #{leases_dir}").
-              with_unless("getfacl -p #{leases_dir} | grep user:foreman-proxy:r-x")
+              with_command("setfacl -R -m u:foreman-proxy:rx #{leases_dir}")
             end
           else
             it { should_not contain_exec("Allow foreman-proxy to read #{leases_dir}") }