fixup! fixup! fixup! fixup! fixup! Fixes #16915: Firewall technique

Fixes #16915: Firewall technique
Normation · Jun 26, 2020 · e1c3f51 · e1c3f51
1 parent 8697857
commit e1c3f51
Showing 1 changed file with 5 additions and 9 deletions.
diff --git a/techniques/systemSettings/networking/firewall/1.0/firewall.st b/techniques/systemSettings/networking/firewall/1.0/firewall.st
@@ -7,7 +7,7 @@
 bundle agent rudder_firewall {
   vars:
       "config"    string => "&FIREWALL_CONF&";
-      "firewall"  string => "rudder_&FIREWALL_IMPL&";
+      "firewall"  string => "rudder_firewall_&FIREWALL_IMPL&";
       "posthook"  string => "&FIREWALL_POST_HOOK_COMMAND&";
       "reference" string => "/var/rudder/tmp/firewall.ref";
 
@@ -34,7 +34,7 @@ bundle agent rudder_firewall {
       "any" usebundle => variable_string_from_file("firewall_technique", "firewall_conf_ref", "${reference}");
       "en4" usebundle => disable_reporting;
       "any" usebundle => variable_string_from_command("firewall_technique", "firewall_conf", "${${firewall}.dump_cmd}");
-      "any" usebundle => rudder_condition_from_string_compare("rudder_firewall_technique_conf", "${firewall_technique.firewall_conf_ref}", "${firewall_technique.firewall_conf}
+      "any" usebundle => rudder_firewall_condition_from_string_compare("rudder_firewall_technique_conf", "${firewall_technique.firewall_conf_ref}", "${firewall_technique.firewall_conf}
 ");
       "any" usebundle => rudder_common_report("firewall", "log_warn", "&TRACKINGKEY&", "Load configuration", "None", "Firewall configuration was modified since previous agent run"),
                    if => canonify("variable_string_from_file_${reference}_ok.rudder_firewall_technique_conf_false");
@@ -61,7 +61,7 @@ bundle agent rudder_firewall {
       "any" usebundle => rudder_common_report("firewall", "result_na", "&TRACKINGKEY&", "Load configuration", "None", "Firewall configuration did not require modification");
     any::
       # Post-hook
-      "any" usebundle => rudder_condition_from_string_compare("rudder_firewall_disable_posthook", "${posthook}", "");
+      "any" usebundle => rudder_firewall_condition_from_string_compare("rudder_firewall_disable_posthook", "${posthook}", "");
     rudder_firewall_reload_true.rudder_firewall_disable_posthook_false::
       "any" usebundle => _method_reporting_context("Post-modification script", "None");
       "any" usebundle => command_execution("${posthook}");
@@ -72,7 +72,7 @@ bundle agent rudder_firewall {
 }
 
 # Uses the systemd service, compatible with recent debian, rhel and derivatives
-bundle common rudder_nftables {
+bundle common rudder_firewall_nftables {
   vars:
       "package"  string => "nftables";
       "service"  string => "nftables";
@@ -87,15 +87,11 @@ bundle common rudder_nftables {
       "conf_pre" string => "flush ruleset${const.n}";
 }
 
-bundle agent rudder_condition_from_string_compare(condition_prefix, string1, string2) {
+bundle agent rudder_firewall_condition_from_string_compare(condition_prefix, string1, string2) {
   classes:
       "${condition_prefix}_reached"   scope => "namespace";
       "${condition_prefix}_true" expression => strcmp("${string1}", "${string2}"), scope => "namespace";
       "${condition_prefix}_false"       not => "${condition_prefix}_true", scope => "namespace";
 }
 
-bundle agent rudder_variable_string_canonify(prefix, name, string) {
-  vars:
-      "${prefix}.${name}" string => canonify("${string}");
-}