rebuild-iptables doesn't check subcommand exit codes

Question

rebuild-iptables doesn't check subcommand exit codes

JCotton1123 opened this issue 8 years ago · comments

Jesse Cotton commented 8 years ago

Cookbook version

master

Chef-client version

12.8.1

Platform Details

Ubuntu 14.04

Scenario:

rebuild-iptables doesn't actually verify that it installed the rules successfully by checking the exit codes of the subcommands it runs.

The return val needs to be inspected here and an appropriate exit code needs to be returned if the val is false or nil (I believe).

Steps to Reproduce:

Enter an invalid rule to the iptables_rule resource and watch the chef run complete successfully.

Expected Result:

An error indicating rebuild-iptables failed.

Example:

root@wrap-ecs-agent-5f1.devops.wrapdev.net:/etc/chef# /usr/sbin/rebuild-iptables
iptables-restore v1.4.21: The -t option (seen in line 6) cannot be used in iptables-restore.

Error occurred at line: 6
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
cp: cannot create regular file ‘/etc/sysconfig/iptables’: No such file or directory
root@wrap-ecs-agent-5f1.devops.wrapdev.net:/etc/chef# echo $?
0

Actual Result:

Chef ran successfully.

Jesse Cotton · Answer 1 · Sat Oct 15 2016 02:53:33 GMT+0800 (China Standard Time)

If I can find time I'll try to submit a PR to fix this.

Lamont Granquist · Answer 2 · Tue Oct 25 2016 02:53:36 GMT+0800 (China Standard Time)

being replaced by #67