Caching sysctl keys produces unexpected behaviors

[emersonford]

My understanding is that this resource will prefetch all of the sysctl keys, store these in a cache, then use that cache to validate sysctl resources.

This causes some unexpected behaviors when loading kernel modules. In particular, I have the following Puppet code:

Class 1:

# sysctl tuning
sysctl { ... }

Class 2:

kmod::load { 'br_netfilter': }
-> sysctl { 'net.bridge.bridge-nf-call-iptables':
    ensure => present,
    value    => 1,
}

Where Class 1 is executed before Class 2.

When applied, I receive the following error:

Sysctl[net.bridge.bridge-nf-call-iptables]: Could not evaluate: Error: net.bridge.bridge-nf-call-iptables is not a valid sysctl key

If I run modprobe br_netfilter before Puppet agent applies the catalog (or rerun puppet agent -t after receiving the error), I see

Debug: Executing: '/sbin/sysctl -n net.bridge.bridge-nf-call-iptables'

suggesting the resources were applied successfully.

The net.bridge.bridge-nf-call-iptables key is loaded in with the br_netfilter kernel module. However, it appears the resource provider does not reflect this new key as the cache was populated before the loading of the kernel module.

Is it possible to manually force the cache to repopulate?