Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-2265

Add variablesmatching_as_data function

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Done
    • Priority: Low
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.10.0
    • Component/s: Built-in functions
    • Labels:
      None

      Description

      (EDIT by jimis: Initial title was "Add variablevaluesmatching function", but it was edited to depict the actual function added.)

      It would be useful if we had a function that could collect the values
      of variables that match a name and tag ( much like
      =variablesmatching()= ) and put them into a list, or a data container.

      Typically when I find variables that match something, I am most
      interested in their values. For example, lets say that I want to have
      a policy that provides file integrity monitoring as a service. To use
      the service you must simply tag a variable that contains the path to a
      file with a special tag. At the end of the bundlesequence the bundle
      looks for all variables with the special tag, and applies a changes
      body to the value of each found variable.

      Currently in order to do this I double dereference the variable.

      For example:

      https://github.com/nickanderson/cfengine-file_integrity_monitoring/blob/936df48f9ccba6edf6a521c81dd9ced88daa1aa8/policy/FIM_tag_subscribe_all_changes.cf#L33-L39

      bundle agent example
      {
        vars:
            "files_to_monitor"
              slist => variablesmatching(".*", "FIM=all_changes");
      
        files:
          "$($(files_to_monitor))"
            handle => "FIM_tag_subscribe_monitor_$(files_to_monitor)_all_changes",
            changes => all_changes,
            comment => "Monitoring $($(files_to_monitor)) for all changes",
            ifvarclass => fileexists("$($(files_to_monitor))");
      }
      

      When it could be simply:

      bundle agent example
      {
        vars:
            "files_to_monitor"
              slist => variablevaluessmatching(".*", "FIM=all_changes");
      
        files:
          "$(files_to_monitor)"
            handle => "FIM_tag_subscribe_monitor_$(files_to_monitor)_all_changes",
            changes => all_changes,
            comment => "Monitoring $(files_to_monitor) for all changes",
            ifvarclass => fileexists("$(files_to_monitor)");
      }
      

      Another use case would be for purging files.

      Imagine that you are managing a directory of config snippets, similar
      to /etc/sudoers.d A variable containing the path to each file you are
      checking could be defined with a special tag, for example keep. That
      tag could be used in a file_select body to exclude the path to each
      file that was tagged for keeping.

      For example:

      bundle agent main
      {
        vars:
            "sudo_admin"
              string => "/etc/sudoers.d/admins",
              tags => { "keep" };
      
        files:
          "/etc/sudoers.d/."
            file_select => except_tagged( "keep" ),
            delete => tidy;
      }
      
      body file_select except_tagged (tag)
      {
        leaf_name => variablevaluesmatching(".*", $(tag));
        file_result => "!leaf_name";
      }
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                a10038 jimis (Dimitrios Apostolou)
                Reporter:
                a10042 Nick Anderson
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Summary Panel