Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-2788

Executable library policy (__main__ bundle)



    • Type: Story
    • Status: Done
    • Priority: Low
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.12.0
    • Component/s: Evaluation
    • Labels:


      Currently, it's necessary to have a separate file to enable standalone policy execution and for policy to be included as part of a separate policy set.

      Proposal using body file control to define bundlesequence

      For example:

      body file control
          inputs => { "useful-stuff.cf", "$(sys.libdir)/stdlib.cf" };
      bundle agent main
      • Why bundle agent main in standalone.cf instead of common control bundlesequence?: Because more flexible decision making at bundle level. This bundle isn't expected to be included in other policies, we would have name conflict. Same issue exists if we used body common control here instead.
      bundle agent my_policy
          reports: "This policy is useful run standalone and as part of larger policy set";
      chmod 600 ./standalone.cf ./useful-stuff.cf
      cf-agent -Kf ./standalone.cf 

      It would be convenient to be able to specify a bundlesequence to be used based on the policy entry file. Implementing such a feature would remove the need for creating wrappers to enable standalone execution.

      I propose that we introduce a new body file control attribute called bundlesequence.

      bundlesequence in body file control defines the bundles to run if the file is the policy entry point ( $(this.promise_filename) is equal to $(sys.policy_entry_filename) ). This is similar to if _name_ = "+main+":= in python.

      Instead of having a seperate standalone wrapper in the above example we could define a different bundlesequence to use if the policy is the entry. For example:

      body file control
          inputs => { "$(sys.libdir)/stdlib.cf" };
          bundlesequence => { "my_policy" };
      bundle agent my_policy
          reports: "This policy is useful run standalone and as part of larger policy set";

      Proposal to add reserved bundle _main_ to be used when file is policy entry


      • Old behavior of bundlesequences and main bundles is exactly the same.
      • Bundles called _main_ have special behavior
        • If they are in entry point policy, they are defined as main (without underscores)
        • If they are in other policy files, they will be removed before evaluation, so you can have multiple _main_ bundles in different files
      • Because of the behavior above, you will get errors if you try to define multiple main bundles (with or without underscores).


          Issue Links



              • Assignee:
                olehermanse Ole Herman Schumacher Elgesem
                a10042 Nick Anderson
              • Votes:
                1 Vote for this issue
                4 Start watching this issue


                • Created:

                  Summary Panel