Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-3865

Ability to prevent certain classes from ever being defined

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Open
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Evaluation
    • Labels:

      Description

      It would be useful for both testing (ci, testing policy edge cases that are unlikely to arise) and safety in production to have the ability to prevent some classes from being defined. The N/-negate options to cf-agent will undefine a class at the start of an agent run (this targets persistent classes that were defined from a previous agent run), but it does not prevent policy from defining that class as it's executing which is what this issue is about.

      Small example:

      body common control
      {
      bundlesequence => { "main" };
      class_block_reg_list => { "^BusinessUnit.*", "test" }; # Prevent any classes starting with BusinessUnit and any class named test from being defined
      }
      
      bundle agent main
      {
        classes:
          "test"
            handle => "my_promise",
            expression => "any"; # proiduce a Warning, tried to define class `test` matching class_block_reg_list ["^BusinessUnit.*", "test" ]
      
        reports:
         test::
          "test class set";
         !test::
          "no test class set";
      }
      

      Expected Output:

      Warning: `my_promise` tried to define class `test` which matches class_block_reg_list class_block_reg_list ["^BusinessUnit.*", "test" ]. Class definition suppressed.
      R: no test class set
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              a10042 Nick Anderson
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated: