Details
-
Type:
Story
-
Status: Open
-
Priority:
Medium
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Evaluation
-
Labels:
Description
It would be useful for both testing (ci, testing policy edge cases that are unlikely to arise) and safety in production to have the ability to prevent some classes from being defined. The N/-negate options to cf-agent will undefine a class at the start of an agent run (this targets persistent classes that were defined from a previous agent run), but it does not prevent policy from defining that class as it's executing which is what this issue is about.
Small example:
body common control
{
bundlesequence => { "main" };
class_block_reg_list => { "^BusinessUnit.*", "test" }; # Prevent any classes starting with BusinessUnit and any class named test from being defined
}
bundle agent main
{
classes:
"test"
handle => "my_promise",
expression => "any"; # proiduce a Warning, tried to define class `test` matching class_block_reg_list ["^BusinessUnit.*", "test" ]
reports:
test::
"test class set";
!test::
"no test class set";
}
Expected Output:
Warning: `my_promise` tried to define class `test` which matches class_block_reg_list class_block_reg_list ["^BusinessUnit.*", "test" ]. Class definition suppressed. R: no test class set
Attachments
Release management
Issue Links
- clones
-
CFE-1589 cf-agent --negate not working
-
- Rejected
-
