1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
body common control
{
inputs => { "../default.cf.sub" };
bundlesequence => { default("$(this.promise_filename)") };
}
bundle agent init
{
vars:
"usemodule_unsafe_module_path" string => "$(sys.workdir)$(const.dirsep)modules$(const.dirsep)usemodule_unsafe.sh";
"usemodule_safe_module_path" string => "$(sys.workdir)$(const.dirsep)modules$(const.dirsep)usemodule_safe.sh";
files:
"$(sys.statedir)/*safe"
delete => tidy;
"$(usemodule_unsafe_module_path)"
create => "true",
perms => m(700),
content => "#!/bin/bash
touch $(sys.statedir)/usemodule_unsafe
";
"$(usemodule_safe_module_path)"
create => "true",
perms => m(700),
content => "#!/bin/bash
touch $(sys.statedir)/usemodule_safe
";
}
bundle agent test
{
meta:
"description" -> { "ENT-5299" }
string => "Test that unsafe functions are only evaluated in --simulate mode when tagged as simulate_safe";
vars:
"cf_agent" string => ifelse(isvariable("sys.cf_agent"), "$(sys.cf_agent)", "/var/cfengine/bin/cf-agent");
commands:
"$(cf_agent) --timestamp --debug --simulate=manifest -Kf $(this.promise_filename).sub >$(sys.workdir)$(const.dirsep)state$(const.dirsep)agent.log"
contain => in_shell;
}
bundle agent check
{
vars:
"result" string => readfile("$(sys.workdir)$(const.dirsep)state$(const.dirsep)agent.log");
methods:
"Pass/FAIL" usebundle => dcs_check_strcmp( "$(result)", "FAIL", $(this.promise_filename), "yes");
}
|
