1#+begin_src prep 2#@ ``` 3#@ rm -rf /tmp/CFE-3217 4#@ mkdir -p /tmp/CFE-3217/test-delete-nobasedir/one/two/three 5#@ mkdir -p /tmp/CFE-3217/test-delete/one/two/three 6#@ mkdir -p /tmp/CFE-3217/test-perms/one/two/three 7#@ mkdir -p /tmp/CFE-3217/test-perms-nobasedir/one/two/three 8#@ touch /tmp/CFE-3217/test-delete-nobasedir/one/two/three/file 9#@ touch /tmp/CFE-3217/test-delete/one/two/three/file 10#@ touch /tmp/CFE-3217/test-perms/one/two/three/file 11#@ touch /tmp/CFE-3217/test-perms-nobasedir/one/two/three/file 12#@ touch /tmp/CFE-3217/test-delete-nobasedir/file 13#@ touch /tmp/CFE-3217/test-delete/file 14#@ touch /tmp/CFE-3217/test-perms/file 15#@ touch /tmp/CFE-3217/test-perms-nobasedir/file 16#@ ``` 17#+end_src 18############################################################################### 19#+begin_src cfengine3 20bundle agent main 21# @brief Example showing how to promise permissions recursively and promise a directory tree is empty. It illustrates the behavior of `include_basedir` in `depth_search` bodies and that the delete ignores `include_basedir`. 22{ 23 files: 24 "/tmp/CFE-3217/test-delete/." -> { "CFE-3217", "CFE-3218" } 25 depth_search => aggressive("true"), 26 file_select => all, 27 delete => tidy, 28 comment => "include_basedir => 'true' will not result in thd promised directory being removed."; 29 30 "/tmp/CFE-3217/test-delete-nobasedir/." 31 depth_search => aggressive("false"), 32 file_select => all, 33 delete => tidy, 34 comment => "include_basedir => 'false' will not result in thd promised directory being removed."; 35 36 "/tmp/CFE-3217/test-perms/." 37 perms => m(555), 38 depth_search => aggressive("true"), 39 file_select => all, 40 comment => "include_basedir => 'true' results in thd promised directory having permissions managed as well."; 41 42 "/tmp/CFE-3217/test-perms-nobasedir/." -> { "CFE-3217" } 43 perms => m(555), 44 depth_search => aggressive("false"), 45 file_select => all, 46 comment => "include_basedir => 'false' results in thd promised directory not having permissions managed."; 47 48 reports: 49 50 "delete => tidy"; 51 "/tmp/CFE-3217/test-delete present despite include_basedir => 'true'" 52 if => isdir("/tmp/CFE-3217/test-delete"); 53 "/tmp/CFE-3217/test-delete-nobasedir present as expected with include_basedir => 'false'" 54 if => isdir("/tmp/CFE-3217/test-delete-nobasedir"); 55 "/tmp/CFE-3217/test-delete absent, unexpectedly" 56 unless => isdir("/tmp/CFE-3217/test-delete"); 57 "/tmp/CFE-3217/test-delete-nobasedir absent, unexpectedly" 58 unless => isdir("/tmp/CFE-3217/test-delete-nobasedir"); 59 60 61 "perms => m(555)"; 62 "/tmp/CFE-3217/test-perms $(with), as expected with include_basedir => 'true'" 63 with => filestat( "/tmp/CFE-3217/test-perms", modeoct ), 64 if => strcmp( filestat( "/tmp/CFE-3217/test-perms", modeoct ), "40555" ); 65 66 "/tmp/CFE-3217/test-perms-nobasedir $(with), not 555, as expected with include_basedir => 'false'" 67 with => filestat( "/tmp/CFE-3217/test-perms-nobasedir", modeoct ), 68 unless => strcmp( filestat( "/tmp/CFE-3217/test-perms-nobasedir", modeoct ), "40555" ); 69} 70 71body depth_search aggressive(include_basedir) 72# @brief Search for files recursively from promiser traversing synmlinks and filesystem boundaries. 73{ 74 depth => "inf"; 75 # exclude_dirs => { @(exclude_dirs) }; 76 include_basedir => "$(include_basedir)"; 77 # include_dirs => { @(include_dirs) }; 78 # inherit_from => "$(inherit_from)"; 79 # meta => "$(meta)"; meta attribute inside the depth_search body? It's not documented. TODO!? 80 rmdeadlinks => "false"; # Depth search removes dead links, this seems like something that should be in delete body. TODO!? 81 traverse_links => "true"; 82 xdev => "true"; 83 84} 85 86#@ Inlined bodies from the stdlib in the Masterfiles Policy Framework 87 88body file_select all 89# @brief Select all file system entries 90{ 91 leaf_name => { ".*" }; 92 file_result => "leaf_name"; 93} 94 95body delete tidy 96# @brief Delete the file and remove empty directories 97# and links to directories 98{ 99 dirlinks => "delete"; 100 rmdirs => "true"; 101} 102 103body perms m(mode) 104# @brief Set the file mode 105# @param mode The new mode 106{ 107 mode => "$(mode)"; 108} 109#+end_src 110############################################################################### 111#+begin_src example_output 112#@ ``` 113#@ info: Deleted file '/tmp/CFE-3217/test-delete/./one/two/three/file' 114#@ info: Deleted directory '/tmp/CFE-3217/test-delete/./one/two/three' 115#@ info: Deleted directory '/tmp/CFE-3217/test-delete/./one/two' 116#@ info: Deleted directory '/tmp/CFE-3217/test-delete/./one' 117#@ info: Deleted file '/tmp/CFE-3217/test-delete/./file' 118#@ info: Deleted file '/tmp/CFE-3217/test-delete-nobasedir/./one/two/three/file' 119#@ info: Deleted directory '/tmp/CFE-3217/test-delete-nobasedir/./one/two/three' 120#@ info: Deleted directory '/tmp/CFE-3217/test-delete-nobasedir/./one/two' 121#@ info: Deleted directory '/tmp/CFE-3217/test-delete-nobasedir/./one' 122#@ info: Deleted file '/tmp/CFE-3217/test-delete-nobasedir/./file' 123#@ info: Object '/tmp/CFE-3217/test-perms-nobasedir/./file' had permission 0664, changed it to 0555 124#@ R: delete => tidy 125#@ R: /tmp/CFE-3217/test-delete present despite include_basedir => 'true' 126#@ R: /tmp/CFE-3217/test-delete-nobasedir present as expected with include_basedir => 'false' 127#@ R: perms => m(555) 128#@ R: /tmp/CFE-3217/test-perms 40555, as expected with include_basedir => 'true' 129#@ R: /tmp/CFE-3217/test-perms-nobasedir 40775, not 555, as expected with include_basedir => 'false' 130#@ ``` 131#+end_example 132