Suppose you have an slist that contains a list the only netgroups you
want in /etc/passwd (ignore /etc/shadow for this example) on a given
system. It's easy to ensure they're all there, but how would you ensure
that no other netgroups are in the file? For example, given:
bundle agent test {
vars:
# will be something like { "is", "dba", "ps" }
"valid_netgroups" slist => execresults("/usr/local/bin/asset
data $(sys.uqhost) netgroups", "noshell");
files:
"/etc/passwd"
edit_line => insert_netgroups("$(valid_netgroups)");
}
bundle edit_line insert_netgroups(netgroup) {
insert_lines:
"+...@$(netgroup)::::::";
}
But how do I ensure that ONLY those netgroups are in the file and that
any others get deleted (due to access policy changes, improper manual
edits, etc.)? The following won't work due to the caveat that I want to
avoid unnecessary repairs to prevent messing up repair statistics:
bundle edit_line insert_netgroups(netgroup) {
delete_lines:
"+...@.*";
insert_lines:
"+...@$(netgroup)::::::";
}
I thought of trying something with delete_select, for example:
body delete_select delete_other_netgroups(netgroups) {
delete_if_not_startwith_from_list => { @netgroups };
}
but that doesn't work in this case because the matching lines I would
want to delete actually start with +@ before each netgroup name. So I
was trying to think of how to create a new slist from the existing one,
mapping each "$(netgroup)" value to "+...@$(netgroup)", but no success with
that yet. Other delete bodies seem to have a similar problem.
Am I making this too complicated? Is there a simpler way to accomplish
this in the docs that I'm just missing?
Thanks,
Justin
This electronic communication and any attachments may contain confidential and
proprietary
information of DigitalGlobe, Inc. If you are not the intended recipient, or an
agent or employee
responsible for delivering this communication to the intended recipient, or if
you have received
this communication in error, please do not print, copy, retransmit, disseminate
or
otherwise use the information. Please indicate to the sender that you have
received this
communication in error, and delete the copy you received. DigitalGlobe reserves
the
right to monitor any electronic communication sent or received by its
employees, agents
or representatives.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
