Hi Martin,
Can you be a bit more specific about the issue? What output do you get, what do you expect? What do you mean it stops when it encounters the first error but lets the empty variable pass
This is the output that I get when I run the policy.
R: check_ip: match_10.68.71.5* R: check_ip: match_10.68.171.5* R: check_ip: match_192.168.123.123* R: ip_list ip's: *10.68.71.5* R: ip_list ip's: *10.68.171.5* R: ip_list ip's: *192.168.123.123* R: check_ip: match_$(nic.nic_admin)* R: empty_var ip's: *10.68.71.5* R: empty_var ip's: *10.68.171.5* R: empty_var ip's: *$(nic.nic_admin)* R: stop_the_show: We stop the show! R: bell: Yell Bell! bogus R: bell: bad_ip R: check_ip: match_bogus* R: check_ip iprange: bogus* R: bogus ip's: *10.68.71.5* R: bogus ip's: *10.68.171.5* R: bogus ip's: *bogus* R: bell: Yell Bell! R: check_ip: match_* R: check_ip iprange: * R: empty_string ip's: *10.68.71.5* R: empty_string ip's: *10.68.171.5* R: empty_string ip's: **
One thing that does jump out at me is this glass guard you are trying to use inside bundle agent check_ip().
"!match_$(ips)"::
$(ips)
does not expand to a valid class string. That is going to expand to
something like !match_10.68.71.5::
which is probably not what you are actually
trying to test.
You can either canonify $(ips) and use that, or you can move your condition to the promise itself and canonify on the fly.
Perhaps something like this:
"Bell!!" usebundle => bell( $(ips) ), if => not( canonify( "match_$(ips)" ) );
– Nick Anderson| Doer of Things | (+1) 785-550-1767 | https://northern.tech
One thing that does jump out at me is this glass guard you are trying to use inside bundle agent check_ip().
"!match_$(ips)"::
$(ips)
does not expand to a valid class string. That is going to expand to something like!match_10.68.71.5::
which is probably not what you are actually trying to test.You can either canonify $(ips) and use that, or you can move your condition to the promise itself and canonify on the fly.
Perhaps something like this:
"Bell!!" usebundle => bell( $(ips) ), if => not( canonify( "match_$(ips)" ) );
Martin Simons writes:
It does not catch an empty variable, but it catches bogus content.
OK, so you have a list of things that should be IPv4 addresses and you want to iterate over them if they are actually ipv4 addresses.
The regular expression from your example seems to be effective distilled down to a more simple example.
bundle agent example_filter_ipv4 { vars: "variable_value_from_varible" string => "$(nosuch.variable)"; "candidates" slist => { "10.68.71.5", "10.168.171.5", "not-an-ip-address", "", "$(missing.variable)", $(another_missing.variable), "$(variable_value_from_varible)" }; reports: "'$(candidates)' is a valid IPv4 address" if => regcmp( #"^(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})", "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$", $(candidates) ); "'$(candidates)' is *NOT* a valid IPv4 address" if => not( regcmp( #"^(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})", "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$", $(candidates) )); } bundle agent __main__ { methods: "example_filter_ipv4"; reports: "CFEngine: $(sys.cf_version)"; }
R: '10.68.71.5' is a valid IPv4 address R: '10.168.171.5' is a valid IPv4 address R: 'not-an-ip-address' is *NOT* a valid IPv4 address R: '' is *NOT* a valid IPv4 address R: CFEngine: 3.14.0a.4e12fcf75
What is the specific output that you expected to see from the policy?
To unsubscribe from this group and stop receiving emails from it, send an email to help-c...@googlegroups.com.
Hi Martin,
Can you be a bit more specific about the issue? What output do you get, what do you expect? What do you mean it stops when it encounters the first error but lets the empty variable pass