howt to access values in data container
23 views
Skip to first unread message
Xander Cage
Oct 11, 2021, 9:39:30 AM10/11/21
to help-cfengine
hi,
I tried various functions but its just frustrating...
users.csv
ClassExpression,uid,name,group,ssh_key
weirdos,mscott,Michael Scott,pathetic,ssh-someSupERsecretKey287483438dsdjhdsdsdjahhsgdsg
weirdos,jkras,John Krasinski,pathetic,ssh-someSupERsecretKey287483438dsdjhdsdsdjahhsgdsg
twats,tflen,Toby Flenderson,tedious,ssh-someSupERsecretKey287483438dsdjhdsdsdjahhsgdsg
zombie,fired,Get OUT!,buzzoff,ssh-someSupERsecretKey287483438dsdjhdsdsdjahhsgdsg
weirdos,mscott,Michael Scott,pathetic,ssh-someSupERsecretKey287483438dsdjhdsdsdjahhsgdsg
weirdos,jkras,John Krasinski,pathetic,ssh-someSupERsecretKey287483438dsdjhdsdsdjahhsgdsg
twats,tflen,Toby Flenderson,tedious,ssh-someSupERsecretKey287483438dsdjhdsdsdjahhsgdsg
zombie,fired,Get OUT!,buzzoff,ssh-someSupERsecretKey287483438dsdjhdsdsdjahhsgdsg
test promise:
bundle agent parent_bundle
{
classes:
"weirdos";
"twats";
"zombie";
vars:
"data_file" string => "users.csv";
"d" data => classfiltercsv($(data_file), "true", 0);
"parameter_name" slist => getindices("d");
"parameter_name_sorted" slist => sort(parameter_name, lex);
"cvalues" slist => getvalues("d");
"cvalues_sorted" slist => sort(cvalues, lex);
"raw" data => @(d);
methods:
"call_remove" usebundle => child_bundle("$(this.bundle).d"),
handle => "dba_user_guard",
classes => results("bundle", "itsv_DABA_USER_NOT_JUSTIFIED");
reports:
"All users in parent function: data: $(with)" with => string_mustache("{{%-top-}}", d);
"Bonkers index is number instead of key name: Key: $(parameter_name) -> Value: $(cvalues)";
"Totally useless for practical usage: $(d[0])";
}
bundle agent child_bundle (info) {
vars:
"user_crap1" slist => getindices("$(info)");
"bla" data => mergedata("info");
"user_crap2" slist => getindices("$(bla)");
"user_crap3" slist => getvalues("info[uid]");
"bla_$(user_crap1)" string => format("%S", "info[$(user_crap1)]");
reports:
"child function, only numbers instead if key names : data: $(with)" with => string_mustache("{{%-top-}}", user_crap1);
"child funtion, mergedate produces empty output: $(with)" with => string_mustache("{{%-top-}}", user_crap2);
"child function, getvalues also not working : data: $(with)" with => string_mustache("{{%-top-}}", user_crap3);
"Some mehtod from the docs, also nothing: $(user_crap1): $(bla_$(user_crap1))";
}
bundle agent __main__
{
methods:
"parent_bundle";
}
{
classes:
"weirdos";
"twats";
"zombie";
vars:
"data_file" string => "users.csv";
"d" data => classfiltercsv($(data_file), "true", 0);
"parameter_name" slist => getindices("d");
"parameter_name_sorted" slist => sort(parameter_name, lex);
"cvalues" slist => getvalues("d");
"cvalues_sorted" slist => sort(cvalues, lex);
"raw" data => @(d);
methods:
"call_remove" usebundle => child_bundle("$(this.bundle).d"),
handle => "dba_user_guard",
classes => results("bundle", "itsv_DABA_USER_NOT_JUSTIFIED");
reports:
"All users in parent function: data: $(with)" with => string_mustache("{{%-top-}}", d);
"Bonkers index is number instead of key name: Key: $(parameter_name) -> Value: $(cvalues)";
"Totally useless for practical usage: $(d[0])";
}
bundle agent child_bundle (info) {
vars:
"user_crap1" slist => getindices("$(info)");
"bla" data => mergedata("info");
"user_crap2" slist => getindices("$(bla)");
"user_crap3" slist => getvalues("info[uid]");
"bla_$(user_crap1)" string => format("%S", "info[$(user_crap1)]");
reports:
"child function, only numbers instead if key names : data: $(with)" with => string_mustache("{{%-top-}}", user_crap1);
"child funtion, mergedate produces empty output: $(with)" with => string_mustache("{{%-top-}}", user_crap2);
"child function, getvalues also not working : data: $(with)" with => string_mustache("{{%-top-}}", user_crap3);
"Some mehtod from the docs, also nothing: $(user_crap1): $(bla_$(user_crap1))";
}
bundle agent __main__
{
methods:
"parent_bundle";
}
data format:
{
"group": "pathetic",
"name": "Michael Scott",
"ssh_key": "ssh-someSupERsecretKey287483438dsdjhdsdsdjahhsgdsg",
"uid": "mscott"
},
{
"group": "pathetic",
"name": "John Krasinski",
"ssh_key": "ssh-someSupERsecretKey287483438dsdjhdsdsdjahhsgdsg",
"uid": "jkras"
},
{
"group": "tedious",
"name": "Toby Flenderson",
"ssh_key": "ssh-someSupERsecretKey287483438dsdjhdsdsdjahhsgdsg",
"uid": "tflen"
},
{
"group": "buzzoff",
"name": "Get OUT!",
"ssh_key": "ssh-someSupERsecretKey287483438dsdjhdsdsdjahhsgdsg",
"uid": "fired"
}
"group": "pathetic",
"name": "Michael Scott",
"ssh_key": "ssh-someSupERsecretKey287483438dsdjhdsdsdjahhsgdsg",
"uid": "mscott"
},
{
"group": "pathetic",
"name": "John Krasinski",
"ssh_key": "ssh-someSupERsecretKey287483438dsdjhdsdsdjahhsgdsg",
"uid": "jkras"
},
{
"group": "tedious",
"name": "Toby Flenderson",
"ssh_key": "ssh-someSupERsecretKey287483438dsdjhdsdsdjahhsgdsg",
"uid": "tflen"
},
{
"group": "buzzoff",
"name": "Get OUT!",
"ssh_key": "ssh-someSupERsecretKey287483438dsdjhdsdsdjahhsgdsg",
"uid": "fired"
}
how to i access uid, name,...from this structure?
Martin Simons
Oct 12, 2021, 9:03:04 AM10/12/21
to help-cfengine
Hi Xander,
You might consider to look at this policy:
It puts json into a container and then retrieves the data, bit by bit.
Regards,
Martin.
Op maandag 11 oktober 2021 om 15:39:30 UTC+2 schreef Xander Cage:
Xander Cage
Oct 12, 2021, 9:50:13 AM10/12/21
to help-cfengine
that was helpfull, thank you...fixed my policy
Martin Simons
Oct 12, 2021, 10:11:14 AM10/12/21
to help-cfengine
Hi Xander,
Just for the benefit of all, could you please post your fixed policy?
Best regards,
Martin.
Xander Cage
Oct 12, 2021, 10:39:01 AM10/12/21
to help-cfengine
here you go...
root@aixtest01: /root/cfe_testbed # cat data_container_test.cf
body file control
{
inputs => { "$(sys.libdir)/stdlib.cf",
"$(sys.inputdir)/ITSVlib/itsv_common_lib.cf",
"$(sys.inputdir)/ITSVlib/itsv_hostgroups.cf",
"$(sys.inputdir)/ITSVlib/itsv_stanza_lib.cf", };
body file control
{
inputs => { "$(sys.libdir)/stdlib.cf",
"$(sys.inputdir)/ITSVlib/itsv_common_lib.cf",
"$(sys.inputdir)/ITSVlib/itsv_hostgroups.cf",
"$(sys.inputdir)/ITSVlib/itsv_stanza_lib.cf", };
}
bundle agent parent_bundle
{
classes:
"weirdos";
"twats";
"zombie";
vars:
"data_file" string => "/root/cfe_testbed/users.csv";
"d" data => classfiltercsv($(data_file), "true", 0);
"keys_unsorted" slist => getindices("d");
"keys" slist => sort(keys_unsorted, "lex");
"users_$(keys)" data => mergedata("d[$(keys)]");
methods:
"call_child" usebundle => check_user(@(d), $(keys));
}
bundle agent check_user (info, idx) {
vars:
"user" string => "$(info[$(idx)][uid])";
classes:
"EXISTS_PASSWD"
comment => "check if user exists as local user (in /etc/passwd)",
expression => regline("^$(user):.*", "/etc/passwd");
"EXISTS_LDAP"
comment => "check if user has an entry in the /etc/security/user file",
expression => regline("^$(user):", "/etc/security/user");
"EXISTS_HOMEDIR"
comment => "user has a homedir..",
expression => fileexists("/home/$(user)/.");
methods:
"remove_by_aix" usebundle => remove_by_aix($(user)),
comment => "if its an OS-user let AIX do a rmuser",
ifvarclass => "EXISTS_PASSWD";
"remove_from_files" usebundle => remove_in_files($(user)),
comment => "remove in stanza-files and cronjob-dir";
"remove_home_dir" usebundle => remove_home_dir($(user)),
comment => "will assume /home/$USER is the homedir",
ifvarclass => "EXISTS_HOMEDIR";
reports:
"$(user)";
EXISTS_PASSWD.!EXISTS_LDAP::
"Time: $(sys.date) - Bundle: $(this.bundle) - Message: $(user) exists in /etc/passwd only (OS user).";
!EXISTS_PASSWD.EXISTS_LDAP::
"Time: $(sys.date) - Bundle: $(this.bundle) - Message: $(user) exists only in security-file (LDAP user).";
EXISTS_HOMEDIR.!EXISTS_LDAP.!EXISTS_PASSWD::
"Time: $(sys.date) - Bundle: $(this.bundle) - Message: $(user) leftover /home/dir.";
!EXISTS_HOMEDIR.!EXISTS_LDAP.!EXISTS_PASSWD::
"Time: $(sys.date) - Bundle: $(this.bundle) - Message: $(user) completely removed.";
}
bundle agent remove_by_aix(user) {
commands:
"/usr/sbin/rmuser -p "
args => "$(user)",
comment => "remove with OS means ..";
}
bundle agent remove_in_files(user) {
vars:
"stanza_files" slist => { "/etc/security/limits",
"/etc/security/user",
"/etc/security/lastlog",
"/etc/security/passwd",
"/etc/security/environ",
"/etc/security/user.roles",
};
files:
"/var/spool/cron/crontabs/$(user)"
comment => "delete leftover cronjob file",
delete => tidy;
methods:
"call_remove_stanza" usebundle => delete_stanza($(stanza_files), $(user)),
comment => "delete user in each file";
}
bundle agent remove_home_dir(user) {
methods:
"remove_home_dir" usebundle => rm_rf("/home/$(user)"),
comment => "delete leftover home-dir";
"keys" slist => sort(keys_unsorted, "lex");
"users_$(keys)" data => mergedata("d[$(keys)]");
methods:
"call_child" usebundle => check_user(@(d), $(keys));
}
bundle agent check_user (info, idx) {
vars:
"user" string => "$(info[$(idx)][uid])";
classes:
"EXISTS_PASSWD"
comment => "check if user exists as local user (in /etc/passwd)",
expression => regline("^$(user):.*", "/etc/passwd");
"EXISTS_LDAP"
comment => "check if user has an entry in the /etc/security/user file",
expression => regline("^$(user):", "/etc/security/user");
"EXISTS_HOMEDIR"
comment => "user has a homedir..",
expression => fileexists("/home/$(user)/.");
methods:
"remove_by_aix" usebundle => remove_by_aix($(user)),
comment => "if its an OS-user let AIX do a rmuser",
ifvarclass => "EXISTS_PASSWD";
"remove_from_files" usebundle => remove_in_files($(user)),
comment => "remove in stanza-files and cronjob-dir";
"remove_home_dir" usebundle => remove_home_dir($(user)),
comment => "will assume /home/$USER is the homedir",
ifvarclass => "EXISTS_HOMEDIR";
reports:
"$(user)";
EXISTS_PASSWD.!EXISTS_LDAP::
"Time: $(sys.date) - Bundle: $(this.bundle) - Message: $(user) exists in /etc/passwd only (OS user).";
!EXISTS_PASSWD.EXISTS_LDAP::
"Time: $(sys.date) - Bundle: $(this.bundle) - Message: $(user) exists only in security-file (LDAP user).";
EXISTS_HOMEDIR.!EXISTS_LDAP.!EXISTS_PASSWD::
"Time: $(sys.date) - Bundle: $(this.bundle) - Message: $(user) leftover /home/dir.";
!EXISTS_HOMEDIR.!EXISTS_LDAP.!EXISTS_PASSWD::
"Time: $(sys.date) - Bundle: $(this.bundle) - Message: $(user) completely removed.";
}
bundle agent remove_by_aix(user) {
commands:
"/usr/sbin/rmuser -p "
args => "$(user)",
comment => "remove with OS means ..";
}
bundle agent remove_in_files(user) {
vars:
"stanza_files" slist => { "/etc/security/limits",
"/etc/security/user",
"/etc/security/lastlog",
"/etc/security/passwd",
"/etc/security/environ",
"/etc/security/user.roles",
};
files:
"/var/spool/cron/crontabs/$(user)"
comment => "delete leftover cronjob file",
delete => tidy;
methods:
"call_remove_stanza" usebundle => delete_stanza($(stanza_files), $(user)),
comment => "delete user in each file";
}
bundle agent remove_home_dir(user) {
methods:
"remove_home_dir" usebundle => rm_rf("/home/$(user)"),
comment => "delete leftover home-dir";
}
bundle agent __main__
{
methods:
"parent_bundle";
}
Reply all
Reply to author
Forward
0 new messages