Secure_cp with regex

[thierry thunot]

I am looking for a solution to copy a file in secure_cp, by selecting files on the cfengine server with a regex....

For example:

on cfengine sever i have files

client_1_md5_5454eez4r6e4rez46r4ez6.txt

client_2_md5_0316046ezaea4654re654.txt

client_3_md5_5454eez4r6e4rez46r4ez6.txt

...

I want to copy on my client all files corresponding to this regex :

client_(.*)_md5_5454eez4r6e4rez46r4ez6.txt

I tried multiple solutions without success... :(

Is there any solution to do this rules?

Thanks for your help

[craig.c...@northern.tech]

Can you reply with at least one example?

I would expect you have something like a files promise with a copy_from body

https://docs.cfengine.com/docs/3.15/reference-promise-types-files.html#copy_from

paired with a file_select body to choose your files

https://docs.cfengine.com/docs/3.15/reference-promise-types-files.html#file_select

And we have a by_name body in masterfiles in lib/packages.cf

Setting up I do this:

```

# touch /var/cfengine/data/client_1_md5_5454eez4r6e4rez46r4ez6.txt

# touch /var/cfengine/data/client_2_md5_0316046ezaea4654re654.txt

# touch /var/cfengine/data/client_3_md5_5454eez4r6e4rez46r4ez6.txt

```

So I would expect you might try policy like the following. I put it in my services/main.cf just to test.

```

bundle agent main

{

 files:

    "/tmp/client_stuff/."

      create => "true";

    "/tmp/client_stuff"

      copy_from => secure_cp("$(sys.workdir)/data", "$(sys.policy_hub)"),

      depth_search => recurse(inf),

      file_select => by_name("client_.*_md5_5454eez4r6e4rez46r4ez6.txt");

}

```

Maybe you don't want to serve the files from $(sys.workdir)/data? That is accessible by default in controls/cf_serverd.cf.

```

           "$(def.dir_data)/"

           handle => "server_access_grant_access_data",

           shortcut => "data",

           comment => "Grant access to data directory",

           if => isdir( "$(def.dir_data)/" ),

           admit => { @(def.acl) };

```

So if you wanted to share /tmp/data you would have to add something like

```

"/tmp/data"

  if => isdir("/tmp/data/"),

  admit => { @(def.acl) };

```

Let us know if that helps and what other questions you have.

Cheers,

Craig Comstock

CFEngineer/Digger

[thierry thunot]

Hello, Thanks for this solution, I was just missing the file_select .... sorry for the trivial question ...

on the other hand, is it possible to copy binary or zip files via native cfengine commands on an artifactory. Let me explain we have an artifactory which provides binaries. I want my cf-agent cfengine to be able to download a binary as soon as it is modified on the artifactory and check its consistency and integrity.

thanks again for your help

[craig.c...@northern.tech]

Thanks for the questions! No such thing as a trivial question in my mind really, all just things to figure out. :)

I am somewhat familiar with the concept of an artifactory. I wasn't sure if you were referring to the generic idea or the specific software/server.

If the artifactory can run cfengine and the binaries can be placed in a filesystem directory you could certainly write access rules on the artifactory and policy to pull from those directories and cfengine would be able to compare the files in a few different ways detailed in the compare attribute of a copy_from body

https://docs.cfengine.com/docs/3.18/reference-promise-types-files.html#compare

So that would handle your "as soon as it is modified" requirement.

As for checking consistency and integrity you could certainly pull down checksums and run commands via policy to ensure that part of your process.

-Craig