Skip to content

CFE-4529: Added policy function getacls()#5832

Merged
larsewi merged 2 commits into
cfengine:masterfrom
larsewi:getacls
Jul 1, 2025
Merged

CFE-4529: Added policy function getacls()#5832
larsewi merged 2 commits into
cfengine:masterfrom
larsewi:getacls

Conversation

@larsewi

@larsewi larsewi commented Jun 30, 2025

Copy link
Copy Markdown
Contributor
  • Added policy function to get ACLs
  • Added acceptance test for getacls()

Ticket: CFE-4529
Changelog: Title
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi

larsewi commented Jun 30, 2025

Copy link
Copy Markdown
Contributor Author

@cf-bottom Jenkins please :)

@larsewi larsewi requested a review from olehermanse June 30, 2025 12:43
@cf-bottom

Copy link
Copy Markdown

Comment thread libpromises/evalfunction.c Outdated
olehermanse
olehermanse previously approved these changes Jun 30, 2025
Ticket: CFE-4529
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
Co-authored-by: Ole Herman Schumacher Elgesem <4048546+olehermanse@users.noreply.github.com>
@larsewi larsewi merged commit b8e4c70 into cfengine:master Jul 1, 2025
12 checks passed
@larsewi larsewi deleted the getacls branch July 3, 2025 09:20
#endif /* _WIN32 */
if (acls == NULL)
{
Log((errno != ENOTSUP) ? LOG_LEVEL_ERR : LOG_LEVEL_VERBOSE,

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@larsewi I am a bit unsure about this error. Directories might not have acls on them, and rather than error, it sort of feels more correct to simply return an empty list. I want to say that getindcies and some other functions behave similarly to that.

This came up after the workshop when i was following up on a note to add example output to the documentation example.

root@hub:~# cf-agent -Kf ./t.cf 
   error: Function getacls failed to get ACLs for '/etc': No data available
   error: Function getacls failed to get ACLs for '/etc': No data available
   error: Function getacls failed to get ACLs for '/etc': No data available
   error: Function getacls failed to get ACLs for '/etc': No data available
   error: Function getacls failed to get ACLs for '/etc': No data available
   error: Function getacls failed to get ACLs for '/etc': No data available
   error: Function getacls failed to get ACLs for '/etc': No data available
   error: Function getacls failed to get ACLs for '/etc': No data available
   error: Function getacls failed to get ACLs for '/etc': No data available
   error: Function getacls failed to get ACLs for '/etc': No data available
   error: Function getacls failed to get ACLs for '/etc': No data available
   error: Function getacls failed to get ACLs for '/etc': No data available
   error: Function getacls failed to get ACLs for '/etc': No data available
R: Access acl: user::rw-
R: Access acl: group::r--
R: Access acl: other::r--
   error: Function getacls failed to get ACLs for '/etc': No data available
   error: Function getacls failed to get ACLs for '/etc': No data available
   error: Function getacls failed to get ACLs for '/etc': No data available
   error: Function getacls failed to get ACLs for '/etc': No data available
   error: Function getacls failed to get ACLs for '/etc': No data available
   error: Function getacls failed to get ACLs for '/etc': No data available
R: Default acl: $(default_acls)
root@hub:~# cat t.cf 
bundle agent __main__
{

  vars:

    "default_acls"
      slist => getacls("/etc", "default");

    "access_acls"
      slist => getacls("/tmp/bar", "access");

  reports:
    "Default acl: $(default_acls)";
    "Access acl: $(access_acls)";
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was triggered by this update from @nickanderson and error is definitely not okl I assume we want the same as the getfacl command:

11:25 install3:~ $ getfacl /etc
getfacl: Removing leading '/' from absolute path names
# file: etc
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch 🚀 Fix here #5902

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

5 participants