ENT-10961, CFE-1840: Files promise can now modify immutable bit in file system attributes

[larsewi]

TODO:

• handle content attribute
• handle copy_from attribute
• handle delete attribute
• handle edit_line attribute
• handle edit_xml attribute
• handle perms attribute
• handle touch attribute
• handle edit_template attribute
• handle acl attribute
• handle transformer attribute
• handle rename attribute

Is there any other ones that I've missed?

[cf-bottom]

Thank you for submitting a PR! Maybe @craigcomstock can review this?

[nickanderson]

MMM, the transformer attribute comes to mind.

  bundle agent __main__
  {
    files:
        "/tmp/example.txt"
          content => "Hello World";
  
        "/tmp/example.txt"
          transformer => "/usr/bin/gzip $(this.promiser)";
  
    reports:
        "$(with)" with => join( ",", lsdir( "/tmp", "example.*", "true" ));
  }

Looking at the files promise docs I imagine that create would also be affected:

bundle agent __main__
{
  vars:
      "check_file" string => "/tmp/check-file.txt";

  files:
      "$(check_file)"
        handle => "create_file",
        create => "true",
        if => "file_absent_report_kept";

   reports:
      "$(check_file) does not exist"
        classes => results( "namespace", "file_absent_report" );

      "$(check_file) was repaired"
        depends_on => { "create_file" };

      "$(check_file) exists"
        if => fileexists( "/tmp/check-file.txt" );
}

R: /tmp/check-file.txt does not exist
R: /tmp/check-file.txt was repaired
R: /tmp/check-file.txt exists

And the delete attribute would seem to be affected as well.

And rename too

bundle agent __main__
{
  files:
    "/tmp/example.txt"
      content => "Disable me!";

    "/tmp/example.txt"
      rename => default:disable;
}
# For reference:
# body rename disable
# # @brief Disable the file
# {
#         disable => "true";
# }

   info: Created file '/tmp/example.txt', mode 0600
   info: Updated file '/tmp/example.txt' with content 'Disable me!'
warning: File object '/tmp/example.txt' exists, contrary to promise
   info: Changed permissions of '/tmp/example.txt' to 'mode 0600'
   info: Disabled file '/tmp/example.txt' by renaming to '/tmp/example.txt.cfdisabled' with mode 0600

I added them to the description.

[larsewi]

@cf-bottom Jenkins with exotics please :)

[cf-bottom]

Alright, I triggered a build:

(with exotics)

Jenkins: https://ci.cfengine.com/job/pr-pipeline/12188/

Packages: http://buildcache.cfengine.com/packages/testing-pr/jenkins-pr-pipeline-12188/

[cf-bottom]

Sure, I triggered a build:

(with exotics)

Jenkins: https://ci.cfengine.com/job/pr-pipeline/12284/

Packages: http://buildcache.cfengine.com/packages/testing-pr/jenkins-pr-pipeline-12284/

[craigcomstock]

Looks good! A high-level question about atomicity and maybe one typo. :)

[craigcomstock]

I think you should change the orig file to immutable just before this copy. Not 100% atomic but pretty close so that between this Begin() and the Commit() no one else can "easily" modify the file without also modifying the immutable bit of course.

[larsewi]

Not sure if this is a good idea. Let's discuss in digital F2F format :)

[craigcomstock]

Here it seems that we should have something like:

OverrideImmutableBegin(struct utimbuf *times) to capture the modified/access times when we begin the "transaction"

Also, during this Begin() we should make the file immutable to attempt to restrict access as much as possible while we do "work" and before we call Commit().

And then OverrideImmutableCommit() takes that as a parameter and if the original file has changed mod/access since Begin() we should fail to commit saying that the file changed inside of the window of time of the transaction to modify the immutable file.

[larsewi]

Also, during this Begin() we should make the file immutable to attempt to restrict access as much as possible while we do "work" and before we call Commit().

If we make the file immutable while another process is writing it, we can maybe cause it to be left in an inconsistent state?

[larsewi]

I think this very quickly is becoming like the yak shaving. The task is to implement immutable bit support. Not to make CFEngine file operations atomic (they never have been). I created a value-add project CFE-4551 to try to achieve this.

[nickanderson]

All CFEngine file operations are supposed to be atomic.

[larsewi]

All CFEngine file operations are supposed to be atomic.

They unfortunately are not. However, this code uses the same attempt to achieve "atomic" file operations as before. I.e., write changes to a temporary file and swap it with the original.

[craigcomstock]

Suggested change

	/* Here we only handle the clearing of the immutable the immutable
	/* Here we only handle the clearing of the immutable

[craigcomstock]

Suggested change

	* by temporarily clearing it when ever needed. */
	* by temporarily clearing it whenever needed. */

[craigcomstock]

So this is our "menu" item list for an attribute right? Is this required and if not, defaulted to "default"? I will probably find out later in the review. :)

[larsewi]

If me make it optional and default to one of them, then we cannot add any more arguments in the future. Maybe this is OK?

Also it does not make sense to default to "default", since "default" only works on directories. "default" is like a template ACL that is inherited by all child objects.

[vpodzime]

olehermanse requested your review on this pull request.

😮‍💨 😅

[olehermanse]

😮‍💨 😅

@vpodzime I heard you like file systems and C code :)

[vpodzime]

Looks good to me in general. Three things that I'd change:

• split the GetACL() stuff into a separate PR
• do not add anything to EvalContext it's already in the attributes, a macro/inline function to get the boolean should do
• git reset BEFORE_ALL_THESE_CHANGES and then add the final version of the utility functions as one commit and then one or multiple commits for supporting the set_immutable in all the attributes

[vpodzime]

It's already in the attributes and we do pass those into gazillions functions already, right?

[larsewi]

It's not passed everywhere. We also would need to pass the is_immutable variable each function.

[vpodzime]

Why this change?

[larsewi]

Yup, I don't know how that happened. Maybe some typos in normal mode 😆

[larsewi]

Superseded by #5833