Added symlinks promise type

victormlg · victormlg · commit 077910a9b3c4 · 2025-06-23T11:18:20.000+02:00
Ticket: CFE-4541 Signed-off-by: Victor Moene <victor.moene@northern.tech>
diff --git a/promise-types/symlinks/README.md b/promise-types/symlinks/README.md
@@ -0,0 +1,49 @@
+The `symlink` promise type enables concise policy for symbolic links
+
+## Attributes
+
+| Name          | Type          | Description                                               | Default       |
+|---------------|---------------|-----------------------------------------------------------|---------------|
+| `file`        | `string`      | Path to file. Cannot be used together with `directory`    | -             |
+| `directory`   | `string`      | Path to directory. Cannot be used together with `file`    | -             |
+
+## Examples
+
+To create a symlink to the directory `/tmp/my-dir` with the name `/tmp/my-link`, we can do:
+
+```cfengine3
+bundle agent main
+{
+  symlinks:
+    "/tmp/my-link"
+      directory => "/tmp/my-dir";
+}
+```
+
+In similar fashion, to create a symlink to the file `/tmp/my-dir` with the name `/tmp/my-link`, we can do:
+
+```cfengine3
+bundle agent main
+{
+  symlinks:
+    "/tmp/my-link"
+      file => "/tmp/my-file";
+}
+```
+
+If the path to the file/directory given in the promise is not an absolute, doesn't exist or its type doesn't correspond with the promise's attribute ("file" or "directory"), then the promise will fail. Trying to symlink to a file/directory where the link name is the same as an existing file/directory will also make the promise fail. Already exisiting symlinks with incorrect target will be corrected according to the policy.
+
+
+## Authors
+
+This software was created by the team at [Northern.tech](https://northern.tech), with many contributions from the community.
+Thanks everyone!
+
+## Contribute
+
+Feel free to open pull requests to expand this documentation, add features or fix problems.
+You can also pick up an existing task or file an issue in [our bug tracker](https://northerntech.atlassian.net/).
+
+## License
+
+This software is licensed under the MIT License. See LICENSE in the root of the repository for the full license text.
diff --git a/promise-types/symlinks/example.cf b/promise-types/symlinks/example.cf
@@ -0,0 +1,15 @@
+promise agent symlinks
+# @brief Define symlinks promise type
+{
+  path => "$(sys.workdir)/modules/promises/symlinks.py";
+  interpreter => "/usr/bin/python3";
+}
+
+bundle agent main
+{
+  symlinks:
+    "/tmp/myfilelink" 
+      file => "tmp/myfile";
+    "/tmp/mydirlink" 
+      directory => "tmp/mydirectory";
+}
diff --git a/promise-types/symlinks/symlinks.py b/promise-types/symlinks/symlinks.py
@@ -0,0 +1,99 @@
+import os
+from cfengine import PromiseModule, ValidationError, Result
+
+
+class SymlinksPromiseTypeModule(PromiseModule):
+
+    def __init__(self):
+        super(SymlinksPromiseTypeModule, self).__init__(
+            name="symlinks_promise_module",
+            version="0.0.1",
+        )
+
+        def is_absolute_dir(v):
+            if not os.path.isabs(v):
+                raise ValidationError("must be an absolute path, not '{v}'".format(v=v))
+            if not os.path.exists(v):
+                raise ValidationError("dir must exists")
+            if not os.path.isdir(v):
+                raise ValidationError("must be a dir")
+
+        def is_absolute_file(v):
+            if not os.path.isabs(v):
+                raise ValidationError("must be an absolute path, not '{v}'".format(v=v))
+            if not os.path.exists(v):
+                raise ValidationError("file must exists")
+            if not os.path.isfile(v):
+                raise ValidationError("must be a file")
+
+        self.add_attribute("directory", str, validator=is_absolute_dir)
+        self.add_attribute("file", str, validator=is_absolute_file)
+
+    def validate_promise(self, promiser, attributes, metadata):
+        model = self.create_attribute_object(promiser, attributes)
+
+        if not model.file and not model.directory:
+            raise ValidationError("missing file or directory attribute")
+
+        if model.file and model.directory:
+            raise ValidationError(
+                "file and directory attributes are mutually exclusive"
+            )
+
+    def evaluate_promise(self, promiser, attributes, metadata):
+        model = self.create_attribute_object(promiser, attributes)
+        link_target = model.file if model.file else model.directory
+
+        if not os.path.exists(promiser):
+            try:
+                os.symlink(
+                    link_target, promiser, target_is_directory=bool(model.directory)
+                )
+            except FileExistsError:
+                self.log_error(
+                    "Couldn't symlink '{}' to '{}'. A link already exists".format(
+                        link_target, promiser
+                    )
+                )
+                return (Result.NOT_KEPT, ["old_link"])
+            except:
+                self.log_error(
+                    "Couldn't symlink '{}' to '{}'".format(link_target, promiser)
+                )
+                return (Result.NOT_KEPT, ["unknown"])
+            return (Result.KEPT, ["link_created"])
+
+        if not os.path.islink(promiser):
+            self.log_warning("Symlink '{}' is already a path".format(promiser))
+            return (Result.NOT_KEPT, ["link_is_path"])
+
+        if os.path.realpath(promiser) != link_target:
+            self.log_info(
+                "Symlink '{}' had wrong target. Updated from '{}' to '{}'".format(
+                    promiser, os.path.realpath(promiser), link_target
+                )
+            )
+            try:
+                os.unlink(promiser)
+                os.symlink(
+                    link_target, promiser, target_is_directory=bool(model.directory)
+                )
+            except FileExistsError:
+                self.log_error(
+                    "Couldn't symlink '{}' to '{}'. A link already exists".format(
+                        link_target, promiser
+                    )
+                )
+                return (Result.NOT_KEPT, ["old_link"])
+            except:
+                self.log_error(
+                    "Couldn't symlink '{}' to '{}'".format(link_target, promiser)
+                )
+                return (Result.NOT_KEPT, ["unknown"])
+            return (Result.KEPT, ["changed_target"])
+
+        return (Result.KEPT, ["already_existing_link"])
+
+
+if __name__ == "__main__":
+    SymlinksPromiseTypeModule().start()
diff --git a/promise-types/symlinks/test.cf b/promise-types/symlinks/test.cf
@@ -0,0 +1,100 @@
+body common control
+{
+  inputs => { "$(sys.libdir)/stdlib.cf" };
+  version => "1.0";
+  bundlesequence => { "init", "test", "check", "cleanup"};
+}
+
+#######################################################
+
+bundle agent init
+{
+  files:
+    "/tmp/my-file"
+      create => "true";
+    "/tmp/my-dir/."
+      create => "true";
+    "/tmp/other-dir/."
+      create => "true";
+    "/tmp/replaced-link"
+      link_from => ln_s("/tmp/other-dir");
+    "/tmp/already-existing-link"
+      link_from => ln_s("/tmp/other-dir");
+}
+
+#######################################################
+
+promise agent symlinks
+{
+  path => "$(this.promise_dirname)/symlinks.py";
+  interpreter => "/usr/bin/python3";
+}
+
+bundle agent test
+{
+  meta:
+    "description" -> { "CFE-4541" }
+      string => "Test the symlinks promise module";
+
+  symlinks:
+    "/tmp/file-link"
+      file => "/tmp/my-file";
+    "/tmp/dir-link"
+      directory => "/tmp/my-dir";
+    "/tmp/replaced-link"
+      directory => "/tmp/my-dir";
+    "/tmp/already-existing-link"
+      directory => "/tmp/other-dir";
+}
+
+#######################################################
+
+bundle agent check
+{
+
+  vars:
+    "my_file_stat"
+      string => filestat("/tmp/file-link", "linktarget");
+    "my_dir_stat"
+      string => filestat("/tmp/dir-link", "linktarget");
+    "replaced_link_stat"
+      string => filestat("/tmp/replaced-link", "linktarget");
+    "already_existing_link_stat"
+      string => filestat("/tmp/already-existing-link", "linktarget");
+
+  classes:
+    "ok"
+      expression => and (
+        strcmp("$(my_file_stat)", "/tmp/my-file"),
+        strcmp("$(my_dir_stat)", "/tmp/my-dir"),
+        strcmp("$(replaced_link_stat)", "/tmp/my-dir"),
+        strcmp("$(already_existing_link_stat)", "/tmp/other-dir")
+      );
+
+  reports:
+    ok::
+      "$(this.promise_filename) Pass";
+    !ok::
+      "$(this.promise_filename) FAIL";
+}
+
+# #######################################################
+
+bundle agent cleanup
+{
+  files:
+    "/tmp/file-link"
+      delete => tidy;
+    "/tmp/dir-link"
+      delete => tidy;
+    "/tmp/my-file"
+      delete => tidy;
+    "/tmp/my-dir/."
+      delete => tidy;
+    "/tmp/other-dir/."
+      delete => tidy;
+    "/tmp/replaced-link"
+      delete => tidy;
+    "/tmp/already-existing-link"
+      delete => tidy;
+}
