Added symlinks promise type

victormlg · victormlg · commit 43caf20f0724 · 2025-06-23T15:24:00.000+02:00
Ticket: CFE-4541 Signed-off-by: Victor Moene <victor.moene@northern.tech>
diff --git a/promise-types/symlinks/README.md b/promise-types/symlinks/README.md
@@ -0,0 +1,53 @@
+The `symlink` promise type enables concise policy for symbolic links
+
+## Attributes
+
+| Name          | Type          | Description                                               | Default       |
+|---------------|---------------|-----------------------------------------------------------|---------------|
+| `file`        | `string`      | Path to file. Cannot be used together with `directory`.   | -             |
+| `directory`   | `string`      | Path to directory. Cannot be used together with `file`.   | -             |
+
+## Examples
+
+To create a symlink to the directory `/tmp/my-dir` with the name `/tmp/my-link`, we can do:
+
+```cfengine3
+bundle agent main
+{
+  symlinks:
+    "/tmp/my-link"
+      directory => "/tmp/my-dir";
+}
+```
+
+In similar fashion, to create a symlink to the file `/tmp/my-dir` with the name `/tmp/my-link`, we can do:
+
+```cfengine3
+bundle agent main
+{
+  symlinks:
+    "/tmp/my-link"
+      file => "/tmp/my-file";
+}
+```
+
+If the path to the file/directory given in the promise is not an absolute, doesn't exist or its type doesn't correspond with the promise's attribute ("file" or "directory"), then the promise will fail.
+
+Trying to symlink to a file/directory where the link name is the same as an existing file/directory will also make the promise fail.
+
+Already exisiting symlinks with incorrect target will be corrected according to the policy.
+
+
+## Authors
+
+This software was created by the team at [Northern.tech](https://northern.tech), with many contributions from the community.
+Thanks everyone!
+
+## Contribute
+
+Feel free to open pull requests to expand this documentation, add features, or fix problems.
+You can also pick up an existing task or file an issue in [our bug tracker](https://northerntech.atlassian.net/).
+
+## License
+
+This software is licensed under the MIT License. See LICENSE in the root of the repository for the full license text.
diff --git a/promise-types/symlinks/example.cf b/promise-types/symlinks/example.cf
@@ -0,0 +1,15 @@
+promise agent symlinks
+# @brief Define symlinks promise type
+{
+  path => "$(sys.workdir)/modules/promises/symlinks.py";
+  interpreter => "/usr/bin/python3";
+}
+
+bundle agent main
+{
+  symlinks:
+    "/tmp/myfilelink" 
+      file => "tmp/myfile";
+    "/tmp/mydirlink" 
+      directory => "tmp/mydirectory";
+}
diff --git a/promise-types/symlinks/symlinks.py b/promise-types/symlinks/symlinks.py
@@ -0,0 +1,98 @@
+import os
+from cfengine import PromiseModule, ValidationError, Result
+
+
+class SymlinksPromiseTypeModule(PromiseModule):
+
+    def __init__(self, **kwargs):
+        super(SymlinksPromiseTypeModule, self).__init__(
+            name="symlinks_promise_module",
+            version="0.0.1",
+            **kwargs,
+        )
+
+        def is_absolute_dir(v):
+            if not os.path.isabs(v):
+                raise ValidationError("must be an absolute path, not '{v}'".format(v=v))
+            if not os.path.exists(v):
+                raise ValidationError("dir must exists")
+            if not os.path.isdir(v):
+                raise ValidationError("must be a dir")
+
+        def is_absolute_file(v):
+            if not os.path.isabs(v):
+                raise ValidationError("must be an absolute path, not '{v}'".format(v=v))
+            if not os.path.exists(v):
+                raise ValidationError("file must exists")
+            if not os.path.isfile(v):
+                raise ValidationError("must be a file")
+
+        self.add_attribute("directory", str, validator=is_absolute_dir)
+        self.add_attribute("file", str, validator=is_absolute_file)
+
+    def validate_promise(self, promiser, attributes, metadata):
+        model = self.create_attribute_object(promiser, attributes)
+
+        if not model.file and not model.directory:
+            raise ValidationError("missing 'file' or 'directory' attribute")
+
+        if model.file and model.directory:
+            raise ValidationError("must specify either 'file' or 'directory', not both")
+
+    def evaluate_promise(self, promiser, attributes, metadata):
+        model = self.create_attribute_object(promiser, attributes)
+        link_target = model.file if model.file else model.directory
+
+        if not os.path.exists(promiser):
+            try:
+                os.symlink(
+                    link_target, promiser, target_is_directory=bool(model.directory)
+                )
+            except FileExistsError:
+                self.log_error(
+                    "Couldn't symlink '{}' to '{}'. A link already exists".format(
+                        link_target, promiser
+                    )
+                )
+                return (Result.NOT_KEPT, ["old_link"])
+            except:
+                self.log_error(
+                    "Couldn't symlink '{}' to '{}'".format(link_target, promiser)
+                )
+                return (Result.NOT_KEPT, ["unknown"])
+            return (Result.KEPT, ["link_created"])
+
+        if not os.path.islink(promiser):
+            self.log_warning("Symlink '{}' is already a path".format(promiser))
+            return (Result.NOT_KEPT, ["link_is_path"])
+
+        if os.path.realpath(promiser) != link_target:
+            self.log_info(
+                "Symlink '{}' had wrong target. Updated from '{}' to '{}'".format(
+                    promiser, os.path.realpath(promiser), link_target
+                )
+            )
+            try:
+                os.unlink(promiser)
+                os.symlink(
+                    link_target, promiser, target_is_directory=bool(model.directory)
+                )
+            except FileExistsError:
+                self.log_error(
+                    "Couldn't symlink '{}' to '{}'. A link already exists".format(
+                        link_target, promiser
+                    )
+                )
+                return (Result.NOT_KEPT, ["old_link"])
+            except:
+                self.log_error(
+                    "Couldn't symlink '{}' to '{}'".format(link_target, promiser)
+                )
+                return (Result.NOT_KEPT, ["unknown"])
+            return (Result.KEPT, ["changed_target"])
+
+        return (Result.KEPT, ["already_existing_link"])
+
+
+if __name__ == "__main__":
+    SymlinksPromiseTypeModule().start()
diff --git a/promise-types/symlinks/test.cf b/promise-types/symlinks/test.cf
@@ -0,0 +1,100 @@
+body common control
+{
+  inputs => { "$(sys.libdir)/stdlib.cf" };
+  version => "1.0";
+  bundlesequence => { "init", "test", "check", "cleanup"};
+}
+
+#######################################################
+
+bundle agent init
+{
+  files:
+    "/tmp/my-file"
+      create => "true";
+    "/tmp/my-dir/."
+      create => "true";
+    "/tmp/other-dir/."
+      create => "true";
+    "/tmp/replaced-link"
+      link_from => ln_s("/tmp/other-dir");
+    "/tmp/already-existing-link"
+      link_from => ln_s("/tmp/other-dir");
+}
+
+#######################################################
+
+promise agent symlinks
+{
+  path => "$(this.promise_dirname)/symlinks.py";
+  interpreter => "/usr/bin/python3";
+}
+
+bundle agent test
+{
+  meta:
+    "description" -> { "CFE-4541" }
+      string => "Test the symlinks promise module";
+
+  symlinks:
+    "/tmp/file-link"
+      file => "/tmp/my-file";
+    "/tmp/dir-link"
+      directory => "/tmp/my-dir";
+    "/tmp/replaced-link"
+      directory => "/tmp/my-dir";
+    "/tmp/already-existing-link"
+      directory => "/tmp/other-dir";
+}
+
+#######################################################
+
+bundle agent check
+{
+
+  vars:
+    "my_file_stat"
+      string => filestat("/tmp/file-link", "linktarget");
+    "my_dir_stat"
+      string => filestat("/tmp/dir-link", "linktarget");
+    "replaced_link_stat"
+      string => filestat("/tmp/replaced-link", "linktarget");
+    "already_existing_link_stat"
+      string => filestat("/tmp/already-existing-link", "linktarget");
+
+  classes:
+    "ok"
+      expression => and (
+        strcmp("$(my_file_stat)", "/tmp/my-file"),
+        strcmp("$(my_dir_stat)", "/tmp/my-dir"),
+        strcmp("$(replaced_link_stat)", "/tmp/my-dir"),
+        strcmp("$(already_existing_link_stat)", "/tmp/other-dir")
+      );
+
+  reports:
+    ok::
+      "$(this.promise_filename) Pass";
+    !ok::
+      "$(this.promise_filename) FAIL";
+}
+
+# #######################################################
+
+bundle agent cleanup
+{
+  files:
+    "/tmp/file-link"
+      delete => tidy;
+    "/tmp/dir-link"
+      delete => tidy;
+    "/tmp/my-file"
+      delete => tidy;
+    "/tmp/my-dir/."
+      delete => tidy;
+    "/tmp/other-dir/."
+      delete => tidy;
+    "/tmp/replaced-link"
+      delete => tidy;
+    "/tmp/already-existing-link"
+      delete => tidy;
+}
