Table of Contents

Functions take zero or more values as arguments and return a value. Argument values need to be of the type and range as documented for each function. Some functions are documented with a ..., in which case they take an arbitrary amount of arguments.

They can return scalar (string|int|real|bool), list (slist, ilist, rlist) and data values:

printf "one\ntwo\nthree\n" > /tmp/list.txt
printf "1\n2\n3\n"        >> /tmp/list.txt
printf "1.0\n2.0\n3.0"    >> /tmp/list.txt
bundle agent example_function_return_types

      "this_file_exists" expression => fileexists( $(this.promise_filename) );

      "my_string" string => concat( "Promises you cannot keep",
                                    " are no better than lies");

        slist => readstringlist( "/tmp/list.txt", # File to read
                                 "",               # Don't ignore any lines
                                 "\n",             # Split on newlines
                                 inf,              # Extract as many entries as possible
                                 inf);             # Read in as much data as possible

        ilist => readintlist( "/tmp/list.txt",     # File to read
                              "^(\D+)|(\d+[^\n]+)", # Ignore any lines that are not integers
                              "\n",                 # Split on newlines
                              inf,                  # Maximum number of entries
                              inf);                 # Maximum number of bytes to read

        rlist => readreallist( "/tmp/list.txt", # File to read
                              "^(\D+)",          # Ignore any lines that are not digits
                              "\n",              # Split on newlines
                              inf,               # Maximum number of entries
                              inf);              # Maximum number of bytes to read

      "my_integer" int => string_length( $(my_string) );

      "my_real" real => sum( my_list_of_integers );

      "my_data" data => mergedata( '{ "Hello": "world!" }' );

      "my_string: '$(my_string)'";
      "my_list_of_strings includes '$(my_list_of_strings)'";
      "my_list_of_integers includes '$(my_list_of_integers)'";
      "my_list_of_reals includes '$(my_list_of_reals)'";
      "my_integer: '$(my_integer)'";
      "my_real: '$(my_real)'";
      "my_data: '$(with)'"
        with => string_mustache( "", my_data );

      "This file exists.";

bundle agent __main__
  methods: "example_function_return_types";
R: my_string: 'Promises you cannot keep are no better than lies'
R: my_list_of_strings includes 'one'
R: my_list_of_strings includes 'two'
R: my_list_of_strings includes 'three'
R: my_list_of_strings includes '1'
R: my_list_of_strings includes '2'
R: my_list_of_strings includes '3'
R: my_list_of_strings includes '1.0'
R: my_list_of_strings includes '2.0'
R: my_list_of_strings includes '3.0'
R: my_list_of_integers includes '1'
R: my_list_of_integers includes '2'
R: my_list_of_integers includes '3'
R: my_list_of_reals includes '1'
R: my_list_of_reals includes '2'
R: my_list_of_reals includes '3'
R: my_list_of_reals includes '1.0'
R: my_list_of_reals includes '2.0'
R: my_list_of_reals includes '3.0'
R: my_integer: '48'
R: my_real: '6.000000'
R: my_data: '{
  "Hello": "world!"
R: This file exists.

This policy can be found in /var/cfengine/share/doc/examples/ and downloaded directly from github.

In addition, functions with return type boolean evaluate to true or false. The class on the left-hand side is set if the function evaluates to true. If the function evaluates to false, then the class remains unchanged.

    bundle agent test
      "five" int => "5";
      "seven" int => "7";
      "ok" expression => islessthan("$(five)","$(seven)");


        "$(five) is smaller than $(seven)";

        "$(seven) is smaller than $(five)";


Underneath, CFEngine functions that return boolean will actually return a context expression like any or !any which will then be deemed true or false by the CFEngine evaluator. Note the truth of a context expression or the result of a function call may change during evaluation, but a class, once defined, will stay defined.

Functions that return a boolean can thus sometimes be used in places where a string is accepted as well, but this behavior is not clearly defined or supported. Use at your own discretion.

Function caching

During convergence, CFEngine's evaluation model will evaluate functions multiple times, which can be a performance concern.

Some system functions are particularly expensive:

When enabled cached functions are not executed on every pass of convergence. Instead, the function will only be executed once during the agent evaluation step and its result will be cached until the end of that agent execution.

Note: Cached functions are executed multiple times during policy validation and pre-evaluation. Function caching is per-process, so results will not be cached between separate components e.g. cf-agent, cf-serverd and cf-promises. Additionally functions are cached by hashing the function arguments. If you have the exact same function call in two different promises (it does not matter if they are in the same bundle or not) only the first executed function will be cached. That cached result will be re-used for other identical function occurrences.

Function caching can be disabled by setting cache_system_functions in body common control to false.

Function Skipping

If a variable passed to a function is unable to be resolved the function will be skipped. The function will be evaluated during a later pass when all variables passed as arguments are able to be resolved. The function will never be evaluated if any argument contains a variable that never resolves.

Collecting Functions

Some function arguments are marked as collecting which means they can "collect" an argument from various sources. The data is normalized into the JSON format internally, so all of the following data types have consistent behavior.

  • If a key inside a data container is specified (mycontainer[key]), the value under that key is collected. The key can be a string for JSON objects or a number for JSON arrays.

  • If a single data container, CFEngine array, or slist is specified (mycontainer or myarray or myslist), the contents of it are collected.

  • If a single data container, CFEngine array, or slist is specified with @() around it (@(mycontainer) or @(myarray) or @(myslist)), the contents of it are collected.

  • If a function call that returns a data container or slist is specified, that function call is evaluated and the results are inserted, so you can say for instance sort(data_expand(...), "lex") to expand a data container then sort it.

  • If a list (slist, ilist, or rlist) is named, its entries are collected.

  • If any CFEngine "classic" array (array[key]) is named, it's first converted to a JSON key-value map, then collected.

  • If a literal JSON string like [ 1,2,3 ] or { "x": 500 } is provided, it will be parsed and used.

  • If any of the above-mentioned ways to reference variables are used inside a literal JSON string they will be expanded (or the function call will fail). This is similar to the behavior of Javascript, for instance. For example, mergedata('[ thing, { "mykey": otherthing[123] } ]') will wrap the thing in a JSON array; then the contents of otherthing[123] will be wrapped in a JSON map which will also go in the array.

Delayed Evaluation Functions

Since CFEngine 3.10, some functions are marked as delayed evaluation which means they can evaluate a function call across every element of a collection. This makes intuitive sense for the collection traversing functions maparray(), maplist(), and mapdata().

The practical use is for instance maplist(format("%03d", $(this)), mylist) which will evaluate that format() call once for every element of mylist.

Before 3.10, the same call would have resulted in running the format() function before the list is traversed, which is almost never what the user wants.

List of all functions

There are a large number of functions built into CFEngine. The following tables might make it easier for you to find the function you need.

Functions by Category

communication data files internal io system utils
host2ip() accumulated() accessedbefore() callstack_callers() countlinesmatching() data_sysctlvalues() bundlestate()
hostrange() ago() changedbefore() callstack_promisers() data_readstringarray() findprocesses() classesmatching()
hostsseen() and() dirname() data_readstringarrayidx() getenv() classmatch()
hostswithclass() bundlesmatching() diskfree() parseintarray() getuid() countclassesmatching()
hubknowledge() canonify() file_hash() parsejson() getuserinfo() datastate()
ip2host() canonifyuniquely() fileexists() parserealarray() getusers() execresult()
iprange() classify() filesexist() parsestringarray() groupexists() getclassmetatags()
isipinsubnet() concat() filesize() parsestringarrayidx() hostinnetgroup() getvariablemetatags()
ldaparray() data_expand() filestat() parseyaml() now() isvariable()
ldaplist() data_regextract() findfiles() readcsv() packagesmatching() returnszero()
ldapvalue() difference() isdir() readdata() packageupdatesmatching() splayclass()
network_connections() escape() isexecutable() readenvfile() processexists() usemodule()
peerleader() eval() islink() readfile() registryvalue()
peerleaders() every() isnewerthan() readintarray() sysctlvalue()
peers() expandrange() isplain() readintlist() userexists()
readtcp() filter() laterthan() readjson()
regldap() format() lsdir() readrealarray()
remoteclassesmatching() getfields() translatepath() readreallist()
remotescalar() getgid() readstringarray()
selectservers() getindices() readstringarrayidx()
url_get() getvalues() readstringlist()
grep() readyaml()
hash() regline()

Functions by Return Type

(i,r)range (i,r,s)list class data int real string
irange() bundlesmatching() accessedbefore() bundlestate() accumulated() mean() and()
rrange() callstack_promisers() changedbefore() callstack_callers() ago() product() canonify()
classesmatching() classify() data_expand() countclassesmatching() sum() canonifyuniquely()
difference() classmatch() data_readstringarray() countlinesmatching() variance() concat()
expandrange() every() data_readstringarrayidx() diskfree() dirname()
filter() fileexists() data_regextract() filesize() escape()
findfiles() filesexist() data_sysctlvalues() getfields() eval()
getclassmetatags() groupexists() datastate() getgid() execresult()
getindices() hashmatch() findprocesses() getuid() file_hash()
getusers() hostinnetgroup() getuserinfo() hash_to_int() filestat()
getvalues() hostrange() mapdata() length() format()
getvariablemetatags() iprange() mergedata() now() getenv()
grep() isdir() network_connections() on() hash()
hostsseen() isexecutable() packagesmatching() parseintarray() host2ip()
hostswithclass() isgreaterthan() packageupdatesmatching() parserealarray() hubknowledge()
intersection() isipinsubnet() parsejson() parsestringarray() ifelse()
ldaplist() islessthan() parseyaml() parsestringarrayidx() ip2host()
lsdir() islink() readcsv() randomint() join()
maparray() isnewerthan() readdata() readintarray() lastnode()
maplist() isplain() readenvfile() readrealarray() ldapvalue()
peerleaders() isvariable() readjson() readstringarray() makerule()
peers() laterthan() readyaml() readstringarrayidx() max()
readintlist() ldaparray() url_get() selectservers() min()
readreallist() none() variablesmatching_as_data() string_length() not()
readstringlist() processexists() nth()
reverse() regarray() or()
shuffle() regcmp() peerleader()
sort() regextract() readfile()
splitstring() regldap() readtcp()
string_split() regline() regex_replace()
sublist() reglist() registryvalue()
unique() remoteclassesmatching() remotescalar()
variablesmatching() returnszero() storejson()
some() strftime()
splayclass() string_downcase()
strcmp() string_head()
usemodule() string_mustache()
userexists() string_reverse()