Functions
Functions take zero or more values as arguments and return a value.
Argument values need to be of the type and range as documented for each
function. Some functions are documented with a ...
, in which case they
take an arbitrary amount of arguments.
They can return scalar (string|int|real|bool), list (slist, ilist, rlist) and data values:
printf "one\ntwo\nthree\n" > /tmp/list.txt
printf "1\n2\n3\n" >> /tmp/list.txt
printf "1.0\n2.0\n3.0" >> /tmp/list.txt
bundle agent example_function_return_types
{
classes:
"this_file_exists" expression => fileexists( $(this.promise_filename) );
vars:
"my_string" string => concat( "Promises you cannot keep",
" are no better than lies");
"my_list_of_strings"
slist => readstringlist( "/tmp/list.txt", # File to read
"", # Don't ignore any lines
"\n", # Split on newlines
inf, # Extract as many entries as possible
inf); # Read in as much data as possible
"my_list_of_integers"
ilist => readintlist( "/tmp/list.txt", # File to read
"^(\D+)|(\d+[^\n]+)", # Ignore any lines that are not integers
"\n", # Split on newlines
inf, # Maximum number of entries
inf); # Maximum number of bytes to read
"my_list_of_reals"
rlist => readreallist( "/tmp/list.txt", # File to read
"^(\D+)", # Ignore any lines that are not digits
"\n", # Split on newlines
inf, # Maximum number of entries
inf); # Maximum number of bytes to read
"my_integer" int => string_length( $(my_string) );
"my_real" real => sum( my_list_of_integers );
"my_data" data => mergedata( '{ "Hello": "world!" }' );
reports:
"my_string: '$(my_string)'";
"my_list_of_strings includes '$(my_list_of_strings)'";
"my_list_of_integers includes '$(my_list_of_integers)'";
"my_list_of_reals includes '$(my_list_of_reals)'";
"my_integer: '$(my_integer)'";
"my_real: '$(my_real)'";
"my_data: '$(with)'"
with => string_mustache( "", my_data );
this_file_exists::
"This file exists.";
}
bundle agent __main__
{
methods: "example_function_return_types";
}
R: my_string: 'Promises you cannot keep are no better than lies'
R: my_list_of_strings includes 'one'
R: my_list_of_strings includes 'two'
R: my_list_of_strings includes 'three'
R: my_list_of_strings includes '1'
R: my_list_of_strings includes '2'
R: my_list_of_strings includes '3'
R: my_list_of_strings includes '1.0'
R: my_list_of_strings includes '2.0'
R: my_list_of_strings includes '3.0'
R: my_list_of_integers includes '1'
R: my_list_of_integers includes '2'
R: my_list_of_integers includes '3'
R: my_list_of_reals includes '1'
R: my_list_of_reals includes '2'
R: my_list_of_reals includes '3'
R: my_list_of_reals includes '1.0'
R: my_list_of_reals includes '2.0'
R: my_list_of_reals includes '3.0'
R: my_integer: '48'
R: my_real: '6.000000'
R: my_data: '{
"Hello": "world!"
}'
R: This file exists.
This policy can be found in
/var/cfengine/share/doc/examples/function-return-types.cf
and downloaded directly from
github.
In addition, functions with return type boolean
evaluate to true
or
false
. The class on the left-hand side is set if the function evaluates to
true. If the function evaluates to false, then the class remains unchanged.
bundle agent test
{
vars:
"five" int => "5";
"seven" int => "7";
classes:
"ok" expression => islessthan("$(five)","$(seven)");
reports:
ok::
"$(five) is smaller than $(seven)";
!ok::
"$(seven) is smaller than $(five)";
}
Underneath, CFEngine functions that return boolean
will actually
return a context expression like any
or !any
which will then be
deemed true or false by the CFEngine evaluator. Note the truth of a
context expression or the result of a function call may change during
evaluation, but a class, once defined, will stay defined.
Functions that return a boolean
can thus sometimes be used in places
where a string is accepted as well, but this behavior is not clearly
defined or supported. Use at your own discretion.
Function caching
During convergence, CFEngine's evaluation model will evaluate functions multiple times, which can be a performance concern.
Some system functions are particularly expensive:
execresult()
andreturnszero()
for shell executionregldap()
,ldapvalue()
, andldaplist()
for LDAP queriesfindprocesses()
, andprocessexists()
for querying processes.host2ip()
andip2host()
for DNS queriesreadtcp()
for TCP interactionshubknowledge()
, andremotescalar()
for hub queries
When enabled cached functions are not executed on every pass of convergence. Instead, the function will only be executed once during the agent evaluation step and its result will be cached until the end of that agent execution.
Note: Cached functions are executed multiple times during
policy validation and pre-evaluation.
Function caching is per-process, so results will not be cached between
separate components e.g. cf-agent
, cf-serverd
and cf-promises
.
Additionally functions are cached by hashing the function arguments. If you have
the exact same function call in two different promises (it does not matter if
they are in the same bundle or not) only the first executed function will be
cached. That cached result will be re-used for other identical function
occurrences.
Function caching can be disabled by setting cache_system_functions
in body
common control to false
.
Function Skipping
If a variable passed to a function is unable to be resolved the function will be skipped. The function will be evaluated during a later pass when all variables passed as arguments are able to be resolved. The function will never be evaluated if any argument contains a variable that never resolves.
Collecting Functions
Some function arguments are marked as collecting which means they can "collect" an argument from various sources. The data is normalized into the JSON format internally, so all of the following data types have consistent behavior.
If a key inside a data container is specified (
mycontainer[key]
), the value under that key is collected. The key can be a string for JSON objects or a number for JSON arrays.If a single data container, CFEngine array, or slist is specified (
mycontainer
ormyarray
ormyslist
), the contents of it are collected.If a single data container, CFEngine array, or slist is specified with
@()
around it (@(mycontainer)
or@(myarray)
or@(myslist)
), the contents of it are collected.If a function call that returns a data container or slist is specified, that function call is evaluated and the results are inserted, so you can say for instance
sort(data_expand(...), "lex")
to expand a data container then sort it.If a list (slist, ilist, or rlist) is named, its entries are collected.
If any CFEngine "classic" array (
array[key]
) is named, it's first converted to a JSON key-value map, then collected.If a literal JSON string like
[ 1,2,3 ]
or{ "x": 500 }
is provided, it will be parsed and used.If any of the above-mentioned ways to reference variables are used inside a literal JSON string they will be expanded (or the function call will fail). This is similar to the behavior of Javascript, for instance. For example,
mergedata('[ thing, { "mykey": otherthing[123] } ]')
will wrap thething
in a JSON array; then the contents ofotherthing[123]
will be wrapped in a JSON map which will also go in the array.
Delayed Evaluation Functions
Since CFEngine 3.10, some functions are marked as delayed evaluation which
means they can evaluate a function call across every element of a collection.
This makes intuitive sense for the collection traversing functions maparray()
,
maplist()
, and mapdata()
.
The practical use is for instance maplist(format("%03d", $(this)), mylist)
which will evaluate that format()
call once for every element of mylist
.
Before 3.10, the same call would have resulted in running the format()
function before the list is traversed, which is almost never what the user
wants.
List of all functions
There are a large number of functions built into CFEngine. The following tables might make it easier for you to find the function you need.