Sometimes it is useful to abort a bundle execution if certain conditions are not met, for example when validating input to a bundle. The following policy uses a list of regular expressions for classes, or class expressions that cf-agent will watch out for. If any of these classes becomes defined, it will cause the current bundle to be aborted.

code
body common control

{
      bundlesequence => { "example" };
}

body agent control

{
      abortbundleclasses => { "invalid" };
}


bundle agent example

{
  vars:

      #"userlist" slist => { "mark", "john" };           # contains all valid entries
      "userlist" slist => { "mark", "john", "thomas" };  # contains one invalid entry

  classes:

      "invalid" not => regcmp("[a-z][a-z][a-z][a-z]","$(userlist)"); # The class 'invalid' is set if the user name does not
      # contain exactly four un-capitalized letters (bundle
      # execution will be aborted if set)

  reports:

    !invalid::

      "User name $(userlist) is valid at 4 letters";
}

This policy can be found in /var/cfengine/share/doc/examples/abort.cf and downloaded directly from github.

This is how the policy runs when the userlist is valid:

code
# cf-agent -f unit_abort.cf
R: User name mark is valid at 4 letters
R: User name john is valid at 4 letters
#

This is how the policy runs when the userlist contains an invalid entry:

code
# cf-agent -f unit_abort.cf
Bundle example aborted on defined class "invalid"
#

To run this example file as part of your main policy you need to make an additional change:

There cannot be two body agent control in the main policy. Delete the body agent control section from /var/cfengine/masterfiles/unit_abort.cf. Copy and paste abortbundleclasses => { "invalid" }; into /var/cfengine/masterfiles/controls/cf_agent.cf. If you add it to the end of the file it should look something like this:

code
...
    #  dryrun => "true";

    abortbundleclasses => { "invalid" };
}