From 79fd6070ea969ed7815bea8c110e911c92587387 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Dallidet?= Date: Mon, 4 Dec 2023 16:32:09 +0100 Subject: [PATCH] Fixes #23835: Do the same for Blocks --- policies/rudderc/src/backends/unix.rs | 23 ++- policies/rudderc/src/backends/unix/ncf.rs | 1 + .../src/backends/unix/ncf/dry_run_mode.rs | 29 +++ .../src/backends/unix/ncf/method_call.rs | 40 ++-- policies/rudderc/src/backends/windows.rs | 33 +++- .../cases/general/policy_mode/metadata.xml | 64 ++++++ .../cases/general/policy_mode/technique.cf | 96 +++++++++ .../cases/general/policy_mode/technique.ps1 | 184 ++++++++++++++++++ .../cases/general/policy_mode/technique.yml | 80 ++++++++ 9 files changed, 511 insertions(+), 39 deletions(-) create mode 100644 policies/rudderc/src/backends/unix/ncf/dry_run_mode.rs diff --git a/policies/rudderc/src/backends/unix.rs b/policies/rudderc/src/backends/unix.rs index 2a4c16e2f0b..43455b380b4 100644 --- a/policies/rudderc/src/backends/unix.rs +++ b/policies/rudderc/src/backends/unix.rs @@ -4,13 +4,14 @@ use std::path::Path; use anyhow::Result; + use tracing::trace; use super::Backend; use crate::{ backends::unix::{ cfengine::{bundle::Bundle, promise::Promise}, - ncf::{method_call::method_call, technique::Technique}, + ncf::{dry_run_mode, method_call::method_call, technique::Technique}, }, ir::{ self, @@ -77,10 +78,16 @@ impl Backend for Unix { r: ItemKind, context: Condition, technique_id: &Id, - ) -> Result> { + ) -> Result)>> { match r { ItemKind::Block(r) => { - let mut calls: Vec<(Promise, Bundle)> = vec![]; + let mut calls: Vec<(Promise, Option)> = vec![]; + if let Some(x) = dry_run_mode::push_policy_mode( + r.policy_mode, + format!("push_policy_mode_for_block_{}", r.id), + ) { + calls.push((x, None)) + } for inner in r.items { calls.extend(resolve_module( inner, @@ -88,10 +95,16 @@ impl Backend for Unix { technique_id, )?); } + if let Some(x) = dry_run_mode::pop_policy_mode( + r.policy_mode, + format!("pop_policy_mode_for_block_{}", r.id), + ) { + calls.push((x, None)) + } Ok(calls) } ItemKind::Method(r) => { - let method: Vec<(Promise, Bundle)> = + let method: Vec<(Promise, Option)> = vec![method_call(technique_id, r, context)?]; Ok(method) } @@ -140,7 +153,7 @@ impl Backend for Unix { .name(technique.name) .version(technique.version) .bundle(main_bundle) - .bundles(call_bundles); + .bundles(call_bundles.into_iter().flatten().collect()); trace!("Generated policy:\n{:#?}", cf_technique); Ok(if standalone { format!( diff --git a/policies/rudderc/src/backends/unix/ncf.rs b/policies/rudderc/src/backends/unix/ncf.rs index c842ae6155a..6b6c966cd96 100644 --- a/policies/rudderc/src/backends/unix/ncf.rs +++ b/policies/rudderc/src/backends/unix/ncf.rs @@ -7,5 +7,6 @@ //! Once we get rid of these, we will be able to make things more general, but for now, //! let's stick with what the webapp generates. +pub mod dry_run_mode; pub mod method_call; pub mod technique; diff --git a/policies/rudderc/src/backends/unix/ncf/dry_run_mode.rs b/policies/rudderc/src/backends/unix/ncf/dry_run_mode.rs new file mode 100644 index 00000000000..6d4700f2c0b --- /dev/null +++ b/policies/rudderc/src/backends/unix/ncf/dry_run_mode.rs @@ -0,0 +1,29 @@ +use rudder_commons::PolicyMode; + +use crate::backends::unix::cfengine::{promise::Promise, quoted}; + +pub fn push_policy_mode(op: Option, promiser: String) -> Option { + op.map(|p| { + Promise::usebundle( + "push_dry_run_mode", + None, + Some(&promiser), + vec![match p { + PolicyMode::Enforce => quoted("false").to_string(), + PolicyMode::Audit => quoted("true").to_string(), + }], + ) + }) +} +pub fn pop_policy_mode(op: Option, promiser: String) -> Option { + if op.is_some() { + Some(Promise::usebundle( + "pop_dry_run_mode", + None, + Some(&promiser), + vec![], + )) + } else { + None + } +} diff --git a/policies/rudderc/src/backends/unix/ncf/method_call.rs b/policies/rudderc/src/backends/unix/ncf/method_call.rs index dd8c263bd2b..4ff2710e054 100644 --- a/policies/rudderc/src/backends/unix/ncf/method_call.rs +++ b/policies/rudderc/src/backends/unix/ncf/method_call.rs @@ -8,11 +8,12 @@ //! signature, type, and constraints). use anyhow::{bail, Result}; -use rudder_commons::{canonify, methods::method::Agent, PolicyMode}; +use rudder_commons::{canonify, methods::method::Agent}; use crate::{ - backends::unix::cfengine::{ - bundle::Bundle, cfengine_escape, expanded, promise::Promise, quoted, + backends::unix::{ + cfengine::{bundle::Bundle, cfengine_escape, expanded, promise::Promise, quoted}, + ncf::dry_run_mode, }, ir::{ condition::Condition, @@ -33,7 +34,7 @@ pub fn method_call( technique_id: &Id, m: Method, condition: Condition, -) -> Result<(Promise, Bundle)> { +) -> Result<(Promise, Option)> { assert!(!m.name.is_empty()); let info = m.info.unwrap(); @@ -102,27 +103,8 @@ pub fn method_call( info.bundle_name ); - let push_policy_mode = m.policy_mode.map(|p| { - Promise::usebundle( - "push_dry_run_mode", - Some(&report_component), - Some(unique), - vec![match p { - PolicyMode::Enforce => quoted("false").to_string(), - PolicyMode::Audit => quoted("true").to_string(), - }], - ) - }); - let pop_policy_mode = if m.policy_mode.is_some() { - Some(Promise::usebundle( - "pop_dry_run_mode", - Some(&report_component), - Some(unique), - vec![], - )) - } else { - None - }; + let push_policy_mode = dry_run_mode::push_policy_mode(m.policy_mode, unique.clone()); + let pop_policy_mode = dry_run_mode::pop_policy_mode(m.policy_mode, unique.clone()); let mut promises = match (&condition, is_supported) { (Condition::Expression(_), true) => vec![ @@ -207,8 +189,10 @@ pub fn method_call( method_parameters.append(&mut specific_parameters); Ok(( bundle_call, - Bundle::agent(bundle_name) - .parameters(method_parameters) - .promise_group(bundle_content), + Some( + Bundle::agent(bundle_name) + .parameters(method_parameters) + .promise_group(bundle_content), + ), )) } diff --git a/policies/rudderc/src/backends/windows.rs b/policies/rudderc/src/backends/windows.rs index 6046fc77d3f..eeb5ee0a5d3 100644 --- a/policies/rudderc/src/backends/windows.rs +++ b/policies/rudderc/src/backends/windows.rs @@ -160,7 +160,11 @@ struct WindowsMethod { policy_mode: Option, } -fn method_call(m: Method, condition: Condition) -> Result { +fn method_call( + m: Method, + condition: Condition, + policy_mode_context: Option, +) -> Result { let Some(report_parameter) = m.params.get(&m.info.unwrap().class_parameter) else { bail!("Missing parameter {}", m.info.unwrap().class_parameter) }; @@ -207,7 +211,15 @@ fn method_call(m: Method, condition: Condition) -> Result { args, name: filters::dsc_case(&m.info.as_ref().unwrap().bundle_name).unwrap(), is_supported, - policy_mode: m.policy_mode, + policy_mode: if let Some(x) = policy_mode_context { + if m.policy_mode.is_none() { + Some(x) + } else { + m.policy_mode + } + } else { + m.policy_mode + }, }) } @@ -222,17 +234,26 @@ impl Windows { fn technique(src: Technique, resources: &Path) -> Result { // Extract methods - fn resolve_module(r: ItemKind, context: Condition) -> Result> { + fn resolve_module( + r: ItemKind, + context: Condition, + policy_mode_context: Option, + ) -> Result> { match r { ItemKind::Block(r) => { let mut calls: Vec = vec![]; for inner in r.items { - calls.extend(resolve_module(inner, context.and(&r.condition))?); + calls.extend(resolve_module( + inner, + context.and(&r.condition), + r.policy_mode, + )?); } Ok(calls) } ItemKind::Method(r) => { - let method: Vec = vec![method_call(r, context)?]; + let method: Vec = + vec![method_call(r, context, policy_mode_context)?]; Ok(method) } _ => todo!(), @@ -241,7 +262,7 @@ impl Windows { let mut methods = vec![]; for item in src.items { - for call in resolve_module(item, Condition::Defined)? { + for call in resolve_module(item, Condition::Defined, None)? { methods.push(call); } } diff --git a/policies/rudderc/tests/cases/general/policy_mode/metadata.xml b/policies/rudderc/tests/cases/general/policy_mode/metadata.xml index 357415a6723..8292df6faf3 100644 --- a/policies/rudderc/tests/cases/general/policy_mode/metadata.xml +++ b/policies/rudderc/tests/cases/general/policy_mode/metadata.xml @@ -52,5 +52,69 @@ +
+
+ + + /tmp/1 + + +
+
+ + + /tmp/1 + + +
+
+ + + /tmp/1 + + +
+
+
+
+ + + /tmp/1 + + +
+
+ + + /tmp/1 + + +
+
+ + + /tmp/1 + + +
+
+
+
+
+ + + /tmp/1 + + +
+
+
+ + + /tmp/1 + + +
+
\ No newline at end of file diff --git a/policies/rudderc/tests/cases/general/policy_mode/technique.cf b/policies/rudderc/tests/cases/general/policy_mode/technique.cf index 0c0c022ced7..11b9a78505d 100644 --- a/policies/rudderc/tests/cases/general/policy_mode/technique.cf +++ b/policies/rudderc/tests/cases/general/policy_mode/technique.cf @@ -18,6 +18,38 @@ bundle agent test_audit { "1d809592-808e-4177-8351-8b7b7769af69_${report_data.directive_id}" usebundle => call_test_audit_1d809592_808e_4177_8351_8b7b7769af69("In default mode", "/tmp/1", "1d809592-808e-4177-8351-8b7b7769af69", @{args}, "${class_prefix}", "/tmp/1", "foobar", "true"); + "push_policy_mode_for_block_57f54359-2b2e-49f9-ab61-a77705615302" usebundle => push_dry_run_mode("true"); + + "ea274579-40fc-4545-b384-8d5576a7c69b_${report_data.directive_id}" usebundle => call_test_audit_ea274579_40fc_4545_b384_8d5576a7c69b("Resolve to audit", "/tmp/1", "ea274579-40fc-4545-b384-8d5576a7c69b", @{args}, "${class_prefix}", "/tmp/1", "foobar", "true"); + + "85659b7e-968c-458c-b566-c90108c50833_${report_data.directive_id}" usebundle => call_test_audit_85659b7e_968c_458c_b566_c90108c50833("Resolve to enforce", "/tmp/1", "85659b7e-968c-458c-b566-c90108c50833", @{args}, "${class_prefix}", "/tmp/1", "foobar", "true"); + + "d8def455-cd43-441f-8dba-1ebae3a29389_${report_data.directive_id}" usebundle => call_test_audit_d8def455_cd43_441f_8dba_1ebae3a29389("Resolve to audit", "/tmp/1", "d8def455-cd43-441f-8dba-1ebae3a29389", @{args}, "${class_prefix}", "/tmp/1", "foobar", "true"); + + "pop_policy_mode_for_block_57f54359-2b2e-49f9-ab61-a77705615302" usebundle => pop_dry_run_mode(); + + "push_policy_mode_for_block_1ff82fc2-38fc-4324-92ab-3de5fafcdc14" usebundle => push_dry_run_mode("false"); + + "f9417d97-3a18-4db6-85c3-72e28618bff1_${report_data.directive_id}" usebundle => call_test_audit_f9417d97_3a18_4db6_85c3_72e28618bff1("Resolve to audit", "/tmp/1", "f9417d97-3a18-4db6-85c3-72e28618bff1", @{args}, "${class_prefix}", "/tmp/1", "foobar", "true"); + + "c4b4faa1-85e5-4922-b713-c198bf99226e_${report_data.directive_id}" usebundle => call_test_audit_c4b4faa1_85e5_4922_b713_c198bf99226e("Resolve to enforce", "/tmp/1", "c4b4faa1-85e5-4922-b713-c198bf99226e", @{args}, "${class_prefix}", "/tmp/1", "foobar", "true"); + + "cce62a59-bd17-4858-ba06-6ae41f39b15a_${report_data.directive_id}" usebundle => call_test_audit_cce62a59_bd17_4858_ba06_6ae41f39b15a("Resolve to enforce", "/tmp/1", "cce62a59-bd17-4858-ba06-6ae41f39b15a", @{args}, "${class_prefix}", "/tmp/1", "foobar", "true"); + + "pop_policy_mode_for_block_1ff82fc2-38fc-4324-92ab-3de5fafcdc14" usebundle => pop_dry_run_mode(); + + "push_policy_mode_for_block_7def389a-78d2-4104-b6fc-19c74f14fe93" usebundle => push_dry_run_mode("false"); + + "push_policy_mode_for_block_9fca6ca8-ccaa-4688-a5fc-e2a0d9d60165" usebundle => push_dry_run_mode("true"); + + "0a4299dd-0902-48b2-85ee-13dfe6fc3af6_${report_data.directive_id}" usebundle => call_test_audit_0a4299dd_0902_48b2_85ee_13dfe6fc3af6("Resolve to audit", "/tmp/1", "0a4299dd-0902-48b2-85ee-13dfe6fc3af6", @{args}, "${class_prefix}", "/tmp/1", "foobar", "true"); + + "pop_policy_mode_for_block_9fca6ca8-ccaa-4688-a5fc-e2a0d9d60165" usebundle => pop_dry_run_mode(); + + "3b8352df-1329-4956-a019-bb9c072bc830_${report_data.directive_id}" usebundle => call_test_audit_3b8352df_1329_4956_a019_bb9c072bc830("Resolve to enforce", "/tmp/1", "3b8352df-1329-4956-a019-bb9c072bc830", @{args}, "${class_prefix}", "/tmp/1", "foobar", "true"); + + "pop_policy_mode_for_block_7def389a-78d2-4104-b6fc-19c74f14fe93" usebundle => pop_dry_run_mode(); + } bundle agent call_test_audit_46b8025a_0b06_485c_9127_50e4258ee7e6(c_name, c_key, report_id, args, class_prefix, path, lines, enforce) { @@ -51,3 +83,67 @@ bundle agent call_test_audit_1d809592_808e_4177_8351_8b7b7769af69(c_name, c_key, "1d809592-808e-4177-8351-8b7b7769af69_${report_data.directive_id}" usebundle => file_content("${path}", "${lines}", "${enforce}"); } +bundle agent call_test_audit_ea274579_40fc_4545_b384_8d5576a7c69b(c_name, c_key, report_id, args, class_prefix, path, lines, enforce) { + + methods: + "ea274579-40fc-4545-b384-8d5576a7c69b_${report_data.directive_id}" usebundle => _method_reporting_context_v4("${c_name}", "${c_key}", "${report_id}"); + "ea274579-40fc-4545-b384-8d5576a7c69b_${report_data.directive_id}" usebundle => push_dry_run_mode("true"); + "ea274579-40fc-4545-b384-8d5576a7c69b_${report_data.directive_id}" usebundle => file_content("${path}", "${lines}", "${enforce}"); + "ea274579-40fc-4545-b384-8d5576a7c69b_${report_data.directive_id}" usebundle => pop_dry_run_mode(); + +} +bundle agent call_test_audit_85659b7e_968c_458c_b566_c90108c50833(c_name, c_key, report_id, args, class_prefix, path, lines, enforce) { + + methods: + "85659b7e-968c-458c-b566-c90108c50833_${report_data.directive_id}" usebundle => _method_reporting_context_v4("${c_name}", "${c_key}", "${report_id}"); + "85659b7e-968c-458c-b566-c90108c50833_${report_data.directive_id}" usebundle => push_dry_run_mode("false"); + "85659b7e-968c-458c-b566-c90108c50833_${report_data.directive_id}" usebundle => file_content("${path}", "${lines}", "${enforce}"); + "85659b7e-968c-458c-b566-c90108c50833_${report_data.directive_id}" usebundle => pop_dry_run_mode(); + +} +bundle agent call_test_audit_d8def455_cd43_441f_8dba_1ebae3a29389(c_name, c_key, report_id, args, class_prefix, path, lines, enforce) { + + methods: + "d8def455-cd43-441f-8dba-1ebae3a29389_${report_data.directive_id}" usebundle => _method_reporting_context_v4("${c_name}", "${c_key}", "${report_id}"); + "d8def455-cd43-441f-8dba-1ebae3a29389_${report_data.directive_id}" usebundle => file_content("${path}", "${lines}", "${enforce}"); + +} +bundle agent call_test_audit_f9417d97_3a18_4db6_85c3_72e28618bff1(c_name, c_key, report_id, args, class_prefix, path, lines, enforce) { + + methods: + "f9417d97-3a18-4db6-85c3-72e28618bff1_${report_data.directive_id}" usebundle => _method_reporting_context_v4("${c_name}", "${c_key}", "${report_id}"); + "f9417d97-3a18-4db6-85c3-72e28618bff1_${report_data.directive_id}" usebundle => push_dry_run_mode("true"); + "f9417d97-3a18-4db6-85c3-72e28618bff1_${report_data.directive_id}" usebundle => file_content("${path}", "${lines}", "${enforce}"); + "f9417d97-3a18-4db6-85c3-72e28618bff1_${report_data.directive_id}" usebundle => pop_dry_run_mode(); + +} +bundle agent call_test_audit_c4b4faa1_85e5_4922_b713_c198bf99226e(c_name, c_key, report_id, args, class_prefix, path, lines, enforce) { + + methods: + "c4b4faa1-85e5-4922-b713-c198bf99226e_${report_data.directive_id}" usebundle => _method_reporting_context_v4("${c_name}", "${c_key}", "${report_id}"); + "c4b4faa1-85e5-4922-b713-c198bf99226e_${report_data.directive_id}" usebundle => push_dry_run_mode("false"); + "c4b4faa1-85e5-4922-b713-c198bf99226e_${report_data.directive_id}" usebundle => file_content("${path}", "${lines}", "${enforce}"); + "c4b4faa1-85e5-4922-b713-c198bf99226e_${report_data.directive_id}" usebundle => pop_dry_run_mode(); + +} +bundle agent call_test_audit_cce62a59_bd17_4858_ba06_6ae41f39b15a(c_name, c_key, report_id, args, class_prefix, path, lines, enforce) { + + methods: + "cce62a59-bd17-4858-ba06-6ae41f39b15a_${report_data.directive_id}" usebundle => _method_reporting_context_v4("${c_name}", "${c_key}", "${report_id}"); + "cce62a59-bd17-4858-ba06-6ae41f39b15a_${report_data.directive_id}" usebundle => file_content("${path}", "${lines}", "${enforce}"); + +} +bundle agent call_test_audit_0a4299dd_0902_48b2_85ee_13dfe6fc3af6(c_name, c_key, report_id, args, class_prefix, path, lines, enforce) { + + methods: + "0a4299dd-0902-48b2-85ee-13dfe6fc3af6_${report_data.directive_id}" usebundle => _method_reporting_context_v4("${c_name}", "${c_key}", "${report_id}"); + "0a4299dd-0902-48b2-85ee-13dfe6fc3af6_${report_data.directive_id}" usebundle => file_content("${path}", "${lines}", "${enforce}"); + +} +bundle agent call_test_audit_3b8352df_1329_4956_a019_bb9c072bc830(c_name, c_key, report_id, args, class_prefix, path, lines, enforce) { + + methods: + "3b8352df-1329-4956-a019-bb9c072bc830_${report_data.directive_id}" usebundle => _method_reporting_context_v4("${c_name}", "${c_key}", "${report_id}"); + "3b8352df-1329-4956-a019-bb9c072bc830_${report_data.directive_id}" usebundle => file_content("${path}", "${lines}", "${enforce}"); + +} diff --git a/policies/rudderc/tests/cases/general/policy_mode/technique.ps1 b/policies/rudderc/tests/cases/general/policy_mode/technique.ps1 index de0fe5d5435..d32d8897dde 100644 --- a/policies/rudderc/tests/cases/general/policy_mode/technique.ps1 +++ b/policies/rudderc/tests/cases/general/policy_mode/technique.ps1 @@ -110,6 +110,190 @@ $localContext.merge($methodContext) + $reportId=$reportIdBase + "ea274579-40fc-4545-b384-8d5576a7c69b" + $componentKey = "/tmp/1" + $reportParams = @{ + ClassPrefix = ([Rudder.Condition]::canonify(("file_lines_present_" + $componentKey))) + ComponentKey = $componentKey + ComponentName = "Resolve to audit" + PolicyMode = ([Rudder.PolicyMode]::Audit) + ReportId = $reportId + DisableReporting = $false + TechniqueName = $techniqueName + } + + $methodParams = @{ + Enforce = "true" + Lines = "foobar" + Path = "/tmp/1" + + } + $call = File-Content @methodParams -PolicyMode ([Rudder.PolicyMode]::Audit) + $methodContext = Compute-Method-Call @reportParams -MethodCall $call + $localContext.merge($methodContext) + + + $reportId=$reportIdBase + "85659b7e-968c-458c-b566-c90108c50833" + $componentKey = "/tmp/1" + $reportParams = @{ + ClassPrefix = ([Rudder.Condition]::canonify(("file_lines_present_" + $componentKey))) + ComponentKey = $componentKey + ComponentName = "Resolve to enforce" + PolicyMode = ([Rudder.PolicyMode]::Enforce) + ReportId = $reportId + DisableReporting = $false + TechniqueName = $techniqueName + } + + $methodParams = @{ + Enforce = "true" + Lines = "foobar" + Path = "/tmp/1" + + } + $call = File-Content @methodParams -PolicyMode ([Rudder.PolicyMode]::Enforce) + $methodContext = Compute-Method-Call @reportParams -MethodCall $call + $localContext.merge($methodContext) + + + $reportId=$reportIdBase + "d8def455-cd43-441f-8dba-1ebae3a29389" + $componentKey = "/tmp/1" + $reportParams = @{ + ClassPrefix = ([Rudder.Condition]::canonify(("file_lines_present_" + $componentKey))) + ComponentKey = $componentKey + ComponentName = "Resolve to audit" + PolicyMode = ([Rudder.PolicyMode]::Audit) + ReportId = $reportId + DisableReporting = $false + TechniqueName = $techniqueName + } + + $methodParams = @{ + Enforce = "true" + Lines = "foobar" + Path = "/tmp/1" + + } + $call = File-Content @methodParams -PolicyMode ([Rudder.PolicyMode]::Audit) + $methodContext = Compute-Method-Call @reportParams -MethodCall $call + $localContext.merge($methodContext) + + + $reportId=$reportIdBase + "f9417d97-3a18-4db6-85c3-72e28618bff1" + $componentKey = "/tmp/1" + $reportParams = @{ + ClassPrefix = ([Rudder.Condition]::canonify(("file_lines_present_" + $componentKey))) + ComponentKey = $componentKey + ComponentName = "Resolve to audit" + PolicyMode = ([Rudder.PolicyMode]::Audit) + ReportId = $reportId + DisableReporting = $false + TechniqueName = $techniqueName + } + + $methodParams = @{ + Enforce = "true" + Lines = "foobar" + Path = "/tmp/1" + + } + $call = File-Content @methodParams -PolicyMode ([Rudder.PolicyMode]::Audit) + $methodContext = Compute-Method-Call @reportParams -MethodCall $call + $localContext.merge($methodContext) + + + $reportId=$reportIdBase + "c4b4faa1-85e5-4922-b713-c198bf99226e" + $componentKey = "/tmp/1" + $reportParams = @{ + ClassPrefix = ([Rudder.Condition]::canonify(("file_lines_present_" + $componentKey))) + ComponentKey = $componentKey + ComponentName = "Resolve to enforce" + PolicyMode = ([Rudder.PolicyMode]::Enforce) + ReportId = $reportId + DisableReporting = $false + TechniqueName = $techniqueName + } + + $methodParams = @{ + Enforce = "true" + Lines = "foobar" + Path = "/tmp/1" + + } + $call = File-Content @methodParams -PolicyMode ([Rudder.PolicyMode]::Enforce) + $methodContext = Compute-Method-Call @reportParams -MethodCall $call + $localContext.merge($methodContext) + + + $reportId=$reportIdBase + "cce62a59-bd17-4858-ba06-6ae41f39b15a" + $componentKey = "/tmp/1" + $reportParams = @{ + ClassPrefix = ([Rudder.Condition]::canonify(("file_lines_present_" + $componentKey))) + ComponentKey = $componentKey + ComponentName = "Resolve to enforce" + PolicyMode = ([Rudder.PolicyMode]::Enforce) + ReportId = $reportId + DisableReporting = $false + TechniqueName = $techniqueName + } + + $methodParams = @{ + Enforce = "true" + Lines = "foobar" + Path = "/tmp/1" + + } + $call = File-Content @methodParams -PolicyMode ([Rudder.PolicyMode]::Enforce) + $methodContext = Compute-Method-Call @reportParams -MethodCall $call + $localContext.merge($methodContext) + + + $reportId=$reportIdBase + "0a4299dd-0902-48b2-85ee-13dfe6fc3af6" + $componentKey = "/tmp/1" + $reportParams = @{ + ClassPrefix = ([Rudder.Condition]::canonify(("file_lines_present_" + $componentKey))) + ComponentKey = $componentKey + ComponentName = "Resolve to audit" + PolicyMode = ([Rudder.PolicyMode]::Audit) + ReportId = $reportId + DisableReporting = $false + TechniqueName = $techniqueName + } + + $methodParams = @{ + Enforce = "true" + Lines = "foobar" + Path = "/tmp/1" + + } + $call = File-Content @methodParams -PolicyMode ([Rudder.PolicyMode]::Audit) + $methodContext = Compute-Method-Call @reportParams -MethodCall $call + $localContext.merge($methodContext) + + + $reportId=$reportIdBase + "3b8352df-1329-4956-a019-bb9c072bc830" + $componentKey = "/tmp/1" + $reportParams = @{ + ClassPrefix = ([Rudder.Condition]::canonify(("file_lines_present_" + $componentKey))) + ComponentKey = $componentKey + ComponentName = "Resolve to enforce" + PolicyMode = ([Rudder.PolicyMode]::Enforce) + ReportId = $reportId + DisableReporting = $false + TechniqueName = $techniqueName + } + + $methodParams = @{ + Enforce = "true" + Lines = "foobar" + Path = "/tmp/1" + + } + $call = File-Content @methodParams -PolicyMode ([Rudder.PolicyMode]::Enforce) + $methodContext = Compute-Method-Call @reportParams -MethodCall $call + $localContext.merge($methodContext) + + EndTechniqueCall -Name $techniqueName } \ No newline at end of file diff --git a/policies/rudderc/tests/cases/general/policy_mode/technique.yml b/policies/rudderc/tests/cases/general/policy_mode/technique.yml index 97501f0bf30..4dfecef189d 100644 --- a/policies/rudderc/tests/cases/general/policy_mode/technique.yml +++ b/policies/rudderc/tests/cases/general/policy_mode/technique.yml @@ -34,3 +34,83 @@ items: lines: "foobar" enforce: "true" policy_mode: default + - id: 57f54359-2b2e-49f9-ab61-a77705615302 + name: "A block in audit mode" + policy_mode: audit + items: + - id: ea274579-40fc-4545-b384-8d5576a7c69b + name: 'Resolve to audit' + method: file_content + params: + path: /tmp/1 + lines: "foobar" + enforce: "true" + policy_mode: audit + - id: 85659b7e-968c-458c-b566-c90108c50833 + name: 'Resolve to enforce' + method: file_content + params: + path: /tmp/1 + lines: "foobar" + enforce: "true" + policy_mode: enforce + - id: d8def455-cd43-441f-8dba-1ebae3a29389 + name: 'Resolve to audit' + method: file_content + params: + path: /tmp/1 + lines: "foobar" + enforce: "true" + policy_mode: default + - id: 1ff82fc2-38fc-4324-92ab-3de5fafcdc14 + name: "A block in enforce mode" + policy_mode: enforce + items: + - id: f9417d97-3a18-4db6-85c3-72e28618bff1 + name: 'Resolve to audit' + method: file_content + params: + path: /tmp/1 + lines: "foobar" + enforce: "true" + policy_mode: audit + - id: c4b4faa1-85e5-4922-b713-c198bf99226e + name: 'Resolve to enforce' + method: file_content + params: + path: /tmp/1 + lines: "foobar" + enforce: "true" + policy_mode: enforce + - id: cce62a59-bd17-4858-ba06-6ae41f39b15a + name: 'Resolve to enforce' + method: file_content + params: + path: /tmp/1 + lines: "foobar" + enforce: "true" + policy_mode: default + - id: 7def389a-78d2-4104-b6fc-19c74f14fe93 + name: "An audit block" + policy_mode: enforce + items: + - id: 9fca6ca8-ccaa-4688-a5fc-e2a0d9d60165 + name: 'A nested block in audit' + policy_mode: audit + items: + - id: 0a4299dd-0902-48b2-85ee-13dfe6fc3af6 + name: 'Resolve to audit' + method: file_content + params: + path: /tmp/1 + lines: "foobar" + enforce: "true" + policy_mode: default + - id: 3b8352df-1329-4956-a019-bb9c072bc830 + name: 'Resolve to enforce' + method: file_content + params: + path: /tmp/1 + lines: "foobar" + enforce: "true" + policy_mode: default