body common control
{
    any::
        bundlesequence => {
            main,
        };
        inputs => {};
}

bundle agent main
{
    vars:
        any::
            "input_name_patterns" slist => {
                ".*\.cf",
                ".*\.cftpl",
                ".*\.dat",
                ".*\.txt",
                ".*\.cfg",
                ".*\.conf",
                ".*\.json",
                ".*\.mustache",
                ".*\.pl",
                ".*\.py",
                ".*\.rb",
                ".*\.sh",
                ".*\.yaml",
            };
    files:
        !am_policy_hub::
            "$(sys.inputdir)/cf_promises_validated"
                copy_from => secure_cp("$(sys.masterdir)/cf_promises_validated"),
                action => immediate,
                classes => if_repaired("validated_updates_ready");
            "$(sys.workdir)/modules"
                copy_from => secure_cp("modules"),
                depth_search => recurse("inf"),
                perms => m("755"),
                action => immediate,
                file_select => exclude_vcs_files;
        am_policy_hub::
            "$(sys.masterdir)/."
                perms => m(700),
                depth_search => recurse_basedir("inf"),
                action => immediate;
        am_policy_hub|validated_updates_ready::
            "$(sys.inputdir)"
                copy_from => secure_cp("$(sys.masterdir)"),
                depth_search => recurse("inf"),
                file_select  => input_files,
                action => immediate,
                classes => results("bundle", "update_inputs");
        update_inputs_not_kept::
           "$(sys.inputdir)/cf_promises_validated"
                delete => tidy;
}

body file_select exclude_vcs_files
{
    leaf_name => { "\.git.*" };
    file_result => "!leaf_name";
}

body file_select input_files
{
    leaf_name => { @(main.input_name_patterns) };
    file_result => "leaf_name";
}

body perms m(mode)
{
    mode => "$(mode)";
}

body copy_from secure_cp(from)
{
    any::
        source => "$(from)";
        compare => "digest";
        encrypt => "true";
        verify => "true";
        copy_backup => "false";
        purge       => "true";
    !am_policy_hub::
        servers => { "$(sys.policy_hub)" };
        portnumber => "$(sys.policy_hub_port)";
}

body action immediate
{
    ifelapsed => "0";
}

body classes if_repaired(x)
{
    promise_repaired => { "$(x)" };
}

body depth_search recurse(d)
{
    depth => "$(d)";
    xdev  => "true";
}

body depth_search recurse_basedir(d)
{
    include_basedir => "true";
    depth => "$(d)";
    exclude_dirs => { "\.svn", "\.git", "git-core" };
}

body delete tidy
{
    dirlinks => "delete";
    rmdirs   => "true";
}

body classes results(scope, class_prefix)
{
    scope => "$(scope)";

    promise_kept => { "$(class_prefix)_reached",
                      "$(class_prefix)_kept" };
    promise_repaired => { "$(class_prefix)_reached",
                          "$(class_prefix)_repaired" };
    repair_failed => { "$(class_prefix)_reached",
                       "$(class_prefix)_error",
                       "$(class_prefix)_not_kept",
                       "$(class_prefix)_failed" };
    repair_denied => { "$(class_prefix)_reached",
                       "$(class_prefix)_error",
                       "$(class_prefix)_not_kept",
                       "$(class_prefix)_denied" };
    repair_timeout => { "$(class_prefix)_reached",
                        "$(class_prefix)_error",
                        "$(class_prefix)_not_kept",
                        "$(class_prefix)_timeout" };
}