command_execution_options
command execution.
⚙️ Compatible targets: Linux
Parameters
Name | Documentation |
---|---|
command | Command to be executed. This parameter is required. |
args | Arguments to the command. This parameter is optional. |
run_in_audit_mode | Specify if command must be run in audit mode. Choices:
This parameter is optional. |
in_shell | Specify whether the command should be executed within a shell. Choices:
This parameter is optional. |
shell_path | Define the path to the shell to be used (applicable only in shell mode). This parameter is optional. |
chdir | Set the working directory from which the command will be executed. This parameter is optional. |
timeout | Define a timeout duration for the command execution. This parameter is optional. |
stdin | Provide input to the standard input (stdin) of the executed command. This parameter is optional. |
stdin_add_newline | Control whether a newline character is appended to the stdin input. Choices:
This parameter is optional. |
compliant_codes | Specify the compliant codes. This parameter is optional. |
repaired_codes | Specify the repaired codes. This parameter is optional. |
output_to_file | Define a file path to store the output generated by the command. This parameter is optional. |
strip_output | Controls if the EOL is strip from the output. Choices:
This parameter is optional. |
uid | Specify the user ID (UID) under which the command will be executed. This parameter is optional. |
gid | Specify the group ID (GID) under which the command will be executed. This parameter is optional. |
user | Specify the user under which the command will be executed. This parameter is optional. |
group | Specify the group under which the command will be executed. This parameter is optional. |
umask | Set the umask value for the executed command. This parameter is optional. |
env_vars | The variables to pass to the environment of the executed command. This parameter is optional. |
show_content | Controls output of the report. Choices:
This parameter is optional. |
Outcome conditions
You need to replace ${command}
with its actual canonified value.
- ✅ Ok:
command_execution_options_${command}_ok
- ☑️ Already compliant:
command_execution_options_${command}_kept
- 🟨 Repaired:
command_execution_options_${command}_repaired
- ☑️ Already compliant:
- ❌ Error:
command_execution_options_${command}_error
Example
method: command_execution_options
params:
shell_path: OPTIONAL_VALUE
timeout: OPTIONAL_VALUE
group: OPTIONAL_VALUE
run_in_audit_mode: 'true'
umask: OPTIONAL_VALUE
env_vars: OPTIONAL_VALUE
user: OPTIONAL_VALUE
show_content: 'true'
stdin_add_newline: 'true'
in_shell: 'true'
chdir: OPTIONAL_VALUE
stdin: OPTIONAL_VALUE
output_to_file: OPTIONAL_VALUE
gid: OPTIONAL_VALUE
args: OPTIONAL_VALUE
strip_output: 'true'
uid: OPTIONAL_VALUE
compliant_codes: OPTIONAL_VALUE
repaired_codes: OPTIONAL_VALUE
command: VALUE
Documentation
The command_execution_options
method executes a command on the system with configurable execution
parameters such as timeout, user/group, environment, and shell options.
This function is a wrapper around
Rudder command execution module,
providing simplified parameterization and safe defaults.
Result status
The method’s result depends on the execution mode:
-
Enforce mode
- If the command exit code is contained in
repaired_codes
, the status isrepaired
. - If the exit code is contained in
compliant_codes
, the status issuccess
. - Any other exit code produces an
error
report.
- If the command exit code is contained in
-
Audit mode
- By default, the status is always
not_applicable
. - If
run_in_audit_mode
is set to"true"
, the same logic as in enforce mode is applied (repaired
/success
/error
depending on exit codes).
- By default, the status is always
Notes
- When
in_shell=true
, thecommand
is passed directly to the shell. Pipes, subshells, and compound commands are supported. - When
in_shell=false
, you must useargs
(JSON array of strings). No shell expansion happens: variables like$HOME
, wildcards (*
), or redirections (>
/|
) are treated literally. args
andin_shell
are mutually exclusive: they cannot be used at the same time.stdin_add_newline
ensures input ends with a newline, useful when using interactive inputs viastdin
env_vars
must be a JSON object where keys and values are strings.
Examples
Minimal usage (required command
)
method: command_execution_options
params:
command: "echo Hello"
With arguments (JSON array, no shell)
method: command_execution_options
params:
command: "/usr/bin/echo"
args: ["Hello", "World"]
in_shell: "false"
Using a shell with pipes
method: command_execution_options
params:
command: "cat /etc/os-release | grep NAME"
in_shell: "true"
Running as specific user and group
method: command_execution_options
params:
command: "id"
uid:: "1001"
gid:: "1001"
Setting environment variables (JSON object)
method: command_execution_options
params:
command: "env"
env_vars:: { "MY_VAR": "Hello World" }