User story #11140
openEnforce a file content technique - add "Line ignore regular expression" option/textbox
Description
It would be extremely helpful to be able to ignore certain lines (especially lines beginning with a #) in the "Ensure file content" technique.
Quite often, there are configuration files on multiple systems which are identical except for certain lines which may have old values commented out.
When deploying rudder in a large existing environment, it is helpful to know which existing configuration files have actually different values from what is considered a standard configuration. So by creating a file content directive with the desired contents, and putting it in audit mode, it will reveal the exceptions by showing non-compliance and then an investigation usually takes place to determine whether it is safe to bring a particular node's configuration file into compliance with the standard (by putting the directive in enforce mode for that node), or if there should be a legitimate exception for which a separate directive needs to be created and applied just to that node.
In this scenario, configuration files which have commented-out old values would show up as non-compliant even though from an operational standpoint, they contain the correct contents. In large environments this generates a lot of false positives and each requires manual investigation.
In order to prevent this, having a regex that would ignore certain lines for the purposes of determining whether a file is compliant would be great. The most used regex of course would be '^#'
So I imagine adding a checkbox labeled something like "Ignore lines using a regexp" along with an associated section and textbox for the regex would probably work.