avoid deleting unmanaged files during config apply (#1338) (#1346)

github-actions[bot] · sean-breen · web-flow · commit 9ef4306fdf24 · 2025-10-20T14:18:24.000+01:00
* avoid deleting unmanaged files during config apply

* use dev goproxy

Co-authored-by: Sean Breen &lt;101327931+sean-breen@users.noreply.github.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -20,7 +20,7 @@ permissions:
 
 env:
   NFPM_VERSION: 'v2.35.3'
-  GOPROXY: "direct"
+  GOPROXY: "https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@azr.artifactory.f5net.com/artifactory/api/go/f5-nginx-go-dev"
 
 jobs:
   proxy-sanity-check:
diff --git a/internal/file/file_manager_service.go b/internal/file/file_manager_service.go
@@ -162,6 +162,7 @@ func (fms *FileManagerService) ConfigApply(ctx context.Context,
 		return model.Error, errors.New("fileOverview is nil")
 	}
 
+	// check if any file in request is outside the allowed directories
 	allowedErr := fms.checkAllowedDirectory(fileOverview.GetFiles())
 	if allowedErr != nil {
 		return model.Error, allowedErr
@@ -355,18 +356,28 @@ func (fms *FileManagerService) DetermineFileActions(
 	// if file is in manifestFiles but not in modified files, file has been deleted
 	// copy contents, set file action
 	for fileName, manifestFile := range filesMap {
-		_, exists := modifiedFiles[fileName]
+		_, existsInReq := modifiedFiles[fileName]
 
+		// allowed directories may have been updated since manifest file was written
+		// if file is outside allowed directories skip deletion and return error
 		if !fms.agentConfig.IsDirectoryAllowed(fileName) {
 			return nil, fmt.Errorf("error deleting file %s: file not in allowed directories", fileName)
 		}
 
+		// if file is unmanaged skip deletion
+		if manifestFile.GetUnmanaged() {
+			slog.DebugContext(ctx, "Skipping unmanaged file deletion", "file_name", fileName)
+			continue
+		}
+
+		// if file doesn't exist on disk skip deletion
 		if _, err := os.Stat(fileName); os.IsNotExist(err) {
 			slog.DebugContext(ctx, "File already deleted, skipping", "file", fileName)
 			continue
 		}
 
-		if !exists {
+		// go ahead and delete the file
+		if !existsInReq {
 			fileDiff[fileName] = &model.FileCache{
 				File:   manifestFile,
 				Action: model.Delete,
@@ -382,6 +393,7 @@ func (fms *FileManagerService) DetermineFileActions(
 
 		// if file is unmanaged, action is set to unchanged so file is skipped when performing actions
 		if modifiedFile.File.GetUnmanaged() {
+			slog.DebugContext(ctx, "Skipping unmanaged file updates", "file_name", fileName)
 			continue
 		}
 		// if file doesn't exist in the current files, file has been added
@@ -729,6 +741,7 @@ func (fms *FileManagerService) convertToManifestFile(file *mpi.File, referenced
 			Size:       file.GetFileMeta().GetSize(),
 			Hash:       file.GetFileMeta().GetHash(),
 			Referenced: referenced,
+			Unmanaged:  file.GetUnmanaged(),
 		},
 	}
 }
@@ -750,6 +763,7 @@ func (fms *FileManagerService) convertToFile(manifestFile *model.ManifestFile) *
 			Hash: manifestFile.ManifestFileMeta.Hash,
 			Size: manifestFile.ManifestFileMeta.Size,
 		},
+		Unmanaged: manifestFile.ManifestFileMeta.Unmanaged,
 	}
 }
 
diff --git a/internal/model/config.go b/internal/model/config.go
@@ -45,6 +45,8 @@ type ManifestFileMeta struct {
 	Size int64 `json:"size"`
 	// File referenced in the NGINX config
 	Referenced bool `json:"referenced"`
+	// File is not managed by the agent
+	Unmanaged bool `json:"unmanaged"`
 }
 type ConfigApplyMessage struct {
 	Error         error

Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,8 @@ type ManifestFileMeta struct {`
`45`	`45`	Size int64 `json:"size"`
`46`	`46`	`// File referenced in the NGINX config`
`47`	`47`	Referenced bool `json:"referenced"`
	`48`	`+ // File is not managed by the agent`
	`49`	+ Unmanaged bool `json:"unmanaged"`
`48`	`50`	`}`
`49`	`51`	`type ConfigApplyMessage struct {`
`50`	`52`	`Error error`