chef 16.5.64 → 16.8.14
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +6 -14
- data/README.md +1 -1
- data/Rakefile +21 -14
- data/chef-universal-mingw32.gemspec +1 -1
- data/chef.gemspec +3 -2
- data/lib/chef/application.rb +2 -2
- data/lib/chef/application/base.rb +1 -1
- data/lib/chef/application/client.rb +7 -2
- data/lib/chef/application/knife.rb +1 -1
- data/lib/chef/application/solo.rb +1 -1
- data/lib/chef/chef_fs/chef_fs_data_store.rb +1 -1
- data/lib/chef/chef_fs/data_handler/cookbook_data_handler.rb +1 -1
- data/lib/chef/chef_fs/file_pattern.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
- data/lib/chef/client.rb +6 -32
- data/lib/chef/compliance/default_attributes.rb +89 -0
- data/lib/chef/compliance/fetcher/automate.rb +69 -0
- data/lib/chef/compliance/fetcher/chef_server.rb +134 -0
- data/lib/chef/compliance/reporter/automate.rb +202 -0
- data/lib/chef/compliance/reporter/chef_server_automate.rb +94 -0
- data/lib/chef/compliance/reporter/compliance_enforcer.rb +20 -0
- data/lib/chef/compliance/reporter/json_file.rb +19 -0
- data/lib/chef/compliance/runner.rb +261 -0
- data/lib/chef/cookbook/gem_installer.rb +1 -1
- data/lib/chef/cookbook_manifest.rb +2 -1
- data/lib/chef/cookbook_site_streaming_uploader.rb +1 -1
- data/lib/chef/cookbook_version.rb +2 -5
- data/lib/chef/data_collector.rb +1 -1
- data/lib/chef/encrypted_data_bag_item/assertions.rb +1 -1
- data/lib/chef/environment.rb +1 -1
- data/lib/chef/event_loggers/windows_eventlog.rb +1 -1
- data/lib/chef/exceptions.rb +5 -1
- data/lib/chef/file_access_control/windows.rb +1 -4
- data/lib/chef/file_content_management/tempfile.rb +1 -1
- data/lib/chef/formatters/error_inspectors/compile_error_inspector.rb +2 -2
- data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +5 -5
- data/lib/chef/formatters/indentable_output_stream.rb +2 -2
- data/lib/chef/guard_interpreter/resource_guard_interpreter.rb +28 -39
- data/lib/chef/http.rb +2 -12
- data/lib/chef/http/basic_client.rb +1 -1
- data/lib/chef/http/http_request.rb +1 -1
- data/lib/chef/http/socketless_chef_zero_client.rb +1 -1
- data/lib/chef/http/ssl_policies.rb +6 -0
- data/lib/chef/json_compat.rb +2 -7
- data/lib/chef/key.rb +1 -1
- data/lib/chef/knife/bootstrap.rb +2 -1
- data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +2 -2
- data/lib/chef/knife/bootstrap/train_connector.rb +1 -1
- data/lib/chef/knife/config_show.rb +1 -1
- data/lib/chef/knife/core/cookbook_scm_repo.rb +1 -1
- data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
- data/lib/chef/knife/core/ui.rb +5 -2
- data/lib/chef/knife/core/windows_bootstrap_context.rb +7 -4
- data/lib/chef/knife/node_policy_set.rb +2 -2
- data/lib/chef/knife/node_run_list_add.rb +1 -1
- data/lib/chef/knife/node_run_list_remove.rb +1 -1
- data/lib/chef/knife/node_run_list_set.rb +1 -1
- data/lib/chef/knife/role_env_run_list_add.rb +1 -1
- data/lib/chef/knife/role_env_run_list_set.rb +1 -1
- data/lib/chef/knife/role_run_list_add.rb +1 -1
- data/lib/chef/knife/role_run_list_set.rb +1 -1
- data/lib/chef/knife/search.rb +0 -1
- data/lib/chef/knife/ssh.rb +5 -3
- data/lib/chef/knife/tag_create.rb +1 -1
- data/lib/chef/knife/tag_delete.rb +1 -1
- data/lib/chef/local_mode.rb +1 -1
- data/lib/chef/mixin/convert_to_class_name.rb +0 -56
- data/lib/chef/mixin/openssl_helper.rb +1 -1
- data/lib/chef/mixin/powershell_exec.rb +24 -10
- data/lib/chef/mixin/powershell_out.rb +12 -5
- data/lib/chef/mixin/properties.rb +2 -0
- data/lib/chef/mixin/template.rb +1 -1
- data/lib/chef/mixin/unformatter.rb +1 -1
- data/lib/chef/mixin/uris.rb +3 -1
- data/lib/chef/node/attribute_collections.rb +2 -6
- data/lib/chef/node/mixin/immutablize_hash.rb +2 -0
- data/lib/chef/node_map.rb +2 -2
- data/lib/chef/platform/query_helpers.rb +4 -4
- data/lib/chef/policy_builder/dynamic.rb +2 -0
- data/lib/chef/powershell.rb +10 -4
- data/lib/chef/property.rb +1 -1
- data/lib/chef/provider.rb +1 -1
- data/lib/chef/provider/cron.rb +2 -13
- data/lib/chef/provider/dsc_resource.rb +12 -24
- data/lib/chef/provider/dsc_script.rb +16 -20
- data/lib/chef/provider/file.rb +1 -1
- data/lib/chef/provider/git.rb +5 -5
- data/lib/chef/provider/group.rb +14 -6
- data/lib/chef/provider/group/windows.rb +12 -1
- data/lib/chef/provider/ifconfig.rb +8 -8
- data/lib/chef/provider/ifconfig/debian.rb +38 -22
- data/lib/chef/provider/ifconfig/redhat.rb +54 -18
- data/lib/chef/provider/launchd.rb +1 -11
- data/lib/chef/provider/link.rb +0 -9
- data/lib/chef/provider/mount.rb +18 -1
- data/lib/chef/provider/mount/linux.rb +4 -0
- data/lib/chef/provider/mount/mount.rb +41 -43
- data/lib/chef/provider/package.rb +3 -0
- data/lib/chef/provider/package/apt.rb +1 -1
- data/lib/chef/provider/package/chocolatey.rb +6 -6
- data/lib/chef/provider/package/dpkg.rb +3 -12
- data/lib/chef/provider/package/freebsd/base.rb +3 -2
- data/lib/chef/provider/package/freebsd/pkgng.rb +1 -1
- data/lib/chef/provider/package/homebrew.rb +1 -1
- data/lib/chef/provider/package/ips.rb +1 -1
- data/lib/chef/provider/package/powershell.rb +2 -3
- data/lib/chef/provider/package/rubygems.rb +1 -1
- data/lib/chef/provider/package/snap.rb +1 -3
- data/lib/chef/provider/package/solaris.rb +0 -2
- data/lib/chef/provider/package/yum/rpm_utils.rb +1 -1
- data/lib/chef/provider/package/zypper.rb +98 -71
- data/lib/chef/provider/powershell_script.rb +12 -1
- data/lib/chef/provider/registry_key.rb +4 -3
- data/lib/chef/provider/route.rb +2 -2
- data/lib/chef/provider/service/debian.rb +2 -1
- data/lib/chef/provider/service/redhat.rb +1 -1
- data/lib/chef/provider/user.rb +17 -9
- data/lib/chef/provider/user/aix.rb +1 -1
- data/lib/chef/provider/user/dscl.rb +2 -2
- data/lib/chef/provider/user/mac.rb +14 -6
- data/lib/chef/provider/user/solaris.rb +1 -1
- data/lib/chef/provider/user/windows.rb +10 -3
- data/lib/chef/providers.rb +0 -3
- data/lib/chef/pwsh.rb +71 -0
- data/lib/chef/resource.rb +1 -1
- data/lib/chef/resource/apt_repository.rb +6 -5
- data/lib/chef/resource/bash.rb +119 -1
- data/lib/chef/resource/batch.rb +1 -1
- data/lib/chef/resource/breakpoint.rb +3 -1
- data/lib/chef/resource/build_essential.rb +5 -8
- data/lib/chef/resource/chef_client_config.rb +313 -0
- data/lib/chef/resource/chef_client_cron.rb +5 -5
- data/lib/chef/resource/chef_client_scheduled_task.rb +4 -4
- data/lib/chef/resource/chef_client_systemd_timer.rb +5 -5
- data/lib/chef/resource/chef_handler.rb +1 -0
- data/lib/chef/resource/chef_sleep.rb +1 -1
- data/lib/chef/resource/cron/_cron_shared.rb +1 -0
- data/lib/chef/resource/cron/cron_d.rb +2 -2
- data/lib/chef/resource/csh.rb +2 -2
- data/lib/chef/resource/dsc_script.rb +8 -1
- data/lib/chef/resource/execute.rb +6 -4
- data/lib/chef/resource/file.rb +2 -2
- data/lib/chef/resource/homebrew_update.rb +4 -1
- data/lib/chef/resource/hostname.rb +5 -5
- data/lib/chef/resource/ifconfig.rb +52 -5
- data/lib/chef/resource/kernel_module.rb +1 -1
- data/lib/chef/resource/ksh.rb +3 -3
- data/lib/chef/resource/launchd.rb +15 -15
- data/lib/chef/resource/lwrp_base.rb +3 -5
- data/lib/chef/resource/mount.rb +8 -2
- data/lib/chef/resource/perl.rb +2 -2
- data/lib/chef/resource/plist.rb +2 -6
- data/lib/chef/resource/powershell_package_source.rb +19 -18
- data/lib/chef/resource/powershell_script.rb +14 -11
- data/lib/chef/resource/python.rb +2 -2
- data/lib/chef/resource/registry_key.rb +93 -2
- data/lib/chef/resource/route.rb +1 -1
- data/lib/chef/resource/ruby.rb +2 -2
- data/lib/chef/resource/scm/_scm.rb +2 -1
- data/lib/chef/resource/scm/git.rb +82 -1
- data/lib/chef/resource/scm/subversion.rb +12 -0
- data/lib/chef/resource/script.rb +2 -2
- data/lib/chef/resource/solaris_package.rb +0 -2
- data/lib/chef/resource/sudo.rb +1 -1
- data/lib/chef/resource/support/client.erb +64 -0
- data/lib/chef/resource/systemd_unit.rb +42 -1
- data/lib/chef/resource/template.rb +2 -2
- data/lib/chef/resource/windows_ad_join.rb +9 -9
- data/lib/chef/resource/windows_audit_policy.rb +26 -24
- data/lib/chef/resource/windows_certificate.rb +13 -7
- data/lib/chef/resource/windows_dfs_server.rb +7 -4
- data/lib/chef/resource/windows_env.rb +173 -0
- data/lib/chef/resource/windows_feature.rb +2 -0
- data/lib/chef/resource/windows_firewall_profile.rb +7 -12
- data/lib/chef/resource/windows_firewall_rule.rb +9 -11
- data/lib/chef/resource/windows_font.rb +1 -1
- data/lib/chef/resource/windows_package.rb +1 -0
- data/lib/chef/resource/windows_path.rb +38 -0
- data/lib/chef/resource/windows_security_policy.rb +5 -5
- data/lib/chef/resource/windows_service.rb +108 -0
- data/lib/chef/resource/windows_share.rb +18 -18
- data/lib/chef/resource/windows_task.rb +629 -28
- data/lib/chef/resource/windows_workgroup.rb +6 -4
- data/lib/chef/resource/yum_repository.rb +1 -1
- data/lib/chef/resource_collection/resource_set.rb +2 -6
- data/lib/chef/resource_inspector.rb +77 -75
- data/lib/chef/resource_reporter.rb +0 -2
- data/lib/chef/resources.rb +1 -0
- data/lib/chef/run_lock.rb +2 -2
- data/lib/chef/search/query.rb +3 -1
- data/lib/chef/server_api.rb +0 -4
- data/lib/chef/shell/ext.rb +1 -1
- data/lib/chef/util/backup.rb +1 -1
- data/lib/chef/util/dsc/configuration_generator.rb +52 -11
- data/lib/chef/util/dsc/lcm_output_parser.rb +4 -7
- data/lib/chef/util/dsc/local_configuration_manager.rb +18 -15
- data/lib/chef/util/dsc/resource_store.rb +5 -11
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/api/file.rb +4 -0
- data/lib/chef/win32/file.rb +1 -1
- data/lib/chef/win32/security/sid.rb +1 -1
- data/lib/chef/win32/unicode.rb +1 -1
- data/spec/functional/mixin/powershell_out_spec.rb +11 -3
- data/spec/functional/resource/apt_package_spec.rb +4 -6
- data/spec/functional/resource/chocolatey_package_spec.rb +3 -3
- data/spec/functional/resource/cron_spec.rb +3 -3
- data/spec/functional/resource/dsc_script_spec.rb +6 -9
- data/spec/functional/resource/mount_spec.rb +10 -2
- data/spec/functional/resource/powershell_package_source_spec.rb +107 -0
- data/spec/functional/resource/powershell_script_spec.rb +57 -14
- data/spec/functional/resource/windows_certificate_spec.rb +10 -6
- data/spec/functional/resource/windows_firewall_rule_spec.rb +93 -0
- data/spec/functional/resource/windows_package_spec.rb +36 -10
- data/spec/functional/resource/windows_share_spec.rb +103 -0
- data/spec/functional/resource/windows_task_spec.rb +2 -3
- data/spec/functional/resource/zypper_package_spec.rb +11 -0
- data/spec/integration/client/client_spec.rb +2 -1
- data/spec/integration/compliance/compliance_spec.rb +81 -0
- data/spec/integration/knife/client_key_create_spec.rb +1 -1
- data/spec/integration/knife/node_create_spec.rb +1 -1
- data/spec/integration/knife/node_environment_set_spec.rb +1 -1
- data/spec/integration/knife/node_run_list_add_spec.rb +4 -4
- data/spec/integration/knife/node_run_list_remove_spec.rb +1 -1
- data/spec/integration/knife/node_run_list_set_spec.rb +1 -1
- data/spec/integration/knife/node_show_spec.rb +1 -1
- data/spec/integration/recipes/notifies_spec.rb +1 -1
- data/spec/integration/recipes/provider_choice.rb +2 -2
- data/spec/integration/recipes/recipe_dsl_spec.rb +1 -0
- data/spec/spec_helper.rb +3 -4
- data/spec/support/lib/chef/resource/cat.rb +1 -1
- data/spec/support/lib/chef/resource/one_two_three_four.rb +1 -1
- data/spec/support/mock/platform.rb +24 -16
- data/spec/support/platform_helpers.rb +11 -4
- data/spec/support/shared/unit/knife_shared.rb +1 -1
- data/spec/support/shared/unit/script_resource.rb +4 -4
- data/spec/support/shared/unit/windows_script_resource.rb +1 -1
- data/spec/unit/chef_fs/config_spec.rb +1 -1
- data/spec/unit/chef_fs/data_handler/data_bag_item_data_handler.rb +1 -1
- data/spec/unit/client_spec.rb +17 -0
- data/spec/unit/compliance/fetcher/automate_spec.rb +134 -0
- data/spec/unit/compliance/fetcher/chef_server_spec.rb +93 -0
- data/spec/unit/compliance/reporter/automate_spec.rb +427 -0
- data/spec/unit/compliance/reporter/chef_server_automate_spec.rb +177 -0
- data/spec/unit/compliance/reporter/compliance_enforcer_spec.rb +48 -0
- data/spec/unit/compliance/runner_spec.rb +140 -0
- data/spec/unit/data_collector_spec.rb +0 -4
- data/spec/unit/guard_interpreter/resource_guard_interpreter_spec.rb +11 -11
- data/spec/unit/http/ssl_policies_spec.rb +11 -0
- data/spec/unit/knife/client_create_spec.rb +2 -2
- data/spec/unit/knife/configure_client_spec.rb +5 -5
- data/spec/unit/knife/configure_spec.rb +3 -3
- data/spec/unit/knife/cookbook_delete_spec.rb +2 -2
- data/spec/unit/knife/cookbook_download_spec.rb +2 -2
- data/spec/unit/knife/cookbook_list_spec.rb +2 -2
- data/spec/unit/knife/cookbook_metadata_spec.rb +3 -3
- data/spec/unit/knife/core/node_editor_spec.rb +1 -1
- data/spec/unit/knife/environment_compare_spec.rb +3 -3
- data/spec/unit/knife/supermarket_download_spec.rb +8 -8
- data/spec/unit/knife/supermarket_list_spec.rb +3 -3
- data/spec/unit/knife/supermarket_search_spec.rb +1 -1
- data/spec/unit/knife/tag_create_spec.rb +1 -1
- data/spec/unit/knife/tag_delete_spec.rb +1 -1
- data/spec/unit/knife/user_create_spec.rb +1 -1
- data/spec/unit/mixin/powershell_exec_spec.rb +41 -4
- data/spec/unit/mixin/powershell_out_spec.rb +14 -0
- data/spec/unit/mixin/which.rb +1 -1
- data/spec/unit/platform/query_helpers_spec.rb +11 -12
- data/spec/unit/provider/dsc_resource_spec.rb +10 -27
- data/spec/unit/provider/dsc_script_spec.rb +1 -1
- data/spec/unit/provider/group/windows_spec.rb +6 -0
- data/spec/unit/provider/group_spec.rb +1 -1
- data/spec/unit/provider/mount/linux_spec.rb +10 -0
- data/spec/unit/provider/mount/mount_spec.rb +21 -10
- data/spec/unit/provider/mount/solaris_spec.rb +1 -1
- data/spec/unit/provider/mount/windows_spec.rb +1 -0
- data/spec/unit/provider/mount_spec.rb +31 -0
- data/spec/unit/provider/package/chocolatey_spec.rb +1 -2
- data/spec/unit/provider/package/powershell_spec.rb +87 -95
- data/spec/unit/provider/package/zypper_spec.rb +0 -25
- data/spec/unit/provider/package_spec.rb +2 -2
- data/spec/unit/provider/powershell_script_spec.rb +11 -0
- data/spec/unit/provider/subversion_spec.rb +0 -3
- data/spec/unit/provider/systemd_unit_spec.rb +1 -1
- data/spec/unit/provider/user_spec.rb +7 -1
- data/spec/unit/provider/windows_env_spec.rb +18 -34
- data/spec/unit/provider/windows_path_spec.rb +6 -11
- data/spec/unit/provider/windows_task_spec.rb +7 -6
- data/spec/unit/resource/breakpoint_spec.rb +1 -1
- data/spec/unit/resource/build_essential_spec.rb +0 -12
- data/spec/unit/resource/chef_client_config_spec.rb +137 -0
- data/spec/unit/resource/ifconfig_spec.rb +2 -10
- data/spec/unit/resource/mount_spec.rb +18 -5
- data/spec/unit/resource/powershell_package_source_spec.rb +20 -20
- data/spec/unit/resource/powershell_script_spec.rb +4 -74
- data/spec/unit/resource/service_spec.rb +2 -2
- data/spec/unit/resource/solaris_package_spec.rb +8 -10
- data/spec/unit/resource/windows_certificate_spec.rb +12 -0
- data/spec/unit/resource_inspector_spec.rb +3 -3
- data/spec/unit/shell_spec.rb +2 -2
- data/spec/unit/util/dsc/configuration_generator_spec.rb +79 -0
- data/spec/unit/util/dsc/local_configuration_manager_spec.rb +27 -35
- data/tasks/rspec.rb +1 -1
- metadata +47 -24
- data/lib/chef/monkey_patches/net_http.rb +0 -22
- data/lib/chef/provider/windows_env.rb +0 -210
- data/lib/chef/provider/windows_path.rb +0 -61
- data/lib/chef/provider/windows_task.rb +0 -631
- data/lib/chef/util/powershell/cmdlet.rb +0 -175
- data/lib/chef/util/powershell/cmdlet_result.rb +0 -61
- data/spec/functional/util/powershell/cmdlet_spec.rb +0 -111
- data/spec/support/mock/constant.rb +0 -52
- data/spec/unit/monkey_patches/uri_spec.rb +0 -34
- data/spec/unit/provider_resolver_spec.rb +0 -885
- data/spec/unit/resource/data/InstallHistory_with_CLT.plist +0 -92
- data/spec/unit/resource/data/InstallHistory_without_CLT.plist +0 -38
- data/spec/unit/util/powershell/cmdlet_spec.rb +0 -106
@@ -0,0 +1,134 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
require "chef/compliance/fetcher/automate"
|
3
|
+
|
4
|
+
describe Chef::Compliance::Fetcher::Automate do
|
5
|
+
describe ".resolve" do
|
6
|
+
before do
|
7
|
+
Chef::Config[:data_collector] = {
|
8
|
+
server_url: "https://automate.test/data_collector",
|
9
|
+
token: token,
|
10
|
+
}
|
11
|
+
end
|
12
|
+
|
13
|
+
let(:token) { "fake_token" }
|
14
|
+
|
15
|
+
context "when target is a string" do
|
16
|
+
it "should resolve a compliance URL" do
|
17
|
+
res = Chef::Compliance::Fetcher::Automate.resolve("compliance://namespace/profile_name")
|
18
|
+
|
19
|
+
expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
|
20
|
+
expected = "https://automate.test/compliance/profiles/namespace/profile_name/tar"
|
21
|
+
expect(res.target).to eq(expected)
|
22
|
+
end
|
23
|
+
|
24
|
+
it "raises an exception with no data collector token" do
|
25
|
+
Chef::Config[:data_collector].delete(:token)
|
26
|
+
|
27
|
+
expect {
|
28
|
+
Chef::Compliance::Fetcher::Automate.resolve("compliance://namespace/profile_name")
|
29
|
+
}.to raise_error(/No data-collector token set/)
|
30
|
+
end
|
31
|
+
|
32
|
+
it "includes the data collector token" do
|
33
|
+
expect(Chef::Compliance::Fetcher::Automate).to receive(:new).with(
|
34
|
+
"https://automate.test/compliance/profiles/namespace/profile_name/tar",
|
35
|
+
hash_including("token" => token)
|
36
|
+
).and_call_original
|
37
|
+
|
38
|
+
res = Chef::Compliance::Fetcher::Automate.resolve("compliance://namespace/profile_name")
|
39
|
+
|
40
|
+
expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
|
41
|
+
expected = "https://automate.test/compliance/profiles/namespace/profile_name/tar"
|
42
|
+
expect(res.target).to eq(expected)
|
43
|
+
end
|
44
|
+
|
45
|
+
it "returns nil with a non-compliance URL" do
|
46
|
+
res = Chef::Compliance::Fetcher::Automate.resolve("http://github.com/chef-cookbooks/audit")
|
47
|
+
|
48
|
+
expect(res).to eq(nil)
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
context "when target is a hash" do
|
53
|
+
it "should resolve a target with a version" do
|
54
|
+
res = Chef::Compliance::Fetcher::Automate.resolve(
|
55
|
+
compliance: "namespace/profile_name",
|
56
|
+
version: "1.2.3"
|
57
|
+
)
|
58
|
+
|
59
|
+
expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
|
60
|
+
expected = "https://automate.test/compliance/profiles/namespace/profile_name/version/1.2.3/tar"
|
61
|
+
expect(res.target).to eq(expected)
|
62
|
+
end
|
63
|
+
|
64
|
+
it "should resolve a target without a version" do
|
65
|
+
res = Chef::Compliance::Fetcher::Automate.resolve(
|
66
|
+
compliance: "namespace/profile_name"
|
67
|
+
)
|
68
|
+
|
69
|
+
expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
|
70
|
+
expected = "https://automate.test/compliance/profiles/namespace/profile_name/tar"
|
71
|
+
expect(res.target).to eq(expected)
|
72
|
+
end
|
73
|
+
|
74
|
+
it "uses url key when present" do
|
75
|
+
res = Chef::Compliance::Fetcher::Automate.resolve(
|
76
|
+
compliance: "namespace/profile_name",
|
77
|
+
version: "1.2.3",
|
78
|
+
url: "https://profile.server.test/profiles/profile_name/1.2.3"
|
79
|
+
)
|
80
|
+
|
81
|
+
expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
|
82
|
+
expected = "https://profile.server.test/profiles/profile_name/1.2.3"
|
83
|
+
expect(res.target).to eq(expected)
|
84
|
+
end
|
85
|
+
|
86
|
+
it "does not include token in the config when url key is present" do
|
87
|
+
expect(Chef::Compliance::Fetcher::Automate).to receive(:new).with(
|
88
|
+
"https://profile.server.test/profiles/profile_name/1.2.3",
|
89
|
+
hash_including("token" => nil)
|
90
|
+
).and_call_original
|
91
|
+
|
92
|
+
res = Chef::Compliance::Fetcher::Automate.resolve(
|
93
|
+
compliance: "namespace/profile_name",
|
94
|
+
version: "1.2.3",
|
95
|
+
url: "https://profile.server.test/profiles/profile_name/1.2.3"
|
96
|
+
)
|
97
|
+
|
98
|
+
expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
|
99
|
+
expected = "https://profile.server.test/profiles/profile_name/1.2.3"
|
100
|
+
expect(res.target).to eq(expected)
|
101
|
+
end
|
102
|
+
|
103
|
+
it "raises an exception with no data collector token" do
|
104
|
+
Chef::Config[:data_collector].delete(:token)
|
105
|
+
|
106
|
+
expect {
|
107
|
+
Chef::Compliance::Fetcher::Automate.resolve(compliance: "namespace/profile_name")
|
108
|
+
}.to raise_error(Inspec::FetcherFailure, /No data-collector token set/)
|
109
|
+
end
|
110
|
+
|
111
|
+
it "includes the data collector token" do
|
112
|
+
expect(Chef::Compliance::Fetcher::Automate).to receive(:new).with(
|
113
|
+
"https://automate.test/compliance/profiles/namespace/profile_name/tar",
|
114
|
+
hash_including("token" => token)
|
115
|
+
).and_call_original
|
116
|
+
|
117
|
+
res = Chef::Compliance::Fetcher::Automate.resolve(compliance: "namespace/profile_name")
|
118
|
+
|
119
|
+
expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
|
120
|
+
expected = "https://automate.test/compliance/profiles/namespace/profile_name/tar"
|
121
|
+
expect(res.target).to eq(expected)
|
122
|
+
end
|
123
|
+
|
124
|
+
it "returns nil with a non-profile Hash" do
|
125
|
+
res = Chef::Compliance::Fetcher::Automate.resolve(
|
126
|
+
profile: "namespace/profile_name",
|
127
|
+
version: "1.2.3"
|
128
|
+
)
|
129
|
+
|
130
|
+
expect(res).to eq(nil)
|
131
|
+
end
|
132
|
+
end
|
133
|
+
end
|
134
|
+
end
|
@@ -0,0 +1,93 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
require "chef/compliance/fetcher/chef_server"
|
3
|
+
|
4
|
+
describe Chef::Compliance::Fetcher::ChefServer do
|
5
|
+
let(:node) do
|
6
|
+
Chef::Node.new.tap do |n|
|
7
|
+
n.default["audit"] = {}
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
before :each do
|
12
|
+
allow(Chef).to receive(:node).and_return(node)
|
13
|
+
|
14
|
+
Chef::Config[:chef_server_url] = "http://127.0.0.1:8889/organizations/my_org"
|
15
|
+
end
|
16
|
+
|
17
|
+
describe ".resolve" do
|
18
|
+
context "when target is a string" do
|
19
|
+
it "should resolve a compliance URL" do
|
20
|
+
res = Chef::Compliance::Fetcher::ChefServer.resolve("compliance://namespace/profile_name")
|
21
|
+
|
22
|
+
expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
|
23
|
+
expected = "http://127.0.0.1:8889/organizations/my_org/owners/namespace/compliance/profile_name/tar"
|
24
|
+
expect(res.target).to eq(expected)
|
25
|
+
end
|
26
|
+
|
27
|
+
it "should add /compliance URL prefix if needed" do
|
28
|
+
node.default["audit"]["fetcher"] = "chef-server"
|
29
|
+
res = Chef::Compliance::Fetcher::ChefServer.resolve("compliance://namespace/profile_name")
|
30
|
+
|
31
|
+
expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
|
32
|
+
expected = "http://127.0.0.1:8889/compliance/organizations/my_org/owners/namespace/compliance/profile_name/tar"
|
33
|
+
expect(res.target).to eq(expected)
|
34
|
+
end
|
35
|
+
|
36
|
+
it "includes user in the URL if present" do
|
37
|
+
res = Chef::Compliance::Fetcher::ChefServer.resolve("compliance://username@namespace/profile_name")
|
38
|
+
|
39
|
+
expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
|
40
|
+
expected = "http://127.0.0.1:8889/organizations/my_org/owners/username@namespace/compliance/profile_name/tar"
|
41
|
+
expect(res.target).to eq(expected)
|
42
|
+
end
|
43
|
+
|
44
|
+
it "returns nil with a non-compliance URL" do
|
45
|
+
res = Chef::Compliance::Fetcher::ChefServer.resolve("http://github.com/chef-cookbooks/audit")
|
46
|
+
|
47
|
+
expect(res).to eq(nil)
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
context "when target is a hash" do
|
52
|
+
it "should resolve a target with a version" do
|
53
|
+
res = Chef::Compliance::Fetcher::ChefServer.resolve(
|
54
|
+
compliance: "namespace/profile_name",
|
55
|
+
version: "1.2.3"
|
56
|
+
)
|
57
|
+
|
58
|
+
expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
|
59
|
+
expected = "http://127.0.0.1:8889/organizations/my_org/owners/namespace/compliance/profile_name/version/1.2.3/tar"
|
60
|
+
expect(res.target).to eq(expected)
|
61
|
+
end
|
62
|
+
|
63
|
+
it "should resolve a target without a version" do
|
64
|
+
res = Chef::Compliance::Fetcher::ChefServer.resolve(
|
65
|
+
compliance: "namespace/profile_name"
|
66
|
+
)
|
67
|
+
|
68
|
+
expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
|
69
|
+
expected = "http://127.0.0.1:8889/organizations/my_org/owners/namespace/compliance/profile_name/tar"
|
70
|
+
expect(res.target).to eq(expected)
|
71
|
+
end
|
72
|
+
|
73
|
+
it "includes user in the URL if present" do
|
74
|
+
res = Chef::Compliance::Fetcher::ChefServer.resolve(
|
75
|
+
compliance: "username@namespace/profile_name"
|
76
|
+
)
|
77
|
+
|
78
|
+
expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
|
79
|
+
expected = "http://127.0.0.1:8889/organizations/my_org/owners/username@namespace/compliance/profile_name/tar"
|
80
|
+
expect(res.target).to eq(expected)
|
81
|
+
end
|
82
|
+
|
83
|
+
it "returns nil with a non-profile Hash" do
|
84
|
+
res = Chef::Compliance::Fetcher::ChefServer.resolve(
|
85
|
+
profile: "namespace/profile_name",
|
86
|
+
version: "1.2.3"
|
87
|
+
)
|
88
|
+
|
89
|
+
expect(res).to eq(nil)
|
90
|
+
end
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
@@ -0,0 +1,427 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
require "json" # For .to_json
|
3
|
+
|
4
|
+
describe Chef::Compliance::Reporter::Automate do
|
5
|
+
let(:reporter) { Chef::Compliance::Reporter::Automate.new(opts) }
|
6
|
+
|
7
|
+
let(:opts) do
|
8
|
+
{
|
9
|
+
entity_uuid: "aaaaaaaa-709a-475d-bef5-zzzzzzzzzzzz",
|
10
|
+
run_id: "3f0536f7-3361-4bca-ae53-b45118dceb5d",
|
11
|
+
node_info: {
|
12
|
+
node: "chef-client.solo",
|
13
|
+
environment: "My Prod Env",
|
14
|
+
roles: %w{base_linux apache_linux},
|
15
|
+
recipes: ["some_cookbook::some_recipe", "some_cookbook"],
|
16
|
+
policy_name: "test_policy_name",
|
17
|
+
policy_group: "test_policy_group",
|
18
|
+
chef_tags: ["mylinux", "my.tag", "some=tag"],
|
19
|
+
organization_name: "test_org",
|
20
|
+
source_fqdn: "api.chef.io",
|
21
|
+
ipaddress: "192.168.56.33",
|
22
|
+
fqdn: "lb1.prod.example.com",
|
23
|
+
},
|
24
|
+
run_time_limit: 1.1,
|
25
|
+
control_results_limit: 2,
|
26
|
+
timestamp: Time.parse("2016-07-19T19:19:19+01:00"),
|
27
|
+
}
|
28
|
+
end
|
29
|
+
|
30
|
+
let(:inspec_report) do
|
31
|
+
{
|
32
|
+
"version": "1.2.1",
|
33
|
+
"profiles":
|
34
|
+
[{ "name": "tmp_compliance_profile",
|
35
|
+
"title": "/tmp Compliance Profile",
|
36
|
+
"summary": "An Example Compliance Profile",
|
37
|
+
"sha256": "7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd",
|
38
|
+
"version": "0.1.1",
|
39
|
+
"maintainer": "Nathen Harvey <nharvey@chef.io>",
|
40
|
+
"license": "Apache 2.0 License",
|
41
|
+
"copyright": "Nathen Harvey <nharvey@chef.io>",
|
42
|
+
"supports": [],
|
43
|
+
"controls":
|
44
|
+
[{ "title": "A /tmp directory must exist",
|
45
|
+
"desc": "A /tmp directory must exist",
|
46
|
+
"impact": 0.3,
|
47
|
+
"refs": [],
|
48
|
+
"tags": {},
|
49
|
+
"code": "control 'tmp-1.0' do\n impact 0.3\n title 'A /tmp directory must exist'\n desc 'A /tmp directory must exist'\n describe file '/tmp' do\n it { should be_directory }\n end\nend\n",
|
50
|
+
"source_location": { "ref": "/Users/vjeffrey/code/delivery/insights/data_generator/chef-client/cache/cookbooks/test-cookbook/recipes/../files/default/compliance_profiles/tmp_compliance_profile/controls/tmp.rb", "line": 3 },
|
51
|
+
"id": "tmp-1.0",
|
52
|
+
"results": [
|
53
|
+
{ "status": "passed", "code_desc": "File /tmp should be directory", "run_time": 0.002312, "start_time": "2016-10-19 11:09:43 -0400" },
|
54
|
+
],
|
55
|
+
},
|
56
|
+
{ "title": "/tmp directory is owned by the root user",
|
57
|
+
"desc": "The /tmp directory must be owned by the root user",
|
58
|
+
"impact": 0.3,
|
59
|
+
"refs": [{ "url": "https://pages.chef.io/rs/255-VFB-268/images/compliance-at-velocity2015.pdf", "ref": "Compliance Whitepaper" }],
|
60
|
+
"tags": { "production": nil, "development": nil, "identifier": "value", "remediation": "https://github.com/chef-cookbooks/audit" },
|
61
|
+
"code": "control 'tmp-1.1' do\n impact 0.3\n title '/tmp directory is owned by the root user'\n desc 'The /tmp directory must be owned by the root user'\n tag 'production','development'\n tag identifier: 'value'\n tag remediation: 'https://github.com/chef-cookbooks/audit'\n ref 'Compliance Whitepaper', url: 'https://pages.chef.io/rs/255-VFB-268/images/compliance-at-velocity2015.pdf'\n describe file '/tmp' do\n it { should be_owned_by 'root' }\n end\nend\n",
|
62
|
+
"source_location": { "ref": "/Users/vjeffrey/code/delivery/insights/data_generator/chef-client/cache/cookbooks/test-cookbook/recipes/../files/default/compliance_profiles/tmp_compliance_profile/controls/tmp.rb", "line": 12 },
|
63
|
+
"id": "tmp-1.1",
|
64
|
+
"results": [
|
65
|
+
{ "status": "passed", "code_desc": 'File /tmp should be owned by "root"', "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400" },
|
66
|
+
{ "status": "skipped", "code_desc": 'File /tmp should be owned by "root"', "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400" },
|
67
|
+
{ "status": "failed", "code_desc": "File /etc/hosts is expected to be directory", "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400", "message": "expected `File /etc/hosts.directory?` to return true, got false" },
|
68
|
+
],
|
69
|
+
},
|
70
|
+
],
|
71
|
+
"groups": [{ "title": "/tmp Compliance Profile", "controls": ["tmp-1.0", "tmp-1.1"], "id": "controls/tmp.rb" }],
|
72
|
+
"attributes": [{ "name": "syslog_pkg", "options": { "default": "rsyslog", "description": "syslog package..." } }] }],
|
73
|
+
"other_checks": [],
|
74
|
+
"statistics": { "duration": 0.032332 },
|
75
|
+
}
|
76
|
+
end
|
77
|
+
|
78
|
+
describe "#send_report" do
|
79
|
+
before :each do
|
80
|
+
WebMock.disable_net_connect!
|
81
|
+
|
82
|
+
Chef::Config[:data_collector] = { token: token, server_url: "https://automate.test/data_collector" }
|
83
|
+
end
|
84
|
+
|
85
|
+
let(:token) { "fake_token" }
|
86
|
+
|
87
|
+
it "sends report successfully to ChefAutomate with missing profiles" do
|
88
|
+
metasearch_stub = stub_request(:post, "https://automate.test/compliance/profiles/metasearch")
|
89
|
+
.with(
|
90
|
+
body: '{"sha256": ["7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd"]}',
|
91
|
+
headers: {
|
92
|
+
"Accept-Encoding" => "identity",
|
93
|
+
"X-Chef-Version" => Chef::VERSION,
|
94
|
+
"X-Data-Collector-Auth" => "version=1.0",
|
95
|
+
"X-Data-Collector-Token" => token,
|
96
|
+
}
|
97
|
+
).to_return(
|
98
|
+
status: 200,
|
99
|
+
body: '{"missing_sha256": ["7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd"]}'
|
100
|
+
)
|
101
|
+
|
102
|
+
report_stub = stub_request(:post, "https://automate.test/data_collector")
|
103
|
+
.with(
|
104
|
+
body: {
|
105
|
+
"version": "1.2.1",
|
106
|
+
"profiles": [
|
107
|
+
{
|
108
|
+
"name": "tmp_compliance_profile",
|
109
|
+
"title": "/tmp Compliance Profile",
|
110
|
+
"summary": "An Example Compliance Profile",
|
111
|
+
"sha256": "7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd",
|
112
|
+
"version": "0.1.1",
|
113
|
+
"maintainer": "Nathen Harvey <nharvey@chef.io>",
|
114
|
+
"license": "Apache 2.0 License",
|
115
|
+
"copyright": "Nathen Harvey <nharvey@chef.io>",
|
116
|
+
"supports": [],
|
117
|
+
"controls": [
|
118
|
+
{
|
119
|
+
"title": "A /tmp directory must exist",
|
120
|
+
"desc": "A /tmp directory must exist",
|
121
|
+
"impact": 0.3,
|
122
|
+
"refs": [],
|
123
|
+
"tags": {},
|
124
|
+
"code": "control 'tmp-1.0' do\n impact 0.3\n title 'A /tmp directory must exist'\n desc 'A /tmp directory must exist'\n describe file '/tmp' do\n it { should be_directory }\n end\nend\n",
|
125
|
+
"source_location": { "ref": "/Users/vjeffrey/code/delivery/insights/data_generator/chef-client/cache/cookbooks/test-cookbook/recipes/../files/default/compliance_profiles/tmp_compliance_profile/controls/tmp.rb", "line": 3 },
|
126
|
+
"id": "tmp-1.0",
|
127
|
+
"results": [
|
128
|
+
{ "status": "passed", "code_desc": "File /tmp should be directory", "run_time": 0.002312, "start_time": "2016-10-19 11:09:43 -0400" },
|
129
|
+
],
|
130
|
+
},
|
131
|
+
{
|
132
|
+
"title": "/tmp directory is owned by the root user",
|
133
|
+
"desc": "The /tmp directory must be owned by the root user",
|
134
|
+
"impact": 0.3,
|
135
|
+
"refs": [
|
136
|
+
{ "url": "https://pages.chef.io/rs/255-VFB-268/images/compliance-at-velocity2015.pdf", "ref": "Compliance Whitepaper" },
|
137
|
+
],
|
138
|
+
"tags": { "production": nil, "development": nil, "identifier": "value", "remediation": "https://github.com/chef-cookbooks/audit" },
|
139
|
+
"code": "control 'tmp-1.1' do\n impact 0.3\n title '/tmp directory is owned by the root user'\n desc 'The /tmp directory must be owned by the root user'\n tag 'production','development'\n tag identifier: 'value'\n tag remediation: 'https://github.com/chef-cookbooks/audit'\n ref 'Compliance Whitepaper', url: 'https://pages.chef.io/rs/255-VFB-268/images/compliance-at-velocity2015.pdf'\n describe file '/tmp' do\n it { should be_owned_by 'root' }\n end\nend\n",
|
140
|
+
"source_location": { "ref": "/Users/vjeffrey/code/delivery/insights/data_generator/chef-client/cache/cookbooks/test-cookbook/recipes/../files/default/compliance_profiles/tmp_compliance_profile/controls/tmp.rb", "line": 12 },
|
141
|
+
"id": "tmp-1.1",
|
142
|
+
"results": [
|
143
|
+
{ "status": "failed", "code_desc": "File /etc/hosts is expected to be directory", "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400", "message": "expected `File /etc/hosts.directory?` to return true, got false" },
|
144
|
+
{ "status": "skipped", "code_desc": 'File /tmp should be owned by "root"', "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400" },
|
145
|
+
],
|
146
|
+
"removed_results_counts": { "failed": 0, "skipped": 0, "passed": 1 },
|
147
|
+
},
|
148
|
+
],
|
149
|
+
"groups": [
|
150
|
+
{ "title": "/tmp Compliance Profile", "controls": ["tmp-1.0", "tmp-1.1"], "id": "controls/tmp.rb" },
|
151
|
+
],
|
152
|
+
"attributes": [
|
153
|
+
{ "name": "syslog_pkg", "options": { "default": "rsyslog", "description": "syslog package..." } },
|
154
|
+
],
|
155
|
+
},
|
156
|
+
],
|
157
|
+
"other_checks": [],
|
158
|
+
"statistics": { "duration": 0.032332 },
|
159
|
+
"type": "inspec_report",
|
160
|
+
"node_name": "chef-client.solo",
|
161
|
+
"end_time": "2016-07-19T18:19:19Z",
|
162
|
+
"node_uuid": "aaaaaaaa-709a-475d-bef5-zzzzzzzzzzzz",
|
163
|
+
"environment": "My Prod Env",
|
164
|
+
"roles": %w{base_linux apache_linux},
|
165
|
+
"recipes": ["some_cookbook::some_recipe", "some_cookbook"],
|
166
|
+
"report_uuid": "3f0536f7-3361-4bca-ae53-b45118dceb5d",
|
167
|
+
"source_fqdn": "api.chef.io",
|
168
|
+
"organization_name": "test_org",
|
169
|
+
"policy_group": "test_policy_group",
|
170
|
+
"policy_name": "test_policy_name",
|
171
|
+
"chef_tags": ["mylinux", "my.tag", "some=tag"],
|
172
|
+
"ipaddress": "192.168.56.33",
|
173
|
+
"fqdn": "lb1.prod.example.com",
|
174
|
+
"run_time_limit": 1.1,
|
175
|
+
},
|
176
|
+
headers: {
|
177
|
+
"Accept-Encoding" => "identity",
|
178
|
+
"X-Chef-Version" => Chef::VERSION,
|
179
|
+
"X-Data-Collector-Auth" => "version=1.0",
|
180
|
+
"X-Data-Collector-Token" => token,
|
181
|
+
}
|
182
|
+
).to_return(status: 200)
|
183
|
+
|
184
|
+
expect(reporter.send_report(inspec_report)).to eq(true)
|
185
|
+
|
186
|
+
expect(metasearch_stub).to have_been_requested
|
187
|
+
expect(report_stub).to have_been_requested
|
188
|
+
end
|
189
|
+
|
190
|
+
it "sends report successfully to ChefAutomate with seen profiles" do
|
191
|
+
metasearch_stub = stub_request(:post, "https://automate.test/compliance/profiles/metasearch")
|
192
|
+
.with(
|
193
|
+
body: '{"sha256": ["7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd"]}',
|
194
|
+
headers: {
|
195
|
+
"Accept-Encoding" => "identity",
|
196
|
+
"X-Chef-Version" => Chef::VERSION,
|
197
|
+
"X-Data-Collector-Auth" => "version=1.0",
|
198
|
+
"X-Data-Collector-Token" => token,
|
199
|
+
}
|
200
|
+
).to_return(
|
201
|
+
status: 200,
|
202
|
+
body: '{"missing_sha256": []}'
|
203
|
+
)
|
204
|
+
|
205
|
+
report_stub = stub_request(:post, "https://automate.test/data_collector")
|
206
|
+
.with(
|
207
|
+
body: {
|
208
|
+
"version": "1.2.1",
|
209
|
+
"profiles": [
|
210
|
+
{
|
211
|
+
"title": "/tmp Compliance Profile",
|
212
|
+
"sha256": "7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd",
|
213
|
+
"version": "0.1.1",
|
214
|
+
"controls": [
|
215
|
+
{
|
216
|
+
"id": "tmp-1.0",
|
217
|
+
"results": [
|
218
|
+
{ "status": "passed", "code_desc": "File /tmp should be directory" },
|
219
|
+
],
|
220
|
+
},
|
221
|
+
{
|
222
|
+
"id": "tmp-1.1",
|
223
|
+
"results": [
|
224
|
+
{ "status": "failed", "code_desc": "File /etc/hosts is expected to be directory", "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400", "message": "expected `File /etc/hosts.directory?` to return true, got false" },
|
225
|
+
{ "status": "skipped", "code_desc": 'File /tmp should be owned by "root"', "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400" },
|
226
|
+
],
|
227
|
+
"removed_results_counts": { "failed": 0, "skipped": 0, "passed": 1 },
|
228
|
+
},
|
229
|
+
],
|
230
|
+
"attributes": [
|
231
|
+
{ "name": "syslog_pkg", "options": { "default": "rsyslog", "description": "syslog package..." } },
|
232
|
+
],
|
233
|
+
},
|
234
|
+
],
|
235
|
+
"other_checks": [],
|
236
|
+
"statistics": { "duration": 0.032332 },
|
237
|
+
"type": "inspec_report",
|
238
|
+
"node_name": "chef-client.solo",
|
239
|
+
"end_time": "2016-07-19T18:19:19Z",
|
240
|
+
"node_uuid": "aaaaaaaa-709a-475d-bef5-zzzzzzzzzzzz",
|
241
|
+
"environment": "My Prod Env",
|
242
|
+
"roles": %w{base_linux apache_linux},
|
243
|
+
"recipes": ["some_cookbook::some_recipe", "some_cookbook"],
|
244
|
+
"report_uuid": "3f0536f7-3361-4bca-ae53-b45118dceb5d",
|
245
|
+
"source_fqdn": "api.chef.io",
|
246
|
+
"organization_name": "test_org",
|
247
|
+
"policy_group": "test_policy_group",
|
248
|
+
"policy_name": "test_policy_name",
|
249
|
+
"chef_tags": ["mylinux", "my.tag", "some=tag"],
|
250
|
+
"ipaddress": "192.168.56.33",
|
251
|
+
"fqdn": "lb1.prod.example.com",
|
252
|
+
"run_time_limit": 1.1,
|
253
|
+
},
|
254
|
+
headers: {
|
255
|
+
"Accept-Encoding" => "identity",
|
256
|
+
"X-Chef-Version" => Chef::VERSION,
|
257
|
+
"X-Data-Collector-Auth" => "version=1.0",
|
258
|
+
"X-Data-Collector-Token" => token,
|
259
|
+
}
|
260
|
+
).to_return(status: 200)
|
261
|
+
|
262
|
+
expect(reporter.send_report(inspec_report)).to eq(true)
|
263
|
+
|
264
|
+
expect(metasearch_stub).to have_been_requested
|
265
|
+
expect(report_stub).to have_been_requested
|
266
|
+
end
|
267
|
+
|
268
|
+
it "does not send report when entity_uuid is missing" do
|
269
|
+
opts.delete(:entity_uuid)
|
270
|
+
reporter = Chef::Compliance::Reporter::Automate.new(opts)
|
271
|
+
expect(reporter.send_report(inspec_report)).to eq(false)
|
272
|
+
end
|
273
|
+
end
|
274
|
+
|
275
|
+
describe "#truncate_controls_results" do
|
276
|
+
let(:report) do
|
277
|
+
{
|
278
|
+
"version": "1.2.1",
|
279
|
+
"profiles":
|
280
|
+
[{ "name": "tmp_compliance_profile",
|
281
|
+
"title": "/tmp Compliance Profile",
|
282
|
+
"summary": "An Example Compliance Profile",
|
283
|
+
"sha256": "7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215ff",
|
284
|
+
"version": "0.1.1",
|
285
|
+
"maintainer": "Nathen Harvey <nharvey@chef.io>",
|
286
|
+
"license": "Apache 2.0 License",
|
287
|
+
"copyright": "Nathen Harvey <nharvey@chef.io>",
|
288
|
+
"supports": [],
|
289
|
+
"controls":
|
290
|
+
[{ "id": "tmp-2.0",
|
291
|
+
"title": "A bunch of directories must exist",
|
292
|
+
"desc": "A bunch of directories must exist for testing",
|
293
|
+
"impact": 0.3,
|
294
|
+
"refs": [],
|
295
|
+
"tags": {},
|
296
|
+
"code": "control 'tmp-2.0' do\n impact 0.3\n title 'A bunch of directories must exist'\n desc 'A bunch of directories must exist for testing'\n describe file '/tmp' do\n it { should be_directory }\n end\nend\n",
|
297
|
+
"source_location": { "ref": "/Users/vjeffrey/code/delivery/insights/data_generator/chef-client/cache/cookbooks/test-cookbook/recipes/../files/default/compliance_profiles/tmp_compliance_profile/controls/tmp.rb", "line": 3 },
|
298
|
+
"results": [
|
299
|
+
{ "status": "passed", "code_desc": "File /tmp should be directory", "run_time": 0.002312, "start_time": "2016-10-19 11:09:43 -0400" },
|
300
|
+
{ "status": "passed", "code_desc": "File /etc should be directory", "run_time": 0.002314, "start_time": "2016-10-19 11:09:45 -0400" },
|
301
|
+
{ "status": "passed", "code_desc": "File /opt should be directory", "run_time": 0.002315, "start_time": "2016-10-19 11:09:46 -0400" },
|
302
|
+
{ "status": "skipped", "code_desc": "No-op", "run_time": 0.002316, "start_time": "2016-10-19 11:09:44 -0400", "skip_message": "4 testing" },
|
303
|
+
{ "status": "skipped", "code_desc": "No-op", "run_time": 0.002317, "start_time": "2016-10-19 11:09:44 -0400", "skip_message": "4 testing" },
|
304
|
+
{ "status": "skipped", "code_desc": "No-op", "run_time": 0.002318, "start_time": "2016-10-19 11:09:44 -0400", "skip_message": "4 testing" },
|
305
|
+
{ "status": "failed", "code_desc": "File /etc/passwd should be directory", "run_time": 0.002313, "start_time": "2016-10-19 11:09:44 -0400" },
|
306
|
+
{ "status": "failed", "code_desc": "File /etc/passwd should be directory", "run_time": 0.002313, "start_time": "2016-10-19 11:09:44 -0400" },
|
307
|
+
{ "status": "failed", "code_desc": "File /etc/passwd should be directory", "run_time": 0.002313, "start_time": "2016-10-19 11:09:44 -0400" },
|
308
|
+
],
|
309
|
+
},
|
310
|
+
{ "id": "tmp-2.1",
|
311
|
+
"title": "/tmp directory is owned by the root user",
|
312
|
+
"desc": "The /tmp directory must be owned by the root user",
|
313
|
+
"impact": 0.3,
|
314
|
+
"refs": [{ "url": "https://pages.chef.io/rs/255-VFB-268/images/compliance-at-velocity2015.pdf", "ref": "Compliance Whitepaper" }],
|
315
|
+
"tags": { "production": nil, "development": nil, "identifier": "value", "remediation": "https://github.com/chef-cookbooks/audit" },
|
316
|
+
"code": "control 'tmp-2.1' do\n impact 0.3\n title '/tmp directory is owned by the root user'\n desc 'The /tmp directory must be owned by the root user'\n tag 'production','development'\n tag identifier: 'value'\n tag remediation: 'https://github.com/chef-cookbooks/audit'\n ref 'Compliance Whitepaper', url: 'https://pages.chef.io/rs/255-VFB-268/images/compliance-at-velocity2015.pdf'\n describe file '/tmp' do\n it { should be_owned_by 'root' }\n end\nend\n",
|
317
|
+
"source_location": { "ref": "/Users/vjeffrey/code/delivery/insights/data_generator/chef-client/cache/cookbooks/test-cookbook/recipes/../files/default/compliance_profiles/tmp_compliance_profile/controls/tmp.rb", "line": 12 },
|
318
|
+
"results": [
|
319
|
+
{ "status": "passed", "code_desc": 'File /tmp should be owned by "root"', "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400" },
|
320
|
+
{ "status": "passed", "code_desc": 'File /etc should be owned by "root"', "run_time": 1.238845, "start_time": "2016-10-19 11:09:43 -0400" },
|
321
|
+
],
|
322
|
+
},
|
323
|
+
],
|
324
|
+
"groups": [{ "title": "/tmp Compliance Profile", "controls": ["tmp-1.0", "tmp-1.1"], "id": "controls/tmp.rb" }],
|
325
|
+
"attributes": [{ "name": "syslog_pkg", "options": { "default": "rsyslog", "description": "syslog package..." } }] }],
|
326
|
+
"other_checks": [],
|
327
|
+
"statistics": { "duration": 0.032332 },
|
328
|
+
}
|
329
|
+
end
|
330
|
+
|
331
|
+
it "truncates controls results 1" do
|
332
|
+
truncated_report = reporter.truncate_controls_results(report, 5)
|
333
|
+
expect(truncated_report[:profiles][0][:controls][0][:results].length).to eq(5)
|
334
|
+
statuses = truncated_report[:profiles][0][:controls][0][:results].map { |r| r[:status] }
|
335
|
+
expect(statuses).to eq(%w{failed failed failed skipped skipped})
|
336
|
+
expect(truncated_report[:profiles][0][:controls][0][:removed_results_counts]).to eq(failed: 0, skipped: 1, passed: 3)
|
337
|
+
end
|
338
|
+
|
339
|
+
it "truncates controls results 2" do
|
340
|
+
truncated_report = reporter.truncate_controls_results(report, 5)
|
341
|
+
expect(truncated_report[:profiles][0][:controls][1][:results].length).to eq(2)
|
342
|
+
statuses = truncated_report[:profiles][0][:controls][1][:results].map { |r| r[:status] }
|
343
|
+
expect(statuses).to eq(%w{passed passed})
|
344
|
+
expect(truncated_report[:profiles][0][:controls][1][:removed_results_counts]).to eq(nil)
|
345
|
+
end
|
346
|
+
|
347
|
+
it "truncates controls results 3" do
|
348
|
+
truncated_report = reporter.truncate_controls_results(report, 0)
|
349
|
+
expect(truncated_report[:profiles][0][:controls][0][:results].length).to eq(9)
|
350
|
+
end
|
351
|
+
|
352
|
+
it "truncates controls results 4" do
|
353
|
+
truncated_report = reporter.truncate_controls_results(report, 1)
|
354
|
+
expect(truncated_report[:profiles][0][:controls][0][:results].length).to eq(1)
|
355
|
+
end
|
356
|
+
end
|
357
|
+
|
358
|
+
describe "#strip_profiles_meta" do
|
359
|
+
it "removes the metadata from seen profiles" do
|
360
|
+
expected = {
|
361
|
+
other_checks: [],
|
362
|
+
profiles: [
|
363
|
+
{
|
364
|
+
attributes: [
|
365
|
+
{
|
366
|
+
name: "syslog_pkg",
|
367
|
+
options: {
|
368
|
+
default: "rsyslog",
|
369
|
+
description: "syslog package...",
|
370
|
+
},
|
371
|
+
},
|
372
|
+
],
|
373
|
+
controls: [
|
374
|
+
{
|
375
|
+
id: "tmp-1.0",
|
376
|
+
results: [
|
377
|
+
{
|
378
|
+
code_desc: "File /tmp should be directory",
|
379
|
+
status: "passed",
|
380
|
+
},
|
381
|
+
],
|
382
|
+
},
|
383
|
+
{
|
384
|
+
id: "tmp-1.1",
|
385
|
+
results: [
|
386
|
+
{
|
387
|
+
code_desc: 'File /tmp should be owned by "root"',
|
388
|
+
run_time: 1.228845,
|
389
|
+
start_time: "2016-10-19 11:09:43 -0400",
|
390
|
+
status: "passed",
|
391
|
+
},
|
392
|
+
{
|
393
|
+
code_desc: 'File /tmp should be owned by "root"',
|
394
|
+
run_time: 1.228845,
|
395
|
+
start_time: "2016-10-19 11:09:43 -0400",
|
396
|
+
status: "skipped",
|
397
|
+
},
|
398
|
+
{
|
399
|
+
code_desc: "File /etc/hosts is expected to be directory",
|
400
|
+
message: "expected `File /etc/hosts.directory?` to return true, got false",
|
401
|
+
run_time: 1.228845,
|
402
|
+
start_time: "2016-10-19 11:09:43 -0400",
|
403
|
+
status: "failed",
|
404
|
+
},
|
405
|
+
],
|
406
|
+
},
|
407
|
+
],
|
408
|
+
sha256: "7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd",
|
409
|
+
title: "/tmp Compliance Profile",
|
410
|
+
version: "0.1.1",
|
411
|
+
},
|
412
|
+
],
|
413
|
+
run_time_limit: 1.1,
|
414
|
+
statistics: {
|
415
|
+
duration: 0.032332,
|
416
|
+
},
|
417
|
+
version: "1.2.1",
|
418
|
+
}
|
419
|
+
expect(reporter.strip_profiles_meta(inspec_report, [], 1.1)).to eq(expected)
|
420
|
+
end
|
421
|
+
|
422
|
+
it "does not remove the metadata from missing profiles" do
|
423
|
+
expected = inspec_report.merge(run_time_limit: 1.1)
|
424
|
+
expect(reporter.strip_profiles_meta(inspec_report, ["7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd"], 1.1)).to eq(expected)
|
425
|
+
end
|
426
|
+
end
|
427
|
+
end
|