chef 16.5.64 → 16.8.14

Sign up to get free protection for your applications and to get access to all the features.
Files changed (317) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +6 -14
  3. data/README.md +1 -1
  4. data/Rakefile +21 -14
  5. data/chef-universal-mingw32.gemspec +1 -1
  6. data/chef.gemspec +3 -2
  7. data/lib/chef/application.rb +2 -2
  8. data/lib/chef/application/base.rb +1 -1
  9. data/lib/chef/application/client.rb +7 -2
  10. data/lib/chef/application/knife.rb +1 -1
  11. data/lib/chef/application/solo.rb +1 -1
  12. data/lib/chef/chef_fs/chef_fs_data_store.rb +1 -1
  13. data/lib/chef/chef_fs/data_handler/cookbook_data_handler.rb +1 -1
  14. data/lib/chef/chef_fs/file_pattern.rb +1 -1
  15. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
  16. data/lib/chef/client.rb +6 -32
  17. data/lib/chef/compliance/default_attributes.rb +89 -0
  18. data/lib/chef/compliance/fetcher/automate.rb +69 -0
  19. data/lib/chef/compliance/fetcher/chef_server.rb +134 -0
  20. data/lib/chef/compliance/reporter/automate.rb +202 -0
  21. data/lib/chef/compliance/reporter/chef_server_automate.rb +94 -0
  22. data/lib/chef/compliance/reporter/compliance_enforcer.rb +20 -0
  23. data/lib/chef/compliance/reporter/json_file.rb +19 -0
  24. data/lib/chef/compliance/runner.rb +261 -0
  25. data/lib/chef/cookbook/gem_installer.rb +1 -1
  26. data/lib/chef/cookbook_manifest.rb +2 -1
  27. data/lib/chef/cookbook_site_streaming_uploader.rb +1 -1
  28. data/lib/chef/cookbook_version.rb +2 -5
  29. data/lib/chef/data_collector.rb +1 -1
  30. data/lib/chef/encrypted_data_bag_item/assertions.rb +1 -1
  31. data/lib/chef/environment.rb +1 -1
  32. data/lib/chef/event_loggers/windows_eventlog.rb +1 -1
  33. data/lib/chef/exceptions.rb +5 -1
  34. data/lib/chef/file_access_control/windows.rb +1 -4
  35. data/lib/chef/file_content_management/tempfile.rb +1 -1
  36. data/lib/chef/formatters/error_inspectors/compile_error_inspector.rb +2 -2
  37. data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +5 -5
  38. data/lib/chef/formatters/indentable_output_stream.rb +2 -2
  39. data/lib/chef/guard_interpreter/resource_guard_interpreter.rb +28 -39
  40. data/lib/chef/http.rb +2 -12
  41. data/lib/chef/http/basic_client.rb +1 -1
  42. data/lib/chef/http/http_request.rb +1 -1
  43. data/lib/chef/http/socketless_chef_zero_client.rb +1 -1
  44. data/lib/chef/http/ssl_policies.rb +6 -0
  45. data/lib/chef/json_compat.rb +2 -7
  46. data/lib/chef/key.rb +1 -1
  47. data/lib/chef/knife/bootstrap.rb +2 -1
  48. data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +2 -2
  49. data/lib/chef/knife/bootstrap/train_connector.rb +1 -1
  50. data/lib/chef/knife/config_show.rb +1 -1
  51. data/lib/chef/knife/core/cookbook_scm_repo.rb +1 -1
  52. data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
  53. data/lib/chef/knife/core/ui.rb +5 -2
  54. data/lib/chef/knife/core/windows_bootstrap_context.rb +7 -4
  55. data/lib/chef/knife/node_policy_set.rb +2 -2
  56. data/lib/chef/knife/node_run_list_add.rb +1 -1
  57. data/lib/chef/knife/node_run_list_remove.rb +1 -1
  58. data/lib/chef/knife/node_run_list_set.rb +1 -1
  59. data/lib/chef/knife/role_env_run_list_add.rb +1 -1
  60. data/lib/chef/knife/role_env_run_list_set.rb +1 -1
  61. data/lib/chef/knife/role_run_list_add.rb +1 -1
  62. data/lib/chef/knife/role_run_list_set.rb +1 -1
  63. data/lib/chef/knife/search.rb +0 -1
  64. data/lib/chef/knife/ssh.rb +5 -3
  65. data/lib/chef/knife/tag_create.rb +1 -1
  66. data/lib/chef/knife/tag_delete.rb +1 -1
  67. data/lib/chef/local_mode.rb +1 -1
  68. data/lib/chef/mixin/convert_to_class_name.rb +0 -56
  69. data/lib/chef/mixin/openssl_helper.rb +1 -1
  70. data/lib/chef/mixin/powershell_exec.rb +24 -10
  71. data/lib/chef/mixin/powershell_out.rb +12 -5
  72. data/lib/chef/mixin/properties.rb +2 -0
  73. data/lib/chef/mixin/template.rb +1 -1
  74. data/lib/chef/mixin/unformatter.rb +1 -1
  75. data/lib/chef/mixin/uris.rb +3 -1
  76. data/lib/chef/node/attribute_collections.rb +2 -6
  77. data/lib/chef/node/mixin/immutablize_hash.rb +2 -0
  78. data/lib/chef/node_map.rb +2 -2
  79. data/lib/chef/platform/query_helpers.rb +4 -4
  80. data/lib/chef/policy_builder/dynamic.rb +2 -0
  81. data/lib/chef/powershell.rb +10 -4
  82. data/lib/chef/property.rb +1 -1
  83. data/lib/chef/provider.rb +1 -1
  84. data/lib/chef/provider/cron.rb +2 -13
  85. data/lib/chef/provider/dsc_resource.rb +12 -24
  86. data/lib/chef/provider/dsc_script.rb +16 -20
  87. data/lib/chef/provider/file.rb +1 -1
  88. data/lib/chef/provider/git.rb +5 -5
  89. data/lib/chef/provider/group.rb +14 -6
  90. data/lib/chef/provider/group/windows.rb +12 -1
  91. data/lib/chef/provider/ifconfig.rb +8 -8
  92. data/lib/chef/provider/ifconfig/debian.rb +38 -22
  93. data/lib/chef/provider/ifconfig/redhat.rb +54 -18
  94. data/lib/chef/provider/launchd.rb +1 -11
  95. data/lib/chef/provider/link.rb +0 -9
  96. data/lib/chef/provider/mount.rb +18 -1
  97. data/lib/chef/provider/mount/linux.rb +4 -0
  98. data/lib/chef/provider/mount/mount.rb +41 -43
  99. data/lib/chef/provider/package.rb +3 -0
  100. data/lib/chef/provider/package/apt.rb +1 -1
  101. data/lib/chef/provider/package/chocolatey.rb +6 -6
  102. data/lib/chef/provider/package/dpkg.rb +3 -12
  103. data/lib/chef/provider/package/freebsd/base.rb +3 -2
  104. data/lib/chef/provider/package/freebsd/pkgng.rb +1 -1
  105. data/lib/chef/provider/package/homebrew.rb +1 -1
  106. data/lib/chef/provider/package/ips.rb +1 -1
  107. data/lib/chef/provider/package/powershell.rb +2 -3
  108. data/lib/chef/provider/package/rubygems.rb +1 -1
  109. data/lib/chef/provider/package/snap.rb +1 -3
  110. data/lib/chef/provider/package/solaris.rb +0 -2
  111. data/lib/chef/provider/package/yum/rpm_utils.rb +1 -1
  112. data/lib/chef/provider/package/zypper.rb +98 -71
  113. data/lib/chef/provider/powershell_script.rb +12 -1
  114. data/lib/chef/provider/registry_key.rb +4 -3
  115. data/lib/chef/provider/route.rb +2 -2
  116. data/lib/chef/provider/service/debian.rb +2 -1
  117. data/lib/chef/provider/service/redhat.rb +1 -1
  118. data/lib/chef/provider/user.rb +17 -9
  119. data/lib/chef/provider/user/aix.rb +1 -1
  120. data/lib/chef/provider/user/dscl.rb +2 -2
  121. data/lib/chef/provider/user/mac.rb +14 -6
  122. data/lib/chef/provider/user/solaris.rb +1 -1
  123. data/lib/chef/provider/user/windows.rb +10 -3
  124. data/lib/chef/providers.rb +0 -3
  125. data/lib/chef/pwsh.rb +71 -0
  126. data/lib/chef/resource.rb +1 -1
  127. data/lib/chef/resource/apt_repository.rb +6 -5
  128. data/lib/chef/resource/bash.rb +119 -1
  129. data/lib/chef/resource/batch.rb +1 -1
  130. data/lib/chef/resource/breakpoint.rb +3 -1
  131. data/lib/chef/resource/build_essential.rb +5 -8
  132. data/lib/chef/resource/chef_client_config.rb +313 -0
  133. data/lib/chef/resource/chef_client_cron.rb +5 -5
  134. data/lib/chef/resource/chef_client_scheduled_task.rb +4 -4
  135. data/lib/chef/resource/chef_client_systemd_timer.rb +5 -5
  136. data/lib/chef/resource/chef_handler.rb +1 -0
  137. data/lib/chef/resource/chef_sleep.rb +1 -1
  138. data/lib/chef/resource/cron/_cron_shared.rb +1 -0
  139. data/lib/chef/resource/cron/cron_d.rb +2 -2
  140. data/lib/chef/resource/csh.rb +2 -2
  141. data/lib/chef/resource/dsc_script.rb +8 -1
  142. data/lib/chef/resource/execute.rb +6 -4
  143. data/lib/chef/resource/file.rb +2 -2
  144. data/lib/chef/resource/homebrew_update.rb +4 -1
  145. data/lib/chef/resource/hostname.rb +5 -5
  146. data/lib/chef/resource/ifconfig.rb +52 -5
  147. data/lib/chef/resource/kernel_module.rb +1 -1
  148. data/lib/chef/resource/ksh.rb +3 -3
  149. data/lib/chef/resource/launchd.rb +15 -15
  150. data/lib/chef/resource/lwrp_base.rb +3 -5
  151. data/lib/chef/resource/mount.rb +8 -2
  152. data/lib/chef/resource/perl.rb +2 -2
  153. data/lib/chef/resource/plist.rb +2 -6
  154. data/lib/chef/resource/powershell_package_source.rb +19 -18
  155. data/lib/chef/resource/powershell_script.rb +14 -11
  156. data/lib/chef/resource/python.rb +2 -2
  157. data/lib/chef/resource/registry_key.rb +93 -2
  158. data/lib/chef/resource/route.rb +1 -1
  159. data/lib/chef/resource/ruby.rb +2 -2
  160. data/lib/chef/resource/scm/_scm.rb +2 -1
  161. data/lib/chef/resource/scm/git.rb +82 -1
  162. data/lib/chef/resource/scm/subversion.rb +12 -0
  163. data/lib/chef/resource/script.rb +2 -2
  164. data/lib/chef/resource/solaris_package.rb +0 -2
  165. data/lib/chef/resource/sudo.rb +1 -1
  166. data/lib/chef/resource/support/client.erb +64 -0
  167. data/lib/chef/resource/systemd_unit.rb +42 -1
  168. data/lib/chef/resource/template.rb +2 -2
  169. data/lib/chef/resource/windows_ad_join.rb +9 -9
  170. data/lib/chef/resource/windows_audit_policy.rb +26 -24
  171. data/lib/chef/resource/windows_certificate.rb +13 -7
  172. data/lib/chef/resource/windows_dfs_server.rb +7 -4
  173. data/lib/chef/resource/windows_env.rb +173 -0
  174. data/lib/chef/resource/windows_feature.rb +2 -0
  175. data/lib/chef/resource/windows_firewall_profile.rb +7 -12
  176. data/lib/chef/resource/windows_firewall_rule.rb +9 -11
  177. data/lib/chef/resource/windows_font.rb +1 -1
  178. data/lib/chef/resource/windows_package.rb +1 -0
  179. data/lib/chef/resource/windows_path.rb +38 -0
  180. data/lib/chef/resource/windows_security_policy.rb +5 -5
  181. data/lib/chef/resource/windows_service.rb +108 -0
  182. data/lib/chef/resource/windows_share.rb +18 -18
  183. data/lib/chef/resource/windows_task.rb +629 -28
  184. data/lib/chef/resource/windows_workgroup.rb +6 -4
  185. data/lib/chef/resource/yum_repository.rb +1 -1
  186. data/lib/chef/resource_collection/resource_set.rb +2 -6
  187. data/lib/chef/resource_inspector.rb +77 -75
  188. data/lib/chef/resource_reporter.rb +0 -2
  189. data/lib/chef/resources.rb +1 -0
  190. data/lib/chef/run_lock.rb +2 -2
  191. data/lib/chef/search/query.rb +3 -1
  192. data/lib/chef/server_api.rb +0 -4
  193. data/lib/chef/shell/ext.rb +1 -1
  194. data/lib/chef/util/backup.rb +1 -1
  195. data/lib/chef/util/dsc/configuration_generator.rb +52 -11
  196. data/lib/chef/util/dsc/lcm_output_parser.rb +4 -7
  197. data/lib/chef/util/dsc/local_configuration_manager.rb +18 -15
  198. data/lib/chef/util/dsc/resource_store.rb +5 -11
  199. data/lib/chef/version.rb +1 -1
  200. data/lib/chef/win32/api/file.rb +4 -0
  201. data/lib/chef/win32/file.rb +1 -1
  202. data/lib/chef/win32/security/sid.rb +1 -1
  203. data/lib/chef/win32/unicode.rb +1 -1
  204. data/spec/functional/mixin/powershell_out_spec.rb +11 -3
  205. data/spec/functional/resource/apt_package_spec.rb +4 -6
  206. data/spec/functional/resource/chocolatey_package_spec.rb +3 -3
  207. data/spec/functional/resource/cron_spec.rb +3 -3
  208. data/spec/functional/resource/dsc_script_spec.rb +6 -9
  209. data/spec/functional/resource/mount_spec.rb +10 -2
  210. data/spec/functional/resource/powershell_package_source_spec.rb +107 -0
  211. data/spec/functional/resource/powershell_script_spec.rb +57 -14
  212. data/spec/functional/resource/windows_certificate_spec.rb +10 -6
  213. data/spec/functional/resource/windows_firewall_rule_spec.rb +93 -0
  214. data/spec/functional/resource/windows_package_spec.rb +36 -10
  215. data/spec/functional/resource/windows_share_spec.rb +103 -0
  216. data/spec/functional/resource/windows_task_spec.rb +2 -3
  217. data/spec/functional/resource/zypper_package_spec.rb +11 -0
  218. data/spec/integration/client/client_spec.rb +2 -1
  219. data/spec/integration/compliance/compliance_spec.rb +81 -0
  220. data/spec/integration/knife/client_key_create_spec.rb +1 -1
  221. data/spec/integration/knife/node_create_spec.rb +1 -1
  222. data/spec/integration/knife/node_environment_set_spec.rb +1 -1
  223. data/spec/integration/knife/node_run_list_add_spec.rb +4 -4
  224. data/spec/integration/knife/node_run_list_remove_spec.rb +1 -1
  225. data/spec/integration/knife/node_run_list_set_spec.rb +1 -1
  226. data/spec/integration/knife/node_show_spec.rb +1 -1
  227. data/spec/integration/recipes/notifies_spec.rb +1 -1
  228. data/spec/integration/recipes/provider_choice.rb +2 -2
  229. data/spec/integration/recipes/recipe_dsl_spec.rb +1 -0
  230. data/spec/spec_helper.rb +3 -4
  231. data/spec/support/lib/chef/resource/cat.rb +1 -1
  232. data/spec/support/lib/chef/resource/one_two_three_four.rb +1 -1
  233. data/spec/support/mock/platform.rb +24 -16
  234. data/spec/support/platform_helpers.rb +11 -4
  235. data/spec/support/shared/unit/knife_shared.rb +1 -1
  236. data/spec/support/shared/unit/script_resource.rb +4 -4
  237. data/spec/support/shared/unit/windows_script_resource.rb +1 -1
  238. data/spec/unit/chef_fs/config_spec.rb +1 -1
  239. data/spec/unit/chef_fs/data_handler/data_bag_item_data_handler.rb +1 -1
  240. data/spec/unit/client_spec.rb +17 -0
  241. data/spec/unit/compliance/fetcher/automate_spec.rb +134 -0
  242. data/spec/unit/compliance/fetcher/chef_server_spec.rb +93 -0
  243. data/spec/unit/compliance/reporter/automate_spec.rb +427 -0
  244. data/spec/unit/compliance/reporter/chef_server_automate_spec.rb +177 -0
  245. data/spec/unit/compliance/reporter/compliance_enforcer_spec.rb +48 -0
  246. data/spec/unit/compliance/runner_spec.rb +140 -0
  247. data/spec/unit/data_collector_spec.rb +0 -4
  248. data/spec/unit/guard_interpreter/resource_guard_interpreter_spec.rb +11 -11
  249. data/spec/unit/http/ssl_policies_spec.rb +11 -0
  250. data/spec/unit/knife/client_create_spec.rb +2 -2
  251. data/spec/unit/knife/configure_client_spec.rb +5 -5
  252. data/spec/unit/knife/configure_spec.rb +3 -3
  253. data/spec/unit/knife/cookbook_delete_spec.rb +2 -2
  254. data/spec/unit/knife/cookbook_download_spec.rb +2 -2
  255. data/spec/unit/knife/cookbook_list_spec.rb +2 -2
  256. data/spec/unit/knife/cookbook_metadata_spec.rb +3 -3
  257. data/spec/unit/knife/core/node_editor_spec.rb +1 -1
  258. data/spec/unit/knife/environment_compare_spec.rb +3 -3
  259. data/spec/unit/knife/supermarket_download_spec.rb +8 -8
  260. data/spec/unit/knife/supermarket_list_spec.rb +3 -3
  261. data/spec/unit/knife/supermarket_search_spec.rb +1 -1
  262. data/spec/unit/knife/tag_create_spec.rb +1 -1
  263. data/spec/unit/knife/tag_delete_spec.rb +1 -1
  264. data/spec/unit/knife/user_create_spec.rb +1 -1
  265. data/spec/unit/mixin/powershell_exec_spec.rb +41 -4
  266. data/spec/unit/mixin/powershell_out_spec.rb +14 -0
  267. data/spec/unit/mixin/which.rb +1 -1
  268. data/spec/unit/platform/query_helpers_spec.rb +11 -12
  269. data/spec/unit/provider/dsc_resource_spec.rb +10 -27
  270. data/spec/unit/provider/dsc_script_spec.rb +1 -1
  271. data/spec/unit/provider/group/windows_spec.rb +6 -0
  272. data/spec/unit/provider/group_spec.rb +1 -1
  273. data/spec/unit/provider/mount/linux_spec.rb +10 -0
  274. data/spec/unit/provider/mount/mount_spec.rb +21 -10
  275. data/spec/unit/provider/mount/solaris_spec.rb +1 -1
  276. data/spec/unit/provider/mount/windows_spec.rb +1 -0
  277. data/spec/unit/provider/mount_spec.rb +31 -0
  278. data/spec/unit/provider/package/chocolatey_spec.rb +1 -2
  279. data/spec/unit/provider/package/powershell_spec.rb +87 -95
  280. data/spec/unit/provider/package/zypper_spec.rb +0 -25
  281. data/spec/unit/provider/package_spec.rb +2 -2
  282. data/spec/unit/provider/powershell_script_spec.rb +11 -0
  283. data/spec/unit/provider/subversion_spec.rb +0 -3
  284. data/spec/unit/provider/systemd_unit_spec.rb +1 -1
  285. data/spec/unit/provider/user_spec.rb +7 -1
  286. data/spec/unit/provider/windows_env_spec.rb +18 -34
  287. data/spec/unit/provider/windows_path_spec.rb +6 -11
  288. data/spec/unit/provider/windows_task_spec.rb +7 -6
  289. data/spec/unit/resource/breakpoint_spec.rb +1 -1
  290. data/spec/unit/resource/build_essential_spec.rb +0 -12
  291. data/spec/unit/resource/chef_client_config_spec.rb +137 -0
  292. data/spec/unit/resource/ifconfig_spec.rb +2 -10
  293. data/spec/unit/resource/mount_spec.rb +18 -5
  294. data/spec/unit/resource/powershell_package_source_spec.rb +20 -20
  295. data/spec/unit/resource/powershell_script_spec.rb +4 -74
  296. data/spec/unit/resource/service_spec.rb +2 -2
  297. data/spec/unit/resource/solaris_package_spec.rb +8 -10
  298. data/spec/unit/resource/windows_certificate_spec.rb +12 -0
  299. data/spec/unit/resource_inspector_spec.rb +3 -3
  300. data/spec/unit/shell_spec.rb +2 -2
  301. data/spec/unit/util/dsc/configuration_generator_spec.rb +79 -0
  302. data/spec/unit/util/dsc/local_configuration_manager_spec.rb +27 -35
  303. data/tasks/rspec.rb +1 -1
  304. metadata +47 -24
  305. data/lib/chef/monkey_patches/net_http.rb +0 -22
  306. data/lib/chef/provider/windows_env.rb +0 -210
  307. data/lib/chef/provider/windows_path.rb +0 -61
  308. data/lib/chef/provider/windows_task.rb +0 -631
  309. data/lib/chef/util/powershell/cmdlet.rb +0 -175
  310. data/lib/chef/util/powershell/cmdlet_result.rb +0 -61
  311. data/spec/functional/util/powershell/cmdlet_spec.rb +0 -111
  312. data/spec/support/mock/constant.rb +0 -52
  313. data/spec/unit/monkey_patches/uri_spec.rb +0 -34
  314. data/spec/unit/provider_resolver_spec.rb +0 -885
  315. data/spec/unit/resource/data/InstallHistory_with_CLT.plist +0 -92
  316. data/spec/unit/resource/data/InstallHistory_without_CLT.plist +0 -38
  317. data/spec/unit/util/powershell/cmdlet_spec.rb +0 -106
@@ -0,0 +1,134 @@
1
+ require "spec_helper"
2
+ require "chef/compliance/fetcher/automate"
3
+
4
+ describe Chef::Compliance::Fetcher::Automate do
5
+ describe ".resolve" do
6
+ before do
7
+ Chef::Config[:data_collector] = {
8
+ server_url: "https://automate.test/data_collector",
9
+ token: token,
10
+ }
11
+ end
12
+
13
+ let(:token) { "fake_token" }
14
+
15
+ context "when target is a string" do
16
+ it "should resolve a compliance URL" do
17
+ res = Chef::Compliance::Fetcher::Automate.resolve("compliance://namespace/profile_name")
18
+
19
+ expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
20
+ expected = "https://automate.test/compliance/profiles/namespace/profile_name/tar"
21
+ expect(res.target).to eq(expected)
22
+ end
23
+
24
+ it "raises an exception with no data collector token" do
25
+ Chef::Config[:data_collector].delete(:token)
26
+
27
+ expect {
28
+ Chef::Compliance::Fetcher::Automate.resolve("compliance://namespace/profile_name")
29
+ }.to raise_error(/No data-collector token set/)
30
+ end
31
+
32
+ it "includes the data collector token" do
33
+ expect(Chef::Compliance::Fetcher::Automate).to receive(:new).with(
34
+ "https://automate.test/compliance/profiles/namespace/profile_name/tar",
35
+ hash_including("token" => token)
36
+ ).and_call_original
37
+
38
+ res = Chef::Compliance::Fetcher::Automate.resolve("compliance://namespace/profile_name")
39
+
40
+ expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
41
+ expected = "https://automate.test/compliance/profiles/namespace/profile_name/tar"
42
+ expect(res.target).to eq(expected)
43
+ end
44
+
45
+ it "returns nil with a non-compliance URL" do
46
+ res = Chef::Compliance::Fetcher::Automate.resolve("http://github.com/chef-cookbooks/audit")
47
+
48
+ expect(res).to eq(nil)
49
+ end
50
+ end
51
+
52
+ context "when target is a hash" do
53
+ it "should resolve a target with a version" do
54
+ res = Chef::Compliance::Fetcher::Automate.resolve(
55
+ compliance: "namespace/profile_name",
56
+ version: "1.2.3"
57
+ )
58
+
59
+ expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
60
+ expected = "https://automate.test/compliance/profiles/namespace/profile_name/version/1.2.3/tar"
61
+ expect(res.target).to eq(expected)
62
+ end
63
+
64
+ it "should resolve a target without a version" do
65
+ res = Chef::Compliance::Fetcher::Automate.resolve(
66
+ compliance: "namespace/profile_name"
67
+ )
68
+
69
+ expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
70
+ expected = "https://automate.test/compliance/profiles/namespace/profile_name/tar"
71
+ expect(res.target).to eq(expected)
72
+ end
73
+
74
+ it "uses url key when present" do
75
+ res = Chef::Compliance::Fetcher::Automate.resolve(
76
+ compliance: "namespace/profile_name",
77
+ version: "1.2.3",
78
+ url: "https://profile.server.test/profiles/profile_name/1.2.3"
79
+ )
80
+
81
+ expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
82
+ expected = "https://profile.server.test/profiles/profile_name/1.2.3"
83
+ expect(res.target).to eq(expected)
84
+ end
85
+
86
+ it "does not include token in the config when url key is present" do
87
+ expect(Chef::Compliance::Fetcher::Automate).to receive(:new).with(
88
+ "https://profile.server.test/profiles/profile_name/1.2.3",
89
+ hash_including("token" => nil)
90
+ ).and_call_original
91
+
92
+ res = Chef::Compliance::Fetcher::Automate.resolve(
93
+ compliance: "namespace/profile_name",
94
+ version: "1.2.3",
95
+ url: "https://profile.server.test/profiles/profile_name/1.2.3"
96
+ )
97
+
98
+ expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
99
+ expected = "https://profile.server.test/profiles/profile_name/1.2.3"
100
+ expect(res.target).to eq(expected)
101
+ end
102
+
103
+ it "raises an exception with no data collector token" do
104
+ Chef::Config[:data_collector].delete(:token)
105
+
106
+ expect {
107
+ Chef::Compliance::Fetcher::Automate.resolve(compliance: "namespace/profile_name")
108
+ }.to raise_error(Inspec::FetcherFailure, /No data-collector token set/)
109
+ end
110
+
111
+ it "includes the data collector token" do
112
+ expect(Chef::Compliance::Fetcher::Automate).to receive(:new).with(
113
+ "https://automate.test/compliance/profiles/namespace/profile_name/tar",
114
+ hash_including("token" => token)
115
+ ).and_call_original
116
+
117
+ res = Chef::Compliance::Fetcher::Automate.resolve(compliance: "namespace/profile_name")
118
+
119
+ expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
120
+ expected = "https://automate.test/compliance/profiles/namespace/profile_name/tar"
121
+ expect(res.target).to eq(expected)
122
+ end
123
+
124
+ it "returns nil with a non-profile Hash" do
125
+ res = Chef::Compliance::Fetcher::Automate.resolve(
126
+ profile: "namespace/profile_name",
127
+ version: "1.2.3"
128
+ )
129
+
130
+ expect(res).to eq(nil)
131
+ end
132
+ end
133
+ end
134
+ end
@@ -0,0 +1,93 @@
1
+ require "spec_helper"
2
+ require "chef/compliance/fetcher/chef_server"
3
+
4
+ describe Chef::Compliance::Fetcher::ChefServer do
5
+ let(:node) do
6
+ Chef::Node.new.tap do |n|
7
+ n.default["audit"] = {}
8
+ end
9
+ end
10
+
11
+ before :each do
12
+ allow(Chef).to receive(:node).and_return(node)
13
+
14
+ Chef::Config[:chef_server_url] = "http://127.0.0.1:8889/organizations/my_org"
15
+ end
16
+
17
+ describe ".resolve" do
18
+ context "when target is a string" do
19
+ it "should resolve a compliance URL" do
20
+ res = Chef::Compliance::Fetcher::ChefServer.resolve("compliance://namespace/profile_name")
21
+
22
+ expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
23
+ expected = "http://127.0.0.1:8889/organizations/my_org/owners/namespace/compliance/profile_name/tar"
24
+ expect(res.target).to eq(expected)
25
+ end
26
+
27
+ it "should add /compliance URL prefix if needed" do
28
+ node.default["audit"]["fetcher"] = "chef-server"
29
+ res = Chef::Compliance::Fetcher::ChefServer.resolve("compliance://namespace/profile_name")
30
+
31
+ expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
32
+ expected = "http://127.0.0.1:8889/compliance/organizations/my_org/owners/namespace/compliance/profile_name/tar"
33
+ expect(res.target).to eq(expected)
34
+ end
35
+
36
+ it "includes user in the URL if present" do
37
+ res = Chef::Compliance::Fetcher::ChefServer.resolve("compliance://username@namespace/profile_name")
38
+
39
+ expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
40
+ expected = "http://127.0.0.1:8889/organizations/my_org/owners/username@namespace/compliance/profile_name/tar"
41
+ expect(res.target).to eq(expected)
42
+ end
43
+
44
+ it "returns nil with a non-compliance URL" do
45
+ res = Chef::Compliance::Fetcher::ChefServer.resolve("http://github.com/chef-cookbooks/audit")
46
+
47
+ expect(res).to eq(nil)
48
+ end
49
+ end
50
+
51
+ context "when target is a hash" do
52
+ it "should resolve a target with a version" do
53
+ res = Chef::Compliance::Fetcher::ChefServer.resolve(
54
+ compliance: "namespace/profile_name",
55
+ version: "1.2.3"
56
+ )
57
+
58
+ expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
59
+ expected = "http://127.0.0.1:8889/organizations/my_org/owners/namespace/compliance/profile_name/version/1.2.3/tar"
60
+ expect(res.target).to eq(expected)
61
+ end
62
+
63
+ it "should resolve a target without a version" do
64
+ res = Chef::Compliance::Fetcher::ChefServer.resolve(
65
+ compliance: "namespace/profile_name"
66
+ )
67
+
68
+ expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
69
+ expected = "http://127.0.0.1:8889/organizations/my_org/owners/namespace/compliance/profile_name/tar"
70
+ expect(res.target).to eq(expected)
71
+ end
72
+
73
+ it "includes user in the URL if present" do
74
+ res = Chef::Compliance::Fetcher::ChefServer.resolve(
75
+ compliance: "username@namespace/profile_name"
76
+ )
77
+
78
+ expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
79
+ expected = "http://127.0.0.1:8889/organizations/my_org/owners/username@namespace/compliance/profile_name/tar"
80
+ expect(res.target).to eq(expected)
81
+ end
82
+
83
+ it "returns nil with a non-profile Hash" do
84
+ res = Chef::Compliance::Fetcher::ChefServer.resolve(
85
+ profile: "namespace/profile_name",
86
+ version: "1.2.3"
87
+ )
88
+
89
+ expect(res).to eq(nil)
90
+ end
91
+ end
92
+ end
93
+ end
@@ -0,0 +1,427 @@
1
+ require "spec_helper"
2
+ require "json" # For .to_json
3
+
4
+ describe Chef::Compliance::Reporter::Automate do
5
+ let(:reporter) { Chef::Compliance::Reporter::Automate.new(opts) }
6
+
7
+ let(:opts) do
8
+ {
9
+ entity_uuid: "aaaaaaaa-709a-475d-bef5-zzzzzzzzzzzz",
10
+ run_id: "3f0536f7-3361-4bca-ae53-b45118dceb5d",
11
+ node_info: {
12
+ node: "chef-client.solo",
13
+ environment: "My Prod Env",
14
+ roles: %w{base_linux apache_linux},
15
+ recipes: ["some_cookbook::some_recipe", "some_cookbook"],
16
+ policy_name: "test_policy_name",
17
+ policy_group: "test_policy_group",
18
+ chef_tags: ["mylinux", "my.tag", "some=tag"],
19
+ organization_name: "test_org",
20
+ source_fqdn: "api.chef.io",
21
+ ipaddress: "192.168.56.33",
22
+ fqdn: "lb1.prod.example.com",
23
+ },
24
+ run_time_limit: 1.1,
25
+ control_results_limit: 2,
26
+ timestamp: Time.parse("2016-07-19T19:19:19+01:00"),
27
+ }
28
+ end
29
+
30
+ let(:inspec_report) do
31
+ {
32
+ "version": "1.2.1",
33
+ "profiles":
34
+ [{ "name": "tmp_compliance_profile",
35
+ "title": "/tmp Compliance Profile",
36
+ "summary": "An Example Compliance Profile",
37
+ "sha256": "7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd",
38
+ "version": "0.1.1",
39
+ "maintainer": "Nathen Harvey <nharvey@chef.io>",
40
+ "license": "Apache 2.0 License",
41
+ "copyright": "Nathen Harvey <nharvey@chef.io>",
42
+ "supports": [],
43
+ "controls":
44
+ [{ "title": "A /tmp directory must exist",
45
+ "desc": "A /tmp directory must exist",
46
+ "impact": 0.3,
47
+ "refs": [],
48
+ "tags": {},
49
+ "code": "control 'tmp-1.0' do\n impact 0.3\n title 'A /tmp directory must exist'\n desc 'A /tmp directory must exist'\n describe file '/tmp' do\n it { should be_directory }\n end\nend\n",
50
+ "source_location": { "ref": "/Users/vjeffrey/code/delivery/insights/data_generator/chef-client/cache/cookbooks/test-cookbook/recipes/../files/default/compliance_profiles/tmp_compliance_profile/controls/tmp.rb", "line": 3 },
51
+ "id": "tmp-1.0",
52
+ "results": [
53
+ { "status": "passed", "code_desc": "File /tmp should be directory", "run_time": 0.002312, "start_time": "2016-10-19 11:09:43 -0400" },
54
+ ],
55
+ },
56
+ { "title": "/tmp directory is owned by the root user",
57
+ "desc": "The /tmp directory must be owned by the root user",
58
+ "impact": 0.3,
59
+ "refs": [{ "url": "https://pages.chef.io/rs/255-VFB-268/images/compliance-at-velocity2015.pdf", "ref": "Compliance Whitepaper" }],
60
+ "tags": { "production": nil, "development": nil, "identifier": "value", "remediation": "https://github.com/chef-cookbooks/audit" },
61
+ "code": "control 'tmp-1.1' do\n impact 0.3\n title '/tmp directory is owned by the root user'\n desc 'The /tmp directory must be owned by the root user'\n tag 'production','development'\n tag identifier: 'value'\n tag remediation: 'https://github.com/chef-cookbooks/audit'\n ref 'Compliance Whitepaper', url: 'https://pages.chef.io/rs/255-VFB-268/images/compliance-at-velocity2015.pdf'\n describe file '/tmp' do\n it { should be_owned_by 'root' }\n end\nend\n",
62
+ "source_location": { "ref": "/Users/vjeffrey/code/delivery/insights/data_generator/chef-client/cache/cookbooks/test-cookbook/recipes/../files/default/compliance_profiles/tmp_compliance_profile/controls/tmp.rb", "line": 12 },
63
+ "id": "tmp-1.1",
64
+ "results": [
65
+ { "status": "passed", "code_desc": 'File /tmp should be owned by "root"', "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400" },
66
+ { "status": "skipped", "code_desc": 'File /tmp should be owned by "root"', "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400" },
67
+ { "status": "failed", "code_desc": "File /etc/hosts is expected to be directory", "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400", "message": "expected `File /etc/hosts.directory?` to return true, got false" },
68
+ ],
69
+ },
70
+ ],
71
+ "groups": [{ "title": "/tmp Compliance Profile", "controls": ["tmp-1.0", "tmp-1.1"], "id": "controls/tmp.rb" }],
72
+ "attributes": [{ "name": "syslog_pkg", "options": { "default": "rsyslog", "description": "syslog package..." } }] }],
73
+ "other_checks": [],
74
+ "statistics": { "duration": 0.032332 },
75
+ }
76
+ end
77
+
78
+ describe "#send_report" do
79
+ before :each do
80
+ WebMock.disable_net_connect!
81
+
82
+ Chef::Config[:data_collector] = { token: token, server_url: "https://automate.test/data_collector" }
83
+ end
84
+
85
+ let(:token) { "fake_token" }
86
+
87
+ it "sends report successfully to ChefAutomate with missing profiles" do
88
+ metasearch_stub = stub_request(:post, "https://automate.test/compliance/profiles/metasearch")
89
+ .with(
90
+ body: '{"sha256": ["7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd"]}',
91
+ headers: {
92
+ "Accept-Encoding" => "identity",
93
+ "X-Chef-Version" => Chef::VERSION,
94
+ "X-Data-Collector-Auth" => "version=1.0",
95
+ "X-Data-Collector-Token" => token,
96
+ }
97
+ ).to_return(
98
+ status: 200,
99
+ body: '{"missing_sha256": ["7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd"]}'
100
+ )
101
+
102
+ report_stub = stub_request(:post, "https://automate.test/data_collector")
103
+ .with(
104
+ body: {
105
+ "version": "1.2.1",
106
+ "profiles": [
107
+ {
108
+ "name": "tmp_compliance_profile",
109
+ "title": "/tmp Compliance Profile",
110
+ "summary": "An Example Compliance Profile",
111
+ "sha256": "7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd",
112
+ "version": "0.1.1",
113
+ "maintainer": "Nathen Harvey <nharvey@chef.io>",
114
+ "license": "Apache 2.0 License",
115
+ "copyright": "Nathen Harvey <nharvey@chef.io>",
116
+ "supports": [],
117
+ "controls": [
118
+ {
119
+ "title": "A /tmp directory must exist",
120
+ "desc": "A /tmp directory must exist",
121
+ "impact": 0.3,
122
+ "refs": [],
123
+ "tags": {},
124
+ "code": "control 'tmp-1.0' do\n impact 0.3\n title 'A /tmp directory must exist'\n desc 'A /tmp directory must exist'\n describe file '/tmp' do\n it { should be_directory }\n end\nend\n",
125
+ "source_location": { "ref": "/Users/vjeffrey/code/delivery/insights/data_generator/chef-client/cache/cookbooks/test-cookbook/recipes/../files/default/compliance_profiles/tmp_compliance_profile/controls/tmp.rb", "line": 3 },
126
+ "id": "tmp-1.0",
127
+ "results": [
128
+ { "status": "passed", "code_desc": "File /tmp should be directory", "run_time": 0.002312, "start_time": "2016-10-19 11:09:43 -0400" },
129
+ ],
130
+ },
131
+ {
132
+ "title": "/tmp directory is owned by the root user",
133
+ "desc": "The /tmp directory must be owned by the root user",
134
+ "impact": 0.3,
135
+ "refs": [
136
+ { "url": "https://pages.chef.io/rs/255-VFB-268/images/compliance-at-velocity2015.pdf", "ref": "Compliance Whitepaper" },
137
+ ],
138
+ "tags": { "production": nil, "development": nil, "identifier": "value", "remediation": "https://github.com/chef-cookbooks/audit" },
139
+ "code": "control 'tmp-1.1' do\n impact 0.3\n title '/tmp directory is owned by the root user'\n desc 'The /tmp directory must be owned by the root user'\n tag 'production','development'\n tag identifier: 'value'\n tag remediation: 'https://github.com/chef-cookbooks/audit'\n ref 'Compliance Whitepaper', url: 'https://pages.chef.io/rs/255-VFB-268/images/compliance-at-velocity2015.pdf'\n describe file '/tmp' do\n it { should be_owned_by 'root' }\n end\nend\n",
140
+ "source_location": { "ref": "/Users/vjeffrey/code/delivery/insights/data_generator/chef-client/cache/cookbooks/test-cookbook/recipes/../files/default/compliance_profiles/tmp_compliance_profile/controls/tmp.rb", "line": 12 },
141
+ "id": "tmp-1.1",
142
+ "results": [
143
+ { "status": "failed", "code_desc": "File /etc/hosts is expected to be directory", "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400", "message": "expected `File /etc/hosts.directory?` to return true, got false" },
144
+ { "status": "skipped", "code_desc": 'File /tmp should be owned by "root"', "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400" },
145
+ ],
146
+ "removed_results_counts": { "failed": 0, "skipped": 0, "passed": 1 },
147
+ },
148
+ ],
149
+ "groups": [
150
+ { "title": "/tmp Compliance Profile", "controls": ["tmp-1.0", "tmp-1.1"], "id": "controls/tmp.rb" },
151
+ ],
152
+ "attributes": [
153
+ { "name": "syslog_pkg", "options": { "default": "rsyslog", "description": "syslog package..." } },
154
+ ],
155
+ },
156
+ ],
157
+ "other_checks": [],
158
+ "statistics": { "duration": 0.032332 },
159
+ "type": "inspec_report",
160
+ "node_name": "chef-client.solo",
161
+ "end_time": "2016-07-19T18:19:19Z",
162
+ "node_uuid": "aaaaaaaa-709a-475d-bef5-zzzzzzzzzzzz",
163
+ "environment": "My Prod Env",
164
+ "roles": %w{base_linux apache_linux},
165
+ "recipes": ["some_cookbook::some_recipe", "some_cookbook"],
166
+ "report_uuid": "3f0536f7-3361-4bca-ae53-b45118dceb5d",
167
+ "source_fqdn": "api.chef.io",
168
+ "organization_name": "test_org",
169
+ "policy_group": "test_policy_group",
170
+ "policy_name": "test_policy_name",
171
+ "chef_tags": ["mylinux", "my.tag", "some=tag"],
172
+ "ipaddress": "192.168.56.33",
173
+ "fqdn": "lb1.prod.example.com",
174
+ "run_time_limit": 1.1,
175
+ },
176
+ headers: {
177
+ "Accept-Encoding" => "identity",
178
+ "X-Chef-Version" => Chef::VERSION,
179
+ "X-Data-Collector-Auth" => "version=1.0",
180
+ "X-Data-Collector-Token" => token,
181
+ }
182
+ ).to_return(status: 200)
183
+
184
+ expect(reporter.send_report(inspec_report)).to eq(true)
185
+
186
+ expect(metasearch_stub).to have_been_requested
187
+ expect(report_stub).to have_been_requested
188
+ end
189
+
190
+ it "sends report successfully to ChefAutomate with seen profiles" do
191
+ metasearch_stub = stub_request(:post, "https://automate.test/compliance/profiles/metasearch")
192
+ .with(
193
+ body: '{"sha256": ["7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd"]}',
194
+ headers: {
195
+ "Accept-Encoding" => "identity",
196
+ "X-Chef-Version" => Chef::VERSION,
197
+ "X-Data-Collector-Auth" => "version=1.0",
198
+ "X-Data-Collector-Token" => token,
199
+ }
200
+ ).to_return(
201
+ status: 200,
202
+ body: '{"missing_sha256": []}'
203
+ )
204
+
205
+ report_stub = stub_request(:post, "https://automate.test/data_collector")
206
+ .with(
207
+ body: {
208
+ "version": "1.2.1",
209
+ "profiles": [
210
+ {
211
+ "title": "/tmp Compliance Profile",
212
+ "sha256": "7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd",
213
+ "version": "0.1.1",
214
+ "controls": [
215
+ {
216
+ "id": "tmp-1.0",
217
+ "results": [
218
+ { "status": "passed", "code_desc": "File /tmp should be directory" },
219
+ ],
220
+ },
221
+ {
222
+ "id": "tmp-1.1",
223
+ "results": [
224
+ { "status": "failed", "code_desc": "File /etc/hosts is expected to be directory", "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400", "message": "expected `File /etc/hosts.directory?` to return true, got false" },
225
+ { "status": "skipped", "code_desc": 'File /tmp should be owned by "root"', "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400" },
226
+ ],
227
+ "removed_results_counts": { "failed": 0, "skipped": 0, "passed": 1 },
228
+ },
229
+ ],
230
+ "attributes": [
231
+ { "name": "syslog_pkg", "options": { "default": "rsyslog", "description": "syslog package..." } },
232
+ ],
233
+ },
234
+ ],
235
+ "other_checks": [],
236
+ "statistics": { "duration": 0.032332 },
237
+ "type": "inspec_report",
238
+ "node_name": "chef-client.solo",
239
+ "end_time": "2016-07-19T18:19:19Z",
240
+ "node_uuid": "aaaaaaaa-709a-475d-bef5-zzzzzzzzzzzz",
241
+ "environment": "My Prod Env",
242
+ "roles": %w{base_linux apache_linux},
243
+ "recipes": ["some_cookbook::some_recipe", "some_cookbook"],
244
+ "report_uuid": "3f0536f7-3361-4bca-ae53-b45118dceb5d",
245
+ "source_fqdn": "api.chef.io",
246
+ "organization_name": "test_org",
247
+ "policy_group": "test_policy_group",
248
+ "policy_name": "test_policy_name",
249
+ "chef_tags": ["mylinux", "my.tag", "some=tag"],
250
+ "ipaddress": "192.168.56.33",
251
+ "fqdn": "lb1.prod.example.com",
252
+ "run_time_limit": 1.1,
253
+ },
254
+ headers: {
255
+ "Accept-Encoding" => "identity",
256
+ "X-Chef-Version" => Chef::VERSION,
257
+ "X-Data-Collector-Auth" => "version=1.0",
258
+ "X-Data-Collector-Token" => token,
259
+ }
260
+ ).to_return(status: 200)
261
+
262
+ expect(reporter.send_report(inspec_report)).to eq(true)
263
+
264
+ expect(metasearch_stub).to have_been_requested
265
+ expect(report_stub).to have_been_requested
266
+ end
267
+
268
+ it "does not send report when entity_uuid is missing" do
269
+ opts.delete(:entity_uuid)
270
+ reporter = Chef::Compliance::Reporter::Automate.new(opts)
271
+ expect(reporter.send_report(inspec_report)).to eq(false)
272
+ end
273
+ end
274
+
275
+ describe "#truncate_controls_results" do
276
+ let(:report) do
277
+ {
278
+ "version": "1.2.1",
279
+ "profiles":
280
+ [{ "name": "tmp_compliance_profile",
281
+ "title": "/tmp Compliance Profile",
282
+ "summary": "An Example Compliance Profile",
283
+ "sha256": "7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215ff",
284
+ "version": "0.1.1",
285
+ "maintainer": "Nathen Harvey <nharvey@chef.io>",
286
+ "license": "Apache 2.0 License",
287
+ "copyright": "Nathen Harvey <nharvey@chef.io>",
288
+ "supports": [],
289
+ "controls":
290
+ [{ "id": "tmp-2.0",
291
+ "title": "A bunch of directories must exist",
292
+ "desc": "A bunch of directories must exist for testing",
293
+ "impact": 0.3,
294
+ "refs": [],
295
+ "tags": {},
296
+ "code": "control 'tmp-2.0' do\n impact 0.3\n title 'A bunch of directories must exist'\n desc 'A bunch of directories must exist for testing'\n describe file '/tmp' do\n it { should be_directory }\n end\nend\n",
297
+ "source_location": { "ref": "/Users/vjeffrey/code/delivery/insights/data_generator/chef-client/cache/cookbooks/test-cookbook/recipes/../files/default/compliance_profiles/tmp_compliance_profile/controls/tmp.rb", "line": 3 },
298
+ "results": [
299
+ { "status": "passed", "code_desc": "File /tmp should be directory", "run_time": 0.002312, "start_time": "2016-10-19 11:09:43 -0400" },
300
+ { "status": "passed", "code_desc": "File /etc should be directory", "run_time": 0.002314, "start_time": "2016-10-19 11:09:45 -0400" },
301
+ { "status": "passed", "code_desc": "File /opt should be directory", "run_time": 0.002315, "start_time": "2016-10-19 11:09:46 -0400" },
302
+ { "status": "skipped", "code_desc": "No-op", "run_time": 0.002316, "start_time": "2016-10-19 11:09:44 -0400", "skip_message": "4 testing" },
303
+ { "status": "skipped", "code_desc": "No-op", "run_time": 0.002317, "start_time": "2016-10-19 11:09:44 -0400", "skip_message": "4 testing" },
304
+ { "status": "skipped", "code_desc": "No-op", "run_time": 0.002318, "start_time": "2016-10-19 11:09:44 -0400", "skip_message": "4 testing" },
305
+ { "status": "failed", "code_desc": "File /etc/passwd should be directory", "run_time": 0.002313, "start_time": "2016-10-19 11:09:44 -0400" },
306
+ { "status": "failed", "code_desc": "File /etc/passwd should be directory", "run_time": 0.002313, "start_time": "2016-10-19 11:09:44 -0400" },
307
+ { "status": "failed", "code_desc": "File /etc/passwd should be directory", "run_time": 0.002313, "start_time": "2016-10-19 11:09:44 -0400" },
308
+ ],
309
+ },
310
+ { "id": "tmp-2.1",
311
+ "title": "/tmp directory is owned by the root user",
312
+ "desc": "The /tmp directory must be owned by the root user",
313
+ "impact": 0.3,
314
+ "refs": [{ "url": "https://pages.chef.io/rs/255-VFB-268/images/compliance-at-velocity2015.pdf", "ref": "Compliance Whitepaper" }],
315
+ "tags": { "production": nil, "development": nil, "identifier": "value", "remediation": "https://github.com/chef-cookbooks/audit" },
316
+ "code": "control 'tmp-2.1' do\n impact 0.3\n title '/tmp directory is owned by the root user'\n desc 'The /tmp directory must be owned by the root user'\n tag 'production','development'\n tag identifier: 'value'\n tag remediation: 'https://github.com/chef-cookbooks/audit'\n ref 'Compliance Whitepaper', url: 'https://pages.chef.io/rs/255-VFB-268/images/compliance-at-velocity2015.pdf'\n describe file '/tmp' do\n it { should be_owned_by 'root' }\n end\nend\n",
317
+ "source_location": { "ref": "/Users/vjeffrey/code/delivery/insights/data_generator/chef-client/cache/cookbooks/test-cookbook/recipes/../files/default/compliance_profiles/tmp_compliance_profile/controls/tmp.rb", "line": 12 },
318
+ "results": [
319
+ { "status": "passed", "code_desc": 'File /tmp should be owned by "root"', "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400" },
320
+ { "status": "passed", "code_desc": 'File /etc should be owned by "root"', "run_time": 1.238845, "start_time": "2016-10-19 11:09:43 -0400" },
321
+ ],
322
+ },
323
+ ],
324
+ "groups": [{ "title": "/tmp Compliance Profile", "controls": ["tmp-1.0", "tmp-1.1"], "id": "controls/tmp.rb" }],
325
+ "attributes": [{ "name": "syslog_pkg", "options": { "default": "rsyslog", "description": "syslog package..." } }] }],
326
+ "other_checks": [],
327
+ "statistics": { "duration": 0.032332 },
328
+ }
329
+ end
330
+
331
+ it "truncates controls results 1" do
332
+ truncated_report = reporter.truncate_controls_results(report, 5)
333
+ expect(truncated_report[:profiles][0][:controls][0][:results].length).to eq(5)
334
+ statuses = truncated_report[:profiles][0][:controls][0][:results].map { |r| r[:status] }
335
+ expect(statuses).to eq(%w{failed failed failed skipped skipped})
336
+ expect(truncated_report[:profiles][0][:controls][0][:removed_results_counts]).to eq(failed: 0, skipped: 1, passed: 3)
337
+ end
338
+
339
+ it "truncates controls results 2" do
340
+ truncated_report = reporter.truncate_controls_results(report, 5)
341
+ expect(truncated_report[:profiles][0][:controls][1][:results].length).to eq(2)
342
+ statuses = truncated_report[:profiles][0][:controls][1][:results].map { |r| r[:status] }
343
+ expect(statuses).to eq(%w{passed passed})
344
+ expect(truncated_report[:profiles][0][:controls][1][:removed_results_counts]).to eq(nil)
345
+ end
346
+
347
+ it "truncates controls results 3" do
348
+ truncated_report = reporter.truncate_controls_results(report, 0)
349
+ expect(truncated_report[:profiles][0][:controls][0][:results].length).to eq(9)
350
+ end
351
+
352
+ it "truncates controls results 4" do
353
+ truncated_report = reporter.truncate_controls_results(report, 1)
354
+ expect(truncated_report[:profiles][0][:controls][0][:results].length).to eq(1)
355
+ end
356
+ end
357
+
358
+ describe "#strip_profiles_meta" do
359
+ it "removes the metadata from seen profiles" do
360
+ expected = {
361
+ other_checks: [],
362
+ profiles: [
363
+ {
364
+ attributes: [
365
+ {
366
+ name: "syslog_pkg",
367
+ options: {
368
+ default: "rsyslog",
369
+ description: "syslog package...",
370
+ },
371
+ },
372
+ ],
373
+ controls: [
374
+ {
375
+ id: "tmp-1.0",
376
+ results: [
377
+ {
378
+ code_desc: "File /tmp should be directory",
379
+ status: "passed",
380
+ },
381
+ ],
382
+ },
383
+ {
384
+ id: "tmp-1.1",
385
+ results: [
386
+ {
387
+ code_desc: 'File /tmp should be owned by "root"',
388
+ run_time: 1.228845,
389
+ start_time: "2016-10-19 11:09:43 -0400",
390
+ status: "passed",
391
+ },
392
+ {
393
+ code_desc: 'File /tmp should be owned by "root"',
394
+ run_time: 1.228845,
395
+ start_time: "2016-10-19 11:09:43 -0400",
396
+ status: "skipped",
397
+ },
398
+ {
399
+ code_desc: "File /etc/hosts is expected to be directory",
400
+ message: "expected `File /etc/hosts.directory?` to return true, got false",
401
+ run_time: 1.228845,
402
+ start_time: "2016-10-19 11:09:43 -0400",
403
+ status: "failed",
404
+ },
405
+ ],
406
+ },
407
+ ],
408
+ sha256: "7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd",
409
+ title: "/tmp Compliance Profile",
410
+ version: "0.1.1",
411
+ },
412
+ ],
413
+ run_time_limit: 1.1,
414
+ statistics: {
415
+ duration: 0.032332,
416
+ },
417
+ version: "1.2.1",
418
+ }
419
+ expect(reporter.strip_profiles_meta(inspec_report, [], 1.1)).to eq(expected)
420
+ end
421
+
422
+ it "does not remove the metadata from missing profiles" do
423
+ expected = inspec_report.merge(run_time_limit: 1.1)
424
+ expect(reporter.strip_profiles_meta(inspec_report, ["7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd"], 1.1)).to eq(expected)
425
+ end
426
+ end
427
+ end