chef 16.7.61-universal-mingw32 → 16.9.20-universal-mingw32

data/spec/integration/client/client_spec.rb

@@ -97,7 +97,8 @@ describe "chef-client" do
       before { file ".chef/knife.rb", "xxx.xxx" }
 
       it "should load .chef/knife.rb when -z is specified" do
-        result = shell_out("#{chef_client} -z -o 'x::default'", cwd: path_to(""))
+        # On Solaris shell_out will invoke /bin/sh which doesn't understand how to correctly update ENV['PWD']
+        result = shell_out("#{chef_client} -z -o 'x::default'", cwd: path_to(""), env: { "PWD" => nil })
         # FATAL: Configuration error NoMethodError: undefined method `xxx' for nil:NilClass
         expect(result.stdout).to include("xxx")
       end

data/spec/integration/compliance/compliance_spec.rb

@@ -0,0 +1,81 @@
+require "spec_helper"
+
+require "support/shared/integration/integration_helper"
+require "chef/mixin/shell_out"
+require "chef-utils/dist"
+
+describe "chef-client with audit mode" do
+
+  include IntegrationSupport
+  include Chef::Mixin::ShellOut
+
+  let(:chef_dir) { File.join(__dir__, "..", "..", "..", "bin") }
+
+  # Invoke `chef-client` as `ruby PATH/TO/chef-client`. This ensures the
+  # following constraints are satisfied:
+  # * Windows: windows can only run batch scripts as bare executables. Rubygems
+  # creates batch wrappers for installed gems, but we don't have batch wrappers
+  # in the source tree.
+  # * Other `chef-client` in PATH: A common case is running the tests on a
+  # machine that has omnibus chef installed. In that case we need to ensure
+  # we're running `chef-client` from the source tree and not the external one.
+  # cf. CHEF-4914
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai" }
+
+  when_the_repository "has a custom profile" do
+    let(:report_file) { path_to("report_file.json") }
+
+    before do
+      directory "profiles/my-profile" do
+        file "inspec.yml", <<~FILE
+          ---
+          name: my-profile
+        FILE
+
+        directory "controls" do
+          file "my_control.rb", <<~FILE
+            control "my control" do
+              describe Dir.home do
+                it { should be_kind_of String }
+              end
+            end
+          FILE
+        end
+      end
+
+      file "attributes.json", <<~FILE
+        {
+          "audit": {
+            "json_file": {
+              "location": "#{report_file}"
+            },
+            "profiles": {
+              "my-profile": {
+                "path": "#{path_to("profiles/my-profile")}"
+              }
+            }
+          }
+        }
+      FILE
+    end
+
+    it "should complete with success" do
+      result = shell_out!("#{chef_client} --local-mode --json-attributes #{path_to("attributes.json")}", cwd: chef_dir)
+      result.error!
+
+      inspec_report = JSON.parse(File.read(report_file))
+      expect(inspec_report["profiles"].length).to eq(1)
+
+      profile = inspec_report["profiles"].first
+      expect(profile["name"]).to eq("my-profile")
+      expect(profile["controls"].length).to eq(1)
+
+      control = profile["controls"].first
+      expect(control["id"]).to eq("my control")
+      expect(control["results"].length).to eq(1)
+
+      result = control["results"].first
+      expect(result["status"]).to eq("passed")
+    end
+  end
+end

data/spec/integration/recipes/recipe_dsl_spec.rb

@@ -28,6 +28,7 @@ describe "Recipe DSL methods" do
         def provider
           Provider
         end
+
         class Provider < Chef::Provider
           def load_current_resource; end
 

data/spec/spec_helper.rb

@@ -31,7 +31,7 @@ $LOAD_PATH.unshift File.expand_path("../chef-utils/lib", __dir__)
 
 require "rubygems"
 require "rspec/mocks"
-
+require "rexml/document"
 require "webmock/rspec"
 
 require "chef"

data/spec/unit/client_spec.rb

@@ -129,6 +129,7 @@ shared_context "a client run" do
     expect(client.events).to receive(:register).with(instance_of(Chef::DataCollector::Reporter))
     expect(client.events).to receive(:register).with(instance_of(Chef::ResourceReporter))
     expect(client.events).to receive(:register).with(instance_of(Chef::ActionCollection))
+    expect(client.events).to receive(:register).with(instance_of(Chef::Compliance::Runner))
   end
 
   def stub_for_node_load

data/spec/unit/compliance/fetcher/automate_spec.rb

@@ -0,0 +1,134 @@
+require "spec_helper"
+require "chef/compliance/fetcher/automate"
+
+describe Chef::Compliance::Fetcher::Automate do
+  describe ".resolve" do
+    before do
+      Chef::Config[:data_collector] = {
+        server_url: "https://automate.test/data_collector",
+        token: token,
+      }
+    end
+
+    let(:token) { "fake_token" }
+
+    context "when target is a string" do
+      it "should resolve a compliance URL" do
+        res = Chef::Compliance::Fetcher::Automate.resolve("compliance://namespace/profile_name")
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
+        expected = "https://automate.test/compliance/profiles/namespace/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "raises an exception with no data collector token" do
+        Chef::Config[:data_collector].delete(:token)
+
+        expect {
+          Chef::Compliance::Fetcher::Automate.resolve("compliance://namespace/profile_name")
+        }.to raise_error(/No data-collector token set/)
+      end
+
+      it "includes the data collector token" do
+        expect(Chef::Compliance::Fetcher::Automate).to receive(:new).with(
+          "https://automate.test/compliance/profiles/namespace/profile_name/tar",
+          hash_including("token" => token)
+        ).and_call_original
+
+        res = Chef::Compliance::Fetcher::Automate.resolve("compliance://namespace/profile_name")
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
+        expected = "https://automate.test/compliance/profiles/namespace/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "returns nil with a non-compliance URL" do
+        res = Chef::Compliance::Fetcher::Automate.resolve("http://github.com/chef-cookbooks/audit")
+
+        expect(res).to eq(nil)
+      end
+    end
+
+    context "when target is a hash" do
+      it "should resolve a target with a version" do
+        res = Chef::Compliance::Fetcher::Automate.resolve(
+          compliance: "namespace/profile_name",
+          version: "1.2.3"
+        )
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
+        expected = "https://automate.test/compliance/profiles/namespace/profile_name/version/1.2.3/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "should resolve a target without a version" do
+        res = Chef::Compliance::Fetcher::Automate.resolve(
+          compliance: "namespace/profile_name"
+        )
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
+        expected = "https://automate.test/compliance/profiles/namespace/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "uses url key when present" do
+        res = Chef::Compliance::Fetcher::Automate.resolve(
+          compliance: "namespace/profile_name",
+          version: "1.2.3",
+          url: "https://profile.server.test/profiles/profile_name/1.2.3"
+        )
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
+        expected = "https://profile.server.test/profiles/profile_name/1.2.3"
+        expect(res.target).to eq(expected)
+      end
+
+      it "does not include token in the config when url key is present" do
+        expect(Chef::Compliance::Fetcher::Automate).to receive(:new).with(
+          "https://profile.server.test/profiles/profile_name/1.2.3",
+          hash_including("token" => nil)
+        ).and_call_original
+
+        res = Chef::Compliance::Fetcher::Automate.resolve(
+          compliance: "namespace/profile_name",
+          version: "1.2.3",
+          url: "https://profile.server.test/profiles/profile_name/1.2.3"
+        )
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
+        expected = "https://profile.server.test/profiles/profile_name/1.2.3"
+        expect(res.target).to eq(expected)
+      end
+
+      it "raises an exception with no data collector token" do
+        Chef::Config[:data_collector].delete(:token)
+
+        expect {
+          Chef::Compliance::Fetcher::Automate.resolve(compliance: "namespace/profile_name")
+        }.to raise_error(Inspec::FetcherFailure, /No data-collector token set/)
+      end
+
+      it "includes the data collector token" do
+        expect(Chef::Compliance::Fetcher::Automate).to receive(:new).with(
+          "https://automate.test/compliance/profiles/namespace/profile_name/tar",
+          hash_including("token" => token)
+        ).and_call_original
+
+        res = Chef::Compliance::Fetcher::Automate.resolve(compliance: "namespace/profile_name")
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate)
+        expected = "https://automate.test/compliance/profiles/namespace/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "returns nil with a non-profile Hash" do
+        res = Chef::Compliance::Fetcher::Automate.resolve(
+          profile: "namespace/profile_name",
+          version: "1.2.3"
+        )
+
+        expect(res).to eq(nil)
+      end
+    end
+  end
+end

data/spec/unit/compliance/fetcher/chef_server_spec.rb

@@ -0,0 +1,93 @@
+require "spec_helper"
+require "chef/compliance/fetcher/chef_server"
+
+describe Chef::Compliance::Fetcher::ChefServer do
+  let(:node) do
+    Chef::Node.new.tap do |n|
+      n.default["audit"] = {}
+    end
+  end
+
+  before :each do
+    allow(Chef).to receive(:node).and_return(node)
+
+    Chef::Config[:chef_server_url] = "http://127.0.0.1:8889/organizations/my_org"
+  end
+
+  describe ".resolve" do
+    context "when target is a string" do
+      it "should resolve a compliance URL" do
+        res = Chef::Compliance::Fetcher::ChefServer.resolve("compliance://namespace/profile_name")
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
+        expected = "http://127.0.0.1:8889/organizations/my_org/owners/namespace/compliance/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "should add /compliance URL prefix if needed" do
+        node.default["audit"]["fetcher"] = "chef-server"
+        res = Chef::Compliance::Fetcher::ChefServer.resolve("compliance://namespace/profile_name")
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
+        expected = "http://127.0.0.1:8889/compliance/organizations/my_org/owners/namespace/compliance/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "includes user in the URL if present" do
+        res = Chef::Compliance::Fetcher::ChefServer.resolve("compliance://username@namespace/profile_name")
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
+        expected = "http://127.0.0.1:8889/organizations/my_org/owners/username@namespace/compliance/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "returns nil with a non-compliance URL" do
+        res = Chef::Compliance::Fetcher::ChefServer.resolve("http://github.com/chef-cookbooks/audit")
+
+        expect(res).to eq(nil)
+      end
+    end
+
+    context "when target is a hash" do
+      it "should resolve a target with a version" do
+        res = Chef::Compliance::Fetcher::ChefServer.resolve(
+          compliance: "namespace/profile_name",
+          version: "1.2.3"
+        )
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
+        expected = "http://127.0.0.1:8889/organizations/my_org/owners/namespace/compliance/profile_name/version/1.2.3/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "should resolve a target without a version" do
+        res = Chef::Compliance::Fetcher::ChefServer.resolve(
+          compliance: "namespace/profile_name"
+        )
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
+        expected = "http://127.0.0.1:8889/organizations/my_org/owners/namespace/compliance/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "includes user in the URL if present" do
+        res = Chef::Compliance::Fetcher::ChefServer.resolve(
+          compliance: "username@namespace/profile_name"
+        )
+
+        expect(res).to be_kind_of(Chef::Compliance::Fetcher::ChefServer)
+        expected = "http://127.0.0.1:8889/organizations/my_org/owners/username@namespace/compliance/profile_name/tar"
+        expect(res.target).to eq(expected)
+      end
+
+      it "returns nil with a non-profile Hash" do
+        res = Chef::Compliance::Fetcher::ChefServer.resolve(
+          profile: "namespace/profile_name",
+          version: "1.2.3"
+        )
+
+        expect(res).to eq(nil)
+      end
+    end
+  end
+end

data/spec/unit/compliance/reporter/automate_spec.rb

@@ -0,0 +1,427 @@
+require "spec_helper"
+require "json" # For .to_json
+
+describe Chef::Compliance::Reporter::Automate do
+  let(:reporter) { Chef::Compliance::Reporter::Automate.new(opts) }
+
+  let(:opts) do
+    {
+      entity_uuid: "aaaaaaaa-709a-475d-bef5-zzzzzzzzzzzz",
+      run_id: "3f0536f7-3361-4bca-ae53-b45118dceb5d",
+      node_info: {
+        node: "chef-client.solo",
+        environment: "My Prod Env",
+        roles: %w{base_linux apache_linux},
+        recipes: ["some_cookbook::some_recipe", "some_cookbook"],
+        policy_name: "test_policy_name",
+        policy_group: "test_policy_group",
+        chef_tags: ["mylinux", "my.tag", "some=tag"],
+        organization_name: "test_org",
+        source_fqdn: "api.chef.io",
+        ipaddress: "192.168.56.33",
+        fqdn: "lb1.prod.example.com",
+      },
+      run_time_limit: 1.1,
+      control_results_limit: 2,
+      timestamp: Time.parse("2016-07-19T19:19:19+01:00"),
+    }
+  end
+
+  let(:inspec_report) do
+    {
+      "version": "1.2.1",
+      "profiles":
+      [{ "name": "tmp_compliance_profile",
+         "title": "/tmp Compliance Profile",
+         "summary": "An Example Compliance Profile",
+         "sha256": "7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd",
+         "version": "0.1.1",
+         "maintainer": "Nathen Harvey <nharvey@chef.io>",
+         "license": "Apache 2.0 License",
+         "copyright": "Nathen Harvey <nharvey@chef.io>",
+         "supports": [],
+         "controls":
+         [{ "title": "A /tmp directory must exist",
+            "desc": "A /tmp directory must exist",
+            "impact": 0.3,
+            "refs": [],
+            "tags": {},
+            "code": "control 'tmp-1.0' do\n  impact 0.3\n  title 'A /tmp directory must exist'\n  desc 'A /tmp directory must exist'\n  describe file '/tmp' do\n    it { should be_directory }\n  end\nend\n",
+            "source_location": { "ref": "/Users/vjeffrey/code/delivery/insights/data_generator/chef-client/cache/cookbooks/test-cookbook/recipes/../files/default/compliance_profiles/tmp_compliance_profile/controls/tmp.rb", "line": 3 },
+            "id": "tmp-1.0",
+            "results": [
+              { "status": "passed", "code_desc": "File /tmp should be directory", "run_time": 0.002312, "start_time": "2016-10-19 11:09:43 -0400" },
+            ],
+          },
+          { "title": "/tmp directory is owned by the root user",
+            "desc": "The /tmp directory must be owned by the root user",
+            "impact": 0.3,
+            "refs": [{ "url": "https://pages.chef.io/rs/255-VFB-268/images/compliance-at-velocity2015.pdf", "ref": "Compliance Whitepaper" }],
+            "tags": { "production": nil, "development": nil, "identifier": "value", "remediation": "https://github.com/chef-cookbooks/audit" },
+            "code": "control 'tmp-1.1' do\n  impact 0.3\n  title '/tmp directory is owned by the root user'\n  desc 'The /tmp directory must be owned by the root user'\n  tag 'production','development'\n  tag identifier: 'value'\n  tag remediation: 'https://github.com/chef-cookbooks/audit'\n  ref 'Compliance Whitepaper', url: 'https://pages.chef.io/rs/255-VFB-268/images/compliance-at-velocity2015.pdf'\n  describe file '/tmp' do\n    it { should be_owned_by 'root' }\n  end\nend\n",
+            "source_location": { "ref": "/Users/vjeffrey/code/delivery/insights/data_generator/chef-client/cache/cookbooks/test-cookbook/recipes/../files/default/compliance_profiles/tmp_compliance_profile/controls/tmp.rb", "line": 12 },
+            "id": "tmp-1.1",
+            "results": [
+              { "status": "passed", "code_desc": 'File /tmp should be owned by "root"', "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400" },
+              { "status": "skipped", "code_desc": 'File /tmp should be owned by "root"', "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400" },
+              { "status": "failed", "code_desc": "File /etc/hosts is expected to be directory", "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400", "message": "expected `File /etc/hosts.directory?` to return true, got false" },
+            ],
+          },
+        ],
+         "groups": [{ "title": "/tmp Compliance Profile", "controls": ["tmp-1.0", "tmp-1.1"], "id": "controls/tmp.rb" }],
+         "attributes": [{ "name": "syslog_pkg", "options": { "default": "rsyslog", "description": "syslog package..." } }] }],
+      "other_checks": [],
+      "statistics": { "duration": 0.032332 },
+    }
+  end
+
+  describe "#send_report" do
+    before :each do
+      WebMock.disable_net_connect!
+
+      Chef::Config[:data_collector] = { token: token, server_url: "https://automate.test/data_collector" }
+    end
+
+    let(:token) { "fake_token" }
+
+    it "sends report successfully to ChefAutomate with missing profiles" do
+      metasearch_stub = stub_request(:post, "https://automate.test/compliance/profiles/metasearch")
+        .with(
+          body: '{"sha256": ["7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd"]}',
+          headers: {
+            "Accept-Encoding" => "identity",
+            "X-Chef-Version" => Chef::VERSION,
+            "X-Data-Collector-Auth" => "version=1.0",
+            "X-Data-Collector-Token" => token,
+          }
+        ).to_return(
+          status: 200,
+          body: '{"missing_sha256": ["7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd"]}'
+        )
+
+      report_stub = stub_request(:post, "https://automate.test/data_collector")
+        .with(
+          body: {
+            "version": "1.2.1",
+            "profiles": [
+              {
+                "name": "tmp_compliance_profile",
+                "title": "/tmp Compliance Profile",
+                "summary": "An Example Compliance Profile",
+                "sha256": "7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd",
+                "version": "0.1.1",
+                "maintainer": "Nathen Harvey <nharvey@chef.io>",
+                "license": "Apache 2.0 License",
+                "copyright": "Nathen Harvey <nharvey@chef.io>",
+                "supports": [],
+                "controls": [
+                  {
+                    "title": "A /tmp directory must exist",
+                    "desc": "A /tmp directory must exist",
+                    "impact": 0.3,
+                    "refs": [],
+                    "tags": {},
+                    "code": "control 'tmp-1.0' do\n  impact 0.3\n  title 'A /tmp directory must exist'\n  desc 'A /tmp directory must exist'\n  describe file '/tmp' do\n    it { should be_directory }\n  end\nend\n",
+                    "source_location": { "ref": "/Users/vjeffrey/code/delivery/insights/data_generator/chef-client/cache/cookbooks/test-cookbook/recipes/../files/default/compliance_profiles/tmp_compliance_profile/controls/tmp.rb", "line": 3 },
+                    "id": "tmp-1.0",
+                    "results": [
+                      { "status": "passed", "code_desc": "File /tmp should be directory", "run_time": 0.002312, "start_time": "2016-10-19 11:09:43 -0400" },
+                    ],
+                  },
+                  {
+                    "title": "/tmp directory is owned by the root user",
+                    "desc": "The /tmp directory must be owned by the root user",
+                    "impact": 0.3,
+                    "refs": [
+                      { "url": "https://pages.chef.io/rs/255-VFB-268/images/compliance-at-velocity2015.pdf", "ref": "Compliance Whitepaper" },
+                    ],
+                    "tags": { "production": nil, "development": nil, "identifier": "value", "remediation": "https://github.com/chef-cookbooks/audit" },
+                    "code": "control 'tmp-1.1' do\n  impact 0.3\n  title '/tmp directory is owned by the root user'\n  desc 'The /tmp directory must be owned by the root user'\n  tag 'production','development'\n  tag identifier: 'value'\n  tag remediation: 'https://github.com/chef-cookbooks/audit'\n  ref 'Compliance Whitepaper', url: 'https://pages.chef.io/rs/255-VFB-268/images/compliance-at-velocity2015.pdf'\n  describe file '/tmp' do\n    it { should be_owned_by 'root' }\n  end\nend\n",
+                    "source_location": { "ref": "/Users/vjeffrey/code/delivery/insights/data_generator/chef-client/cache/cookbooks/test-cookbook/recipes/../files/default/compliance_profiles/tmp_compliance_profile/controls/tmp.rb", "line": 12 },
+                    "id": "tmp-1.1",
+                    "results": [
+                      { "status": "failed", "code_desc": "File /etc/hosts is expected to be directory", "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400", "message": "expected `File /etc/hosts.directory?` to return true, got false" },
+                      { "status": "skipped", "code_desc": 'File /tmp should be owned by "root"', "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400" },
+                    ],
+                    "removed_results_counts": { "failed": 0, "skipped": 0, "passed": 1 },
+                  },
+                ],
+                "groups": [
+                  { "title": "/tmp Compliance Profile", "controls": ["tmp-1.0", "tmp-1.1"], "id": "controls/tmp.rb" },
+                ],
+                "attributes": [
+                  { "name": "syslog_pkg", "options": { "default": "rsyslog", "description": "syslog package..." } },
+                ],
+              },
+            ],
+            "other_checks": [],
+            "statistics": { "duration": 0.032332 },
+            "type": "inspec_report",
+            "node_name": "chef-client.solo",
+            "end_time": "2016-07-19T18:19:19Z",
+            "node_uuid": "aaaaaaaa-709a-475d-bef5-zzzzzzzzzzzz",
+            "environment": "My Prod Env",
+            "roles": %w{base_linux apache_linux},
+            "recipes": ["some_cookbook::some_recipe", "some_cookbook"],
+            "report_uuid": "3f0536f7-3361-4bca-ae53-b45118dceb5d",
+            "source_fqdn": "api.chef.io",
+            "organization_name": "test_org",
+            "policy_group": "test_policy_group",
+            "policy_name": "test_policy_name",
+            "chef_tags": ["mylinux", "my.tag", "some=tag"],
+            "ipaddress": "192.168.56.33",
+            "fqdn": "lb1.prod.example.com",
+            "run_time_limit": 1.1,
+          },
+          headers: {
+            "Accept-Encoding" => "identity",
+            "X-Chef-Version" => Chef::VERSION,
+            "X-Data-Collector-Auth" => "version=1.0",
+            "X-Data-Collector-Token" => token,
+          }
+        ).to_return(status: 200)
+
+      expect(reporter.send_report(inspec_report)).to eq(true)
+
+      expect(metasearch_stub).to have_been_requested
+      expect(report_stub).to have_been_requested
+    end
+
+    it "sends report successfully to ChefAutomate with seen profiles" do
+      metasearch_stub = stub_request(:post, "https://automate.test/compliance/profiles/metasearch")
+        .with(
+          body: '{"sha256": ["7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd"]}',
+          headers: {
+            "Accept-Encoding" => "identity",
+            "X-Chef-Version" => Chef::VERSION,
+            "X-Data-Collector-Auth" => "version=1.0",
+            "X-Data-Collector-Token" => token,
+          }
+        ).to_return(
+          status: 200,
+          body: '{"missing_sha256": []}'
+        )
+
+      report_stub = stub_request(:post, "https://automate.test/data_collector")
+        .with(
+          body: {
+            "version": "1.2.1",
+            "profiles": [
+              {
+                "title": "/tmp Compliance Profile",
+                "sha256": "7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd",
+                "version": "0.1.1",
+                "controls": [
+                  {
+                    "id": "tmp-1.0",
+                    "results": [
+                      { "status": "passed", "code_desc": "File /tmp should be directory" },
+                    ],
+                  },
+                  {
+                    "id": "tmp-1.1",
+                    "results": [
+                      { "status": "failed", "code_desc": "File /etc/hosts is expected to be directory", "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400", "message": "expected `File /etc/hosts.directory?` to return true, got false" },
+                      { "status": "skipped", "code_desc": 'File /tmp should be owned by "root"', "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400" },
+                    ],
+                    "removed_results_counts": { "failed": 0, "skipped": 0, "passed": 1 },
+                  },
+                ],
+                "attributes": [
+                  { "name": "syslog_pkg", "options": { "default": "rsyslog", "description": "syslog package..." } },
+                ],
+              },
+            ],
+            "other_checks": [],
+            "statistics": { "duration": 0.032332 },
+            "type": "inspec_report",
+            "node_name": "chef-client.solo",
+            "end_time": "2016-07-19T18:19:19Z",
+            "node_uuid": "aaaaaaaa-709a-475d-bef5-zzzzzzzzzzzz",
+            "environment": "My Prod Env",
+            "roles": %w{base_linux apache_linux},
+            "recipes": ["some_cookbook::some_recipe", "some_cookbook"],
+            "report_uuid": "3f0536f7-3361-4bca-ae53-b45118dceb5d",
+            "source_fqdn": "api.chef.io",
+            "organization_name": "test_org",
+            "policy_group": "test_policy_group",
+            "policy_name": "test_policy_name",
+            "chef_tags": ["mylinux", "my.tag", "some=tag"],
+            "ipaddress": "192.168.56.33",
+            "fqdn": "lb1.prod.example.com",
+            "run_time_limit": 1.1,
+          },
+          headers: {
+            "Accept-Encoding" => "identity",
+            "X-Chef-Version" => Chef::VERSION,
+            "X-Data-Collector-Auth" => "version=1.0",
+            "X-Data-Collector-Token" => token,
+          }
+        ).to_return(status: 200)
+
+      expect(reporter.send_report(inspec_report)).to eq(true)
+
+      expect(metasearch_stub).to have_been_requested
+      expect(report_stub).to have_been_requested
+    end
+
+    it "does not send report when entity_uuid is missing" do
+      opts.delete(:entity_uuid)
+      reporter = Chef::Compliance::Reporter::Automate.new(opts)
+      expect(reporter.send_report(inspec_report)).to eq(false)
+    end
+  end
+
+  describe "#truncate_controls_results" do
+    let(:report) do
+      {
+        "version": "1.2.1",
+        "profiles":
+        [{ "name": "tmp_compliance_profile",
+           "title": "/tmp Compliance Profile",
+           "summary": "An Example Compliance Profile",
+           "sha256": "7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215ff",
+           "version": "0.1.1",
+           "maintainer": "Nathen Harvey <nharvey@chef.io>",
+           "license": "Apache 2.0 License",
+           "copyright": "Nathen Harvey <nharvey@chef.io>",
+           "supports": [],
+           "controls":
+           [{ "id": "tmp-2.0",
+              "title": "A bunch of directories must exist",
+              "desc": "A bunch of directories must exist for testing",
+              "impact": 0.3,
+              "refs": [],
+              "tags": {},
+              "code": "control 'tmp-2.0' do\n  impact 0.3\n  title 'A bunch of directories must exist'\n  desc 'A bunch of directories must exist for testing'\n  describe file '/tmp' do\n    it { should be_directory }\n  end\nend\n",
+              "source_location": { "ref": "/Users/vjeffrey/code/delivery/insights/data_generator/chef-client/cache/cookbooks/test-cookbook/recipes/../files/default/compliance_profiles/tmp_compliance_profile/controls/tmp.rb", "line": 3 },
+              "results": [
+                { "status": "passed", "code_desc": "File /tmp should be directory", "run_time": 0.002312, "start_time": "2016-10-19 11:09:43 -0400" },
+                { "status": "passed", "code_desc": "File /etc should be directory", "run_time": 0.002314, "start_time": "2016-10-19 11:09:45 -0400" },
+                { "status": "passed", "code_desc": "File /opt should be directory", "run_time": 0.002315, "start_time": "2016-10-19 11:09:46 -0400" },
+                { "status": "skipped", "code_desc": "No-op", "run_time": 0.002316, "start_time": "2016-10-19 11:09:44 -0400", "skip_message": "4 testing" },
+                { "status": "skipped", "code_desc": "No-op", "run_time": 0.002317, "start_time": "2016-10-19 11:09:44 -0400", "skip_message": "4 testing" },
+                { "status": "skipped", "code_desc": "No-op", "run_time": 0.002318, "start_time": "2016-10-19 11:09:44 -0400", "skip_message": "4 testing" },
+                { "status": "failed", "code_desc": "File /etc/passwd should be directory", "run_time": 0.002313, "start_time": "2016-10-19 11:09:44 -0400" },
+                { "status": "failed", "code_desc": "File /etc/passwd should be directory", "run_time": 0.002313, "start_time": "2016-10-19 11:09:44 -0400" },
+                { "status": "failed", "code_desc": "File /etc/passwd should be directory", "run_time": 0.002313, "start_time": "2016-10-19 11:09:44 -0400" },
+              ],
+            },
+            { "id": "tmp-2.1",
+              "title": "/tmp directory is owned by the root user",
+              "desc": "The /tmp directory must be owned by the root user",
+              "impact": 0.3,
+              "refs": [{ "url": "https://pages.chef.io/rs/255-VFB-268/images/compliance-at-velocity2015.pdf", "ref": "Compliance Whitepaper" }],
+              "tags": { "production": nil, "development": nil, "identifier": "value", "remediation": "https://github.com/chef-cookbooks/audit" },
+              "code": "control 'tmp-2.1' do\n  impact 0.3\n  title '/tmp directory is owned by the root user'\n  desc 'The /tmp directory must be owned by the root user'\n  tag 'production','development'\n  tag identifier: 'value'\n  tag remediation: 'https://github.com/chef-cookbooks/audit'\n  ref 'Compliance Whitepaper', url: 'https://pages.chef.io/rs/255-VFB-268/images/compliance-at-velocity2015.pdf'\n  describe file '/tmp' do\n    it { should be_owned_by 'root' }\n  end\nend\n",
+              "source_location": { "ref": "/Users/vjeffrey/code/delivery/insights/data_generator/chef-client/cache/cookbooks/test-cookbook/recipes/../files/default/compliance_profiles/tmp_compliance_profile/controls/tmp.rb", "line": 12 },
+              "results": [
+                { "status": "passed", "code_desc": 'File /tmp should be owned by "root"', "run_time": 1.228845, "start_time": "2016-10-19 11:09:43 -0400" },
+                { "status": "passed", "code_desc": 'File /etc should be owned by "root"', "run_time": 1.238845, "start_time": "2016-10-19 11:09:43 -0400" },
+              ],
+            },
+          ],
+           "groups": [{ "title": "/tmp Compliance Profile", "controls": ["tmp-1.0", "tmp-1.1"], "id": "controls/tmp.rb" }],
+           "attributes": [{ "name": "syslog_pkg", "options": { "default": "rsyslog", "description": "syslog package..." } }] }],
+        "other_checks": [],
+        "statistics": { "duration": 0.032332 },
+      }
+    end
+
+    it "truncates controls results 1" do
+      truncated_report = reporter.truncate_controls_results(report, 5)
+      expect(truncated_report[:profiles][0][:controls][0][:results].length).to eq(5)
+      statuses = truncated_report[:profiles][0][:controls][0][:results].map { |r| r[:status] }
+      expect(statuses).to eq(%w{failed failed failed skipped skipped})
+      expect(truncated_report[:profiles][0][:controls][0][:removed_results_counts]).to eq(failed: 0, skipped: 1, passed: 3)
+    end
+
+    it "truncates controls results 2" do
+      truncated_report = reporter.truncate_controls_results(report, 5)
+      expect(truncated_report[:profiles][0][:controls][1][:results].length).to eq(2)
+      statuses = truncated_report[:profiles][0][:controls][1][:results].map { |r| r[:status] }
+      expect(statuses).to eq(%w{passed passed})
+      expect(truncated_report[:profiles][0][:controls][1][:removed_results_counts]).to eq(nil)
+    end
+
+    it "truncates controls results 3" do
+      truncated_report = reporter.truncate_controls_results(report, 0)
+      expect(truncated_report[:profiles][0][:controls][0][:results].length).to eq(9)
+    end
+
+    it "truncates controls results 4" do
+      truncated_report = reporter.truncate_controls_results(report, 1)
+      expect(truncated_report[:profiles][0][:controls][0][:results].length).to eq(1)
+    end
+  end
+
+  describe "#strip_profiles_meta" do
+    it "removes the metadata from seen profiles" do
+      expected = {
+        other_checks: [],
+        profiles: [
+          {
+            attributes: [
+              {
+                name: "syslog_pkg",
+                options: {
+                  default: "rsyslog",
+                  description: "syslog package...",
+                },
+              },
+            ],
+            controls: [
+              {
+                id: "tmp-1.0",
+                results: [
+                  {
+                    code_desc: "File /tmp should be directory",
+                    status: "passed",
+                  },
+                ],
+              },
+              {
+                id: "tmp-1.1",
+                results: [
+                  {
+                    code_desc: 'File /tmp should be owned by "root"',
+                    run_time: 1.228845,
+                    start_time: "2016-10-19 11:09:43 -0400",
+                    status: "passed",
+                  },
+                  {
+                    code_desc: 'File /tmp should be owned by "root"',
+                    run_time: 1.228845,
+                    start_time: "2016-10-19 11:09:43 -0400",
+                    status: "skipped",
+                  },
+                  {
+                    code_desc: "File /etc/hosts is expected to be directory",
+                    message: "expected `File /etc/hosts.directory?` to return true, got false",
+                    run_time: 1.228845,
+                    start_time: "2016-10-19 11:09:43 -0400",
+                    status: "failed",
+                  },
+                ],
+              },
+            ],
+            sha256: "7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd",
+            title: "/tmp Compliance Profile",
+            version: "0.1.1",
+          },
+        ],
+        run_time_limit: 1.1,
+        statistics: {
+          duration: 0.032332,
+        },
+        version: "1.2.1",
+      }
+      expect(reporter.strip_profiles_meta(inspec_report, [], 1.1)).to eq(expected)
+    end
+
+    it "does not remove the metadata from missing profiles" do
+      expected = inspec_report.merge(run_time_limit: 1.1)
+      expect(reporter.strip_profiles_meta(inspec_report, ["7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd"], 1.1)).to eq(expected)
+    end
+  end
+end