diff options
author | Pete Higgins <pete@peterhiggins.org> | 2020-11-17 21:11:34 -0800 |
---|---|---|
committer | Pete Higgins <pete@peterhiggins.org> | 2020-12-01 16:12:04 -0800 |
commit | 7b94f2fa1b0f7d2670de07a2338b55b823a699dd (patch) | |
tree | 42edaa4e6f752f26f42e545041a522b4dbbb2efb | |
parent | cb7a17e4d4ffa7601db34289b8b237c447a509d8 (diff) | |
download | chef-7b94f2fa1b0f7d2670de07a2338b55b823a699dd.tar.gz |
Raise an exception with old profile format.
Signed-off-by: Pete Higgins <pete@peterhiggins.org>
-rw-r--r-- | lib/chef/audit/runner.rb | 9 | ||||
-rw-r--r-- | spec/unit/audit/runner_spec.rb | 42 |
2 files changed, 50 insertions, 1 deletions
diff --git a/lib/chef/audit/runner.rb b/lib/chef/audit/runner.rb index d5e1b16a7c..50c5fab460 100644 --- a/lib/chef/audit/runner.rb +++ b/lib/chef/audit/runner.rb @@ -85,7 +85,14 @@ class Chef end def inspec_profiles - audit_attributes["profiles"].map do |name, profile| + profiles = audit_attributes["profiles"] + + # TODO: Custom exception class here? + unless profiles.respond_to?(:map) && profiles.all? { |_, p| p.respond_to?(:transform_keys) && p.respond_to?(:update) } + raise "Inspec profiles specified in an unrecognized format, expected a hash of hashes." + end + + profiles.map do |name, profile| profile.transform_keys(&:to_sym).update(name: name) end end diff --git a/spec/unit/audit/runner_spec.rb b/spec/unit/audit/runner_spec.rb index fdefc33d5e..f227742b6c 100644 --- a/spec/unit/audit/runner_spec.rb +++ b/spec/unit/audit/runner_spec.rb @@ -46,4 +46,46 @@ describe Chef::Audit::Runner do expect(runner).not_to be_enabled end end + + describe "#inspec_profiles" do + it "returns an empty list with no profiles defined" do + expect(runner.inspec_profiles).to eq([]) + end + + it "converts from the attribute format to the format Inspec expects" do + node.default["audit"]["profiles"]["linux-baseline"] = { + 'compliance': "user/linux-baseline", + 'version': "2.1.0", + } + + node.default["audit"]["profiles"]["ssh"] = { + 'supermarket': "hardening/ssh-hardening", + } + + expected = [ + { + compliance: "user/linux-baseline", + name: "linux-baseline", + version: "2.1.0", + }, + { + name: "ssh", + supermarket: "hardening/ssh-hardening", + }, + ] + + expect(runner.inspec_profiles).to eq(expected) + end + + it "raises an error when the profiles are in the old audit-cookbook format" do + node.default["audit"]["profiles"] = [ + { + name: "Windows 2019 Baseline", + compliance: "admin/windows-2019-baseline", + }, + ] + + expect { runner.inspec_profiles }.to raise_error(/Inspec profiles specified in an unrecognized format, expected a hash of hashes./) + end + end end |