diff options
author | Pete Higgins <pete@peterhiggins.org> | 2020-11-23 17:07:31 -0800 |
---|---|---|
committer | Pete Higgins <pete@peterhiggins.org> | 2020-12-01 16:12:04 -0800 |
commit | a71e2caee77c44a77b7ce358cbcfe6f157f2a059 (patch) | |
tree | dd9bca04870a3e06a05130682e46430cef6ef892 | |
parent | 51e870c3718efeaeb42fa1a31025a5382f2ba413 (diff) | |
download | chef-a71e2caee77c44a77b7ce358cbcfe6f157f2a059.tar.gz |
Remove an unnecessary wrapper module.
Signed-off-by: Pete Higgins <pete@peterhiggins.org>
-rw-r--r-- | lib/chef/audit/default_attributes.rb | 107 | ||||
-rw-r--r-- | lib/chef/audit/runner.rb | 2 |
2 files changed, 53 insertions, 56 deletions
diff --git a/lib/chef/audit/default_attributes.rb b/lib/chef/audit/default_attributes.rb index a47f194927..7c71d07eaf 100644 --- a/lib/chef/audit/default_attributes.rb +++ b/lib/chef/audit/default_attributes.rb @@ -17,72 +17,69 @@ require "chef/node/attribute_collections" # for VividMash class Chef module Audit - # TODO: Just define the thing, no need for a module wrapping it. - module DefaultAttributes - DEFAULTS = Chef::Node::VividMash.new( - # If enabled, a cache is built for all backend calls. This should only be - # disabled if you are expecting unique results from the same backend call. - "inspec_backend_cache" => true, + DEFAULT_ATTRIBUTES = Chef::Node::VividMash.new( + # If enabled, a cache is built for all backend calls. This should only be + # disabled if you are expecting unique results from the same backend call. + "inspec_backend_cache" => true, - # controls where inspec scan reports are sent - # possible values: 'chef-server-automate', 'chef-automate', 'json-file' - # notes: 'chef-automate' requires inspec version 0.27.1 or greater - # deprecated: 'chef-visibility' is replaced with 'chef-automate' - # deprecated: 'chef-compliance' is replaced with 'chef-automate' - # deprecated: 'chef-server-visibility' is replaced with 'chef-server-automate' - "reporter" => "json-file", + # controls where inspec scan reports are sent + # possible values: 'chef-server-automate', 'chef-automate', 'json-file' + # notes: 'chef-automate' requires inspec version 0.27.1 or greater + # deprecated: 'chef-visibility' is replaced with 'chef-automate' + # deprecated: 'chef-compliance' is replaced with 'chef-automate' + # deprecated: 'chef-server-visibility' is replaced with 'chef-server-automate' + "reporter" => "json-file", - # controls where inspec profiles are fetched from, Chef Automate or via Chef Server - # possible values: nil, 'chef-server', 'chef-automate' - "fetcher" => nil, + # controls where inspec profiles are fetched from, Chef Automate or via Chef Server + # possible values: nil, 'chef-server', 'chef-automate' + "fetcher" => nil, - # allow for connections to HTTPS endpoints using self-signed ssl certificates - "insecure" => nil, + # allow for connections to HTTPS endpoints using self-signed ssl certificates + "insecure" => nil, - # controls verbosity of inspec runner - "quiet" => true, + # controls verbosity of inspec runner + "quiet" => true, - # Chef Inspec Compliance profiles to be used for scan of node - # See README.md for details - "profiles" => {}, + # Chef Inspec Compliance profiles to be used for scan of node + # See README.md for details + "profiles" => {}, - # Attributes used to run the given profiles - "attributes" => {}, + # Attributes used to run the given profiles + "attributes" => {}, - # Set this to the path of a YAML waiver file you wish to apply - # See https://www.inspec.io/docs/reference/waivers/ - "waiver_file" => nil, + # Set this to the path of a YAML waiver file you wish to apply + # See https://www.inspec.io/docs/reference/waivers/ + "waiver_file" => nil, - "json_file" => { - # The location of the json-file output: - # <chef_cache_path>/cookbooks/audit/inspec-<timestamp>.json - # TODO: ^^ comment is wrong - # TODO: Does this path work? - "location" => File.expand_path(Time.now.utc.strftime("../../../inspec-%Y%m%d%H%M%S.json"), __dir__), - }, + "json_file" => { + # The location of the json-file output: + # <chef_cache_path>/cookbooks/audit/inspec-<timestamp>.json + # TODO: ^^ comment is wrong + # TODO: Does this path work? + "location" => File.expand_path(Time.now.utc.strftime("../../../inspec-%Y%m%d%H%M%S.json"), __dir__), + }, - # Control results that have a `run_time` below this limit will - # be stripped of the `start_time` and `run_time` fields to - # reduce the size of the reports being sent to Automate - "run_time_limit" => 1.0, + # Control results that have a `run_time` below this limit will + # be stripped of the `start_time` and `run_time` fields to + # reduce the size of the reports being sent to Automate + "run_time_limit" => 1.0, - # A control result message that exceeds this character limit will be truncated. - # This helps keep reports to a reasonable size. On rare occasions, we've seen messages exceeding 9 MB in size, - # causing the report to not be ingested in the backend because of the 4 MB report size rpc limitation. - # InSpec will append this text at the end of any truncated messages: `[Truncated to 10000 characters]` - # Requires InSpec 4.18.114 or newer (bundled with Chef Infra Client starting with version 16.0.303) - "result_message_limit" => 10000, + # A control result message that exceeds this character limit will be truncated. + # This helps keep reports to a reasonable size. On rare occasions, we've seen messages exceeding 9 MB in size, + # causing the report to not be ingested in the backend because of the 4 MB report size rpc limitation. + # InSpec will append this text at the end of any truncated messages: `[Truncated to 10000 characters]` + # Requires InSpec 4.18.114 or newer (bundled with Chef Infra Client starting with version 16.0.303) + "result_message_limit" => 10000, - # When an InSpec resource throws an exception (e.g. permission denied), results will contain a short error message and a - # detailed ruby stacktrace of the error. This attribute instructs InSpec not to include the detailed stacktrace in order - # to keep the overall report to a manageable size. - # Requires InSpec 4.18.114 or newer (bundled with Chef Infra Client starting with version 16.0.303) - "result_include_backtrace" => false, + # When an InSpec resource throws an exception (e.g. permission denied), results will contain a short error message and a + # detailed ruby stacktrace of the error. This attribute instructs InSpec not to include the detailed stacktrace in order + # to keep the overall report to a manageable size. + # Requires InSpec 4.18.114 or newer (bundled with Chef Infra Client starting with version 16.0.303) + "result_include_backtrace" => false, - # The array of results per control will be truncated at this limit to avoid large reports that cannot be - # processed by Automate. A summary of removed results will be sent with each impacted control. - "control_results_limit" => 50 - ) - end + # The array of results per control will be truncated at this limit to avoid large reports that cannot be + # processed by Automate. A summary of removed results will be sent with each impacted control. + "control_results_limit" => 50 + ) end end diff --git a/lib/chef/audit/runner.rb b/lib/chef/audit/runner.rb index c068dffeb8..c048b18aba 100644 --- a/lib/chef/audit/runner.rb +++ b/lib/chef/audit/runner.rb @@ -26,7 +26,7 @@ class Chef def node=(node) @node = node - node.default["audit"] = Chef::Audit::DefaultAttributes::DEFAULTS.merge(node["audit"] || {}) + node.default["audit"] = Chef::Audit::DEFAULT_ATTRIBUTES.merge(node["audit"] || {}) end def node_load_completed(node, _expanded_run_list, _config) |