summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Smith <tsmith@chef.io>2020-12-11 13:10:50 -0800
committerGitHub <noreply@github.com>2020-12-11 13:10:50 -0800
commit94fcdd4616d00cead931ac289b46240653f4148a (patch)
tree66b59a608c0b7b27f3c3fe262ef25a900b6404cb
parent8778e809a7b9ac876dac1f1a6c8d1c46257d5e25 (diff)
parent380a173a92aa80f6fbd2466b31d8ec4cefb06b1d (diff)
downloadchef-94fcdd4616d00cead931ac289b46240653f4148a.tar.gz
Merge pull request #10733 from chef/fix-broken-chef-automate-server-reporter
Signed-off-by: Tim Smith <tsmith@chef.io>
-rw-r--r--lib/chef/compliance/reporter/chef_server_automate.rb2
-rw-r--r--lib/chef/compliance/runner.rb73
-rw-r--r--spec/unit/compliance/runner_spec.rb27
3 files changed, 71 insertions, 31 deletions
diff --git a/lib/chef/compliance/reporter/chef_server_automate.rb b/lib/chef/compliance/reporter/chef_server_automate.rb
index be59a4cf69..f0eba27816 100644
--- a/lib/chef/compliance/reporter/chef_server_automate.rb
+++ b/lib/chef/compliance/reporter/chef_server_automate.rb
@@ -7,6 +7,8 @@ class Chef
# Used to send inspec reports to Chef Automate server via Chef Server
#
class ChefServerAutomate < Chef::Compliance::Reporter::Automate
+ attr_reader :url
+
def initialize(opts)
@entity_uuid = opts[:entity_uuid]
@run_id = opts[:run_id]
diff --git a/lib/chef/compliance/runner.rb b/lib/chef/compliance/runner.rb
index 677349df3e..8948d9c895 100644
--- a/lib/chef/compliance/runner.rb
+++ b/lib/chef/compliance/runner.rb
@@ -178,6 +178,8 @@ class Chef
# extracts relevant node data
def node_info
+ chef_server_uri = URI(Chef::Config[:chef_server_url])
+
runlist_roles = node.run_list.select { |item| item.type == :role }.map(&:name)
runlist_recipes = node.run_list.select { |item| item.type == :recipe }.map(&:name)
{
@@ -199,52 +201,61 @@ class Chef
}
end
- def send_report(reporter, report)
- logger.info "Reporting to #{reporter}"
+ def send_report(reporter_type, report)
+ logger.info "Reporting to #{reporter_type}"
+
+ reporter = reporter(reporter_type)
- insecure = node["audit"]["insecure"]
- run_time_limit = node["audit"]["run_time_limit"]
- control_results_limit = node["audit"]["control_results_limit"]
+ reporter.send_report(report) if reporter
+ end
- case reporter
+ def reporter(reporter_type)
+ case reporter_type
when "chef-automate"
opts = {
+ control_results_limit: node["audit"]["control_results_limit"],
entity_uuid: node["chef_guid"],
- run_id: run_id,
+ insecure: node["audit"]["insecure"],
node_info: node_info,
- insecure: insecure,
- run_time_limit: run_time_limit,
- control_results_limit: control_results_limit,
+ run_id: run_id,
+ run_time_limit: node["audit"]["run_time_limit"],
}
- Chef::Compliance::Reporter::Automate.new(opts).send_report(report)
+ Chef::Compliance::Reporter::Automate.new(opts)
when "chef-server-automate"
- chef_url = node["audit"]["server"] || base_chef_server_url
- chef_org = Chef::Config[:chef_server_url].split("/").last
- if chef_url
- url = construct_url(chef_url, File.join("organizations", chef_org, "data-collector"))
- opts = {
- entity_uuid: node["chef_guid"],
- run_id: run_id,
- node_info: node_info,
- insecure: insecure,
- url: url,
- run_time_limit: run_time_limit,
- control_results_limit: control_results_limit,
- }
- Chef::Compliance::Reporter::ChefServer.new(opts).send_report(report)
- else
- logger.warn "Unable to determine #{ChefUtils::Dist::Server::PRODUCT} url required by #{Inspec::Dist::PRODUCT_NAME} report collector '#{reporter}'. Skipping..."
- end
+ opts = {
+ control_results_limit: node["audit"]["control_results_limit"],
+ entity_uuid: node["chef_guid"],
+ insecure: node["audit"]["insecure"],
+ node_info: node_info,
+ run_id: run_id,
+ run_time_limit: node["audit"]["run_time_limit"],
+ url: chef_server_automate_url,
+ }
+ Chef::Compliance::Reporter::ChefServerAutomate.new(opts)
when "json-file"
path = node["audit"]["json_file"]["location"]
logger.info "Writing compliance report to #{path}"
- Chef::Compliance::Reporter::JsonFile.new(file: path).send_report(report)
+ Chef::Compliance::Reporter::JsonFile.new(file: path)
when "audit-enforcer"
- Chef::Compliance::Reporter::ComplianceEnforcer.new.send_report(report)
+ Chef::Compliance::Reporter::ComplianceEnforcer.new
else
- logger.warn "#{reporter} is not a supported #{Inspec::Dist::PRODUCT_NAME} report collector"
+ raise "'#{reporter_type}' is not a supported reporter for Compliance Phase."
end
end
+
+ def chef_server_automate_url
+ url = if node["audit"]["server"]
+ URI(node["audit"]["server"])
+ else
+ URI(Chef::Config[:chef_server_url]).tap do |u|
+ u.path = ""
+ end
+ end
+
+ org = Chef::Config[:chef_server_url].split("/").last
+ url.path = File.join(url.path, "organizations/#{org}/data-collector")
+ url
+ end
end
end
end
diff --git a/spec/unit/compliance/runner_spec.rb b/spec/unit/compliance/runner_spec.rb
index 68c8a9553b..f9f3d61dd2 100644
--- a/spec/unit/compliance/runner_spec.rb
+++ b/spec/unit/compliance/runner_spec.rb
@@ -110,4 +110,31 @@ describe Chef::Compliance::Runner do
runner.warn_for_deprecated_config_values!
end
end
+
+ describe "#reporter" do
+ context "chef-server-automate reporter" do
+ it "uses the correct URL when 'server' attribute is set" do
+ Chef::Config[:chef_server_url] = "https://chef_config_url.example.com/my_org"
+ node.normal["audit"]["server"] = "https://server_attribute_url.example.com/application/sub_application"
+
+ reporter = runner.reporter("chef-server-automate")
+
+ expect(reporter).to be_kind_of(Chef::Compliance::Reporter::ChefServerAutomate)
+ expect(reporter.url).to eq(URI("https://server_attribute_url.example.com/application/sub_application/organizations/my_org/data-collector"))
+ end
+
+ it "falls back to chef_server_url for URL when 'server' attribute is not set" do
+ Chef::Config[:chef_server_url] = "https://chef_config_url.example.com/my_org"
+
+ reporter = runner.reporter("chef-server-automate")
+
+ expect(reporter).to be_kind_of(Chef::Compliance::Reporter::ChefServerAutomate)
+ expect(reporter.url).to eq(URI("https://chef_config_url.example.com/organizations/my_org/data-collector"))
+ end
+ end
+
+ it "fails with unexpected reporter value" do
+ expect { runner.reporter("tacos") }.to raise_error(/'tacos' is not a supported reporter for Compliance Phase/)
+ end
+ end
end