diff options
author | Tim Smith <tsmith@chef.io> | 2020-12-11 13:10:50 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-11 13:10:50 -0800 |
commit | 94fcdd4616d00cead931ac289b46240653f4148a (patch) | |
tree | 66b59a608c0b7b27f3c3fe262ef25a900b6404cb | |
parent | 8778e809a7b9ac876dac1f1a6c8d1c46257d5e25 (diff) | |
parent | 380a173a92aa80f6fbd2466b31d8ec4cefb06b1d (diff) | |
download | chef-94fcdd4616d00cead931ac289b46240653f4148a.tar.gz |
Merge pull request #10733 from chef/fix-broken-chef-automate-server-reporter
Signed-off-by: Tim Smith <tsmith@chef.io>
-rw-r--r-- | lib/chef/compliance/reporter/chef_server_automate.rb | 2 | ||||
-rw-r--r-- | lib/chef/compliance/runner.rb | 73 | ||||
-rw-r--r-- | spec/unit/compliance/runner_spec.rb | 27 |
3 files changed, 71 insertions, 31 deletions
diff --git a/lib/chef/compliance/reporter/chef_server_automate.rb b/lib/chef/compliance/reporter/chef_server_automate.rb index be59a4cf69..f0eba27816 100644 --- a/lib/chef/compliance/reporter/chef_server_automate.rb +++ b/lib/chef/compliance/reporter/chef_server_automate.rb @@ -7,6 +7,8 @@ class Chef # Used to send inspec reports to Chef Automate server via Chef Server # class ChefServerAutomate < Chef::Compliance::Reporter::Automate + attr_reader :url + def initialize(opts) @entity_uuid = opts[:entity_uuid] @run_id = opts[:run_id] diff --git a/lib/chef/compliance/runner.rb b/lib/chef/compliance/runner.rb index 677349df3e..8948d9c895 100644 --- a/lib/chef/compliance/runner.rb +++ b/lib/chef/compliance/runner.rb @@ -178,6 +178,8 @@ class Chef # extracts relevant node data def node_info + chef_server_uri = URI(Chef::Config[:chef_server_url]) + runlist_roles = node.run_list.select { |item| item.type == :role }.map(&:name) runlist_recipes = node.run_list.select { |item| item.type == :recipe }.map(&:name) { @@ -199,52 +201,61 @@ class Chef } end - def send_report(reporter, report) - logger.info "Reporting to #{reporter}" + def send_report(reporter_type, report) + logger.info "Reporting to #{reporter_type}" + + reporter = reporter(reporter_type) - insecure = node["audit"]["insecure"] - run_time_limit = node["audit"]["run_time_limit"] - control_results_limit = node["audit"]["control_results_limit"] + reporter.send_report(report) if reporter + end - case reporter + def reporter(reporter_type) + case reporter_type when "chef-automate" opts = { + control_results_limit: node["audit"]["control_results_limit"], entity_uuid: node["chef_guid"], - run_id: run_id, + insecure: node["audit"]["insecure"], node_info: node_info, - insecure: insecure, - run_time_limit: run_time_limit, - control_results_limit: control_results_limit, + run_id: run_id, + run_time_limit: node["audit"]["run_time_limit"], } - Chef::Compliance::Reporter::Automate.new(opts).send_report(report) + Chef::Compliance::Reporter::Automate.new(opts) when "chef-server-automate" - chef_url = node["audit"]["server"] || base_chef_server_url - chef_org = Chef::Config[:chef_server_url].split("/").last - if chef_url - url = construct_url(chef_url, File.join("organizations", chef_org, "data-collector")) - opts = { - entity_uuid: node["chef_guid"], - run_id: run_id, - node_info: node_info, - insecure: insecure, - url: url, - run_time_limit: run_time_limit, - control_results_limit: control_results_limit, - } - Chef::Compliance::Reporter::ChefServer.new(opts).send_report(report) - else - logger.warn "Unable to determine #{ChefUtils::Dist::Server::PRODUCT} url required by #{Inspec::Dist::PRODUCT_NAME} report collector '#{reporter}'. Skipping..." - end + opts = { + control_results_limit: node["audit"]["control_results_limit"], + entity_uuid: node["chef_guid"], + insecure: node["audit"]["insecure"], + node_info: node_info, + run_id: run_id, + run_time_limit: node["audit"]["run_time_limit"], + url: chef_server_automate_url, + } + Chef::Compliance::Reporter::ChefServerAutomate.new(opts) when "json-file" path = node["audit"]["json_file"]["location"] logger.info "Writing compliance report to #{path}" - Chef::Compliance::Reporter::JsonFile.new(file: path).send_report(report) + Chef::Compliance::Reporter::JsonFile.new(file: path) when "audit-enforcer" - Chef::Compliance::Reporter::ComplianceEnforcer.new.send_report(report) + Chef::Compliance::Reporter::ComplianceEnforcer.new else - logger.warn "#{reporter} is not a supported #{Inspec::Dist::PRODUCT_NAME} report collector" + raise "'#{reporter_type}' is not a supported reporter for Compliance Phase." end end + + def chef_server_automate_url + url = if node["audit"]["server"] + URI(node["audit"]["server"]) + else + URI(Chef::Config[:chef_server_url]).tap do |u| + u.path = "" + end + end + + org = Chef::Config[:chef_server_url].split("/").last + url.path = File.join(url.path, "organizations/#{org}/data-collector") + url + end end end end diff --git a/spec/unit/compliance/runner_spec.rb b/spec/unit/compliance/runner_spec.rb index 68c8a9553b..f9f3d61dd2 100644 --- a/spec/unit/compliance/runner_spec.rb +++ b/spec/unit/compliance/runner_spec.rb @@ -110,4 +110,31 @@ describe Chef::Compliance::Runner do runner.warn_for_deprecated_config_values! end end + + describe "#reporter" do + context "chef-server-automate reporter" do + it "uses the correct URL when 'server' attribute is set" do + Chef::Config[:chef_server_url] = "https://chef_config_url.example.com/my_org" + node.normal["audit"]["server"] = "https://server_attribute_url.example.com/application/sub_application" + + reporter = runner.reporter("chef-server-automate") + + expect(reporter).to be_kind_of(Chef::Compliance::Reporter::ChefServerAutomate) + expect(reporter.url).to eq(URI("https://server_attribute_url.example.com/application/sub_application/organizations/my_org/data-collector")) + end + + it "falls back to chef_server_url for URL when 'server' attribute is not set" do + Chef::Config[:chef_server_url] = "https://chef_config_url.example.com/my_org" + + reporter = runner.reporter("chef-server-automate") + + expect(reporter).to be_kind_of(Chef::Compliance::Reporter::ChefServerAutomate) + expect(reporter.url).to eq(URI("https://chef_config_url.example.com/organizations/my_org/data-collector")) + end + end + + it "fails with unexpected reporter value" do + expect { runner.reporter("tacos") }.to raise_error(/'tacos' is not a supported reporter for Compliance Phase/) + end + end end |