diff options
| author | Lamont Granquist <lamont@scriptkiddie.org> | 2021-02-12 13:40:19 -0800 |
|---|---|---|
| committer | Tim Smith <tsmith84@gmail.com> | 2021-02-12 14:36:06 -0800 |
| commit | 3c80e35dd8a6379e2e98d0a1cc24e9fdf983751b (patch) | |
| tree | bc9deacf4479166cfbaa9707554733fcde4f5639 | |
| parent | 5cb6acda52c32c4d199c6fd478c278fb462d3297 (diff) | |
| download | chef-3c80e35dd8a6379e2e98d0a1cc24e9fdf983751b.tar.gz | |
Fix automate compliance fetcher for profiles with at signs
This is largely copypasta directly out of the audit cookbook.
I've preserved the original backcompat in the cookbook because
it seems more important for this code to be correct than to try
to mess around deprecating code that isn't hurting anything.
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
| -rw-r--r-- | lib/chef/compliance/fetcher/automate.rb | 19 | ||||
| -rw-r--r-- | spec/unit/compliance/fetcher/automate_spec.rb | 8 |
2 files changed, 23 insertions, 4 deletions
diff --git a/lib/chef/compliance/fetcher/automate.rb b/lib/chef/compliance/fetcher/automate.rb index b254684280..64aff6833a 100644 --- a/lib/chef/compliance/fetcher/automate.rb +++ b/lib/chef/compliance/fetcher/automate.rb @@ -32,12 +32,12 @@ class Chef profile_fetch_url = target[:url] else # verifies that the target e.g base/ssh exists - base_path = "/compliance/profiles/#{uri.host}#{uri.path}" - + profile = sanitize_profile_name(uri) + owner, id = profile.split("/") profile_path = if target.respond_to?(:key?) && target.key?(:version) - "#{base_path}/version/#{target[:version]}/tar" + "/compliance/profiles/#{owner}/#{id}/version/#{target[:version]}/tar" else - "#{base_path}/tar" + "/compliance/profiles/#{owner}/#{id}/tar" end url = URI(Chef::Config[:data_collector][:server_url]) @@ -60,6 +60,17 @@ class Chef nil end + # returns a parsed url for `admin/profile` or `compliance://admin/profile` + # TODO: remove in future, copied from inspec to support older versions of inspec + def self.sanitize_profile_name(profile) + uri = if URI(profile).scheme == "compliance" + URI(profile) + else + URI("compliance://#{profile}") + end + uri.to_s.sub(%r{^compliance:\/\/}, "") + end + def to_s "#{ChefUtils::Dist::Automate::PRODUCT} for #{ChefUtils::Dist::Solo::PRODUCT} Fetcher" end diff --git a/spec/unit/compliance/fetcher/automate_spec.rb b/spec/unit/compliance/fetcher/automate_spec.rb index bc2125aaa7..f3554b8b0f 100644 --- a/spec/unit/compliance/fetcher/automate_spec.rb +++ b/spec/unit/compliance/fetcher/automate_spec.rb @@ -21,6 +21,14 @@ describe Chef::Compliance::Fetcher::Automate do expect(res.target).to eq(expected) end + it "should resolve a compliance URL with a @ in the namespace" do + res = Chef::Compliance::Fetcher::Automate.resolve("compliance://name@space/profile_name") + + expect(res).to be_kind_of(Chef::Compliance::Fetcher::Automate) + expected = "https://automate.test/compliance/profiles/name@space/profile_name/tar" + expect(res.target).to eq(expected) + end + it "raises an exception with no data collector token" do Chef::Config[:data_collector].delete(:token) |