diff options
author | Pete Higgins <pete@peterhiggins.org> | 2020-12-11 15:52:23 -0800 |
---|---|---|
committer | Pete Higgins <pete@peterhiggins.org> | 2020-12-11 17:43:53 -0800 |
commit | 4d3c5ed88b1a09190e999a60f517a3755b17ba7b (patch) | |
tree | 7cc54f7a59df5cebf187a9c8d3c995dd8f9c7d33 | |
parent | 6c68ff5e1bf844bd541c0d3f1a6c41f653cc92a3 (diff) | |
download | chef-4d3c5ed88b1a09190e999a60f517a3755b17ba7b.tar.gz |
Add audit cookbook's chef_node_attribute_enabled to Compliance Phase.add-chef-node-attribute-to-compliance-phase
Signed-off-by: Pete Higgins <pete@peterhiggins.org>
-rw-r--r-- | lib/chef/compliance/default_attributes.rb | 6 | ||||
-rw-r--r-- | lib/chef/compliance/runner.rb | 9 | ||||
-rw-r--r-- | spec/unit/compliance/runner_spec.rb | 28 |
3 files changed, 40 insertions, 3 deletions
diff --git a/lib/chef/compliance/default_attributes.rb b/lib/chef/compliance/default_attributes.rb index eb50c3a5e9..9b368d4f64 100644 --- a/lib/chef/compliance/default_attributes.rb +++ b/lib/chef/compliance/default_attributes.rb @@ -83,7 +83,11 @@ class Chef # The array of results per control will be truncated at this limit to avoid large reports that cannot be # processed by Chef Automate. A summary of removed results will be sent with each impacted control. - "control_results_limit" => 50 + "control_results_limit" => 50, + + # If enabled, a hash representation of the Chef Infra node object will be sent to Chef InSpec in an input + # named `chef_node`. + "chef_node_attribute_enabled" => false ) end end diff --git a/lib/chef/compliance/runner.rb b/lib/chef/compliance/runner.rb index 8948d9c895..86344367c2 100644 --- a/lib/chef/compliance/runner.rb +++ b/lib/chef/compliance/runner.rb @@ -61,7 +61,6 @@ class Chef DEPRECATED_CONFIG_VALUES = %w{ attributes_save - chef_node_attribute_enabled fail_if_not_present inspec_gem_source inspec_version @@ -93,9 +92,15 @@ class Chef end def inspec_opts + inputs = node["audit"]["attributes"].to_h + if node["audit"]["chef_node_attribute_enabled"] + inputs["chef_node"] = node.to_h + inputs["chef_node"]["chef_environment"] = node.chef_environment + end + { backend_cache: node["audit"]["inspec_backend_cache"], - inputs: node["audit"]["attributes"], + inputs: inputs, logger: logger, output: node["audit"]["quiet"] ? ::File::NULL : STDOUT, report: true, diff --git a/spec/unit/compliance/runner_spec.rb b/spec/unit/compliance/runner_spec.rb index f9f3d61dd2..d4d2ba563f 100644 --- a/spec/unit/compliance/runner_spec.rb +++ b/spec/unit/compliance/runner_spec.rb @@ -137,4 +137,32 @@ describe Chef::Compliance::Runner do expect { runner.reporter("tacos") }.to raise_error(/'tacos' is not a supported reporter for Compliance Phase/) end end + + describe "#inspec_opts" do + it "does not include chef_node in inputs by default" do + node.normal["audit"]["attributes"] = { + "tacos" => "lunch", + "nachos" => "dinner", + } + + inputs = runner.inspec_opts[:inputs] + + expect(inputs["tacos"]).to eq("lunch") + expect(inputs.key?("chef_node")).to eq(false) + end + + it "includes chef_node in inputs with chef_node_attribute_enabled set" do + node.normal["audit"]["chef_node_attribute_enabled"] = true + node.normal["audit"]["attributes"] = { + "tacos" => "lunch", + "nachos" => "dinner", + } + + inputs = runner.inspec_opts[:inputs] + + expect(inputs["tacos"]).to eq("lunch") + expect(inputs["chef_node"]["audit"]["reporter"]).to eq("json-file") + expect(inputs["chef_node"]["chef_environment"]).to eq("_default") + end + end end |