summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPete Higgins <pete@peterhiggins.org>2020-11-13 16:46:45 -0800
committerPete Higgins <pete@peterhiggins.org>2020-12-01 16:12:04 -0800
commiteed12b53bded91aeee33de9f9a76b992d2fd9808 (patch)
treed556aa322ae95dea775f4aecf059f2ff7af46c7f
parent5cbf53934e3773827a6115e7d2b7ba8a303c221d (diff)
downloadchef-eed12b53bded91aeee33de9f9a76b992d2fd9808.tar.gz
Fix waiver code.
Signed-off-by: Pete Higgins <pete@peterhiggins.org>
-rw-r--r--lib/chef/audit/runner.rb11
-rw-r--r--spec/unit/audit/runner_spec.rb41
2 files changed, 37 insertions, 15 deletions
diff --git a/lib/chef/audit/runner.rb b/lib/chef/audit/runner.rb
index 2aa5b1bd71..af6eeb82c4 100644
--- a/lib/chef/audit/runner.rb
+++ b/lib/chef/audit/runner.rb
@@ -61,12 +61,13 @@ class Chef
end
def inspec_opts
- # TODO: this code needs to not call return
waivers = Array(audit_attributes["waiver_file"]).select do |file|
- return true if File.exist?(file)
-
- logger.error "The specified InSpec waiver file #{file} is missing, skipping it..."
- false
+ if File.exist?(file)
+ true
+ else
+ logger.error "The specified InSpec waiver file #{file} is missing, skipping it..."
+ false
+ end
end
{
diff --git a/spec/unit/audit/runner_spec.rb b/spec/unit/audit/runner_spec.rb
index fadfceb3c0..91db3dda91 100644
--- a/spec/unit/audit/runner_spec.rb
+++ b/spec/unit/audit/runner_spec.rb
@@ -9,19 +9,20 @@ describe Chef::Audit::Runner do
end
end
- describe "#enabled?" do
- let(:cookbook_collection) { Chef::CookbookCollection.new }
- let(:event_dispatcher) { Chef::EventDispatch::Dispatcher.new }
- let(:node) { Chef::Node.new(logger: double(:logger).as_null_object) }
- let(:run_context) { Chef::RunContext.new(node, cookbook_collection, event_dispatcher) }
- let(:run_status) do
- Chef::RunStatus.new(node, event_dispatcher).tap do |rs|
- rs.run_context = run_context
- end
+ let(:cookbook_collection) { Chef::CookbookCollection.new }
+ let(:event_dispatcher) { Chef::EventDispatch::Dispatcher.new }
+ let(:logger) { double(:logger).as_null_object }
+ let(:node) { Chef::Node.new(logger: logger) }
+ let(:run_context) { Chef::RunContext.new(node, cookbook_collection, event_dispatcher) }
+ let(:run_status) do
+ Chef::RunStatus.new(node, event_dispatcher).tap do |rs|
+ rs.run_context = run_context
end
+ end
- let(:runner) { test_class.new(run_status) }
+ let(:runner) { test_class.new(run_status) }
+ describe "#enabled?" do
it "is true if the node attributes have audit profiles and the audit cookbook is not present" do
node.default["audit"] = {}
node.default["audit"]["profiles"] = {}
@@ -60,4 +61,24 @@ describe Chef::Audit::Runner do
expect(runner).not_to be_enabled
end
end
+
+ describe "#inspec_opts" do
+ it "accepts a string as a waiver file" do
+ node.default["audit"] = {}
+ node.default["audit"][:waiver_file] = __FILE__
+
+ expect(logger).not_to receive(:error)
+
+ expect(runner.inspec_opts[:waiver_file]).to eq([__FILE__])
+ end
+
+ it "filters out non-existant waiver files" do
+ node.default["audit"] = {}
+ node.default["audit"][:waiver_file] = [__FILE__, "some_other_file"]
+
+ expect(logger).to receive(:error).with(/some_other_file is missing/)
+
+ expect(runner.inspec_opts[:waiver_file]).to eq([__FILE__])
+ end
+ end
end