diff options
author | Lamont Granquist <lamont@scriptkiddie.org> | 2021-08-16 21:51:13 -0700 |
---|---|---|
committer | Lamont Granquist <lamont@scriptkiddie.org> | 2021-08-16 21:51:13 -0700 |
commit | 8fce969d692a4848fd06ba8193b889a237651b27 (patch) | |
tree | 76a4bd702b07577a755a28cecf6620c6378e47ec | |
parent | 28d4c2d010b3545a0092d9ad4136e092b8872f9a (diff) | |
download | chef-8fce969d692a4848fd06ba8193b889a237651b27.tar.gz |
Mostly working + sorta doc'd inspec_input
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
-rw-r--r-- | lib/chef/resource/inspec_input.rb | 75 |
1 files changed, 32 insertions, 43 deletions
diff --git a/lib/chef/resource/inspec_input.rb b/lib/chef/resource/inspec_input.rb index ec26591b8a..fab1d7345e 100644 --- a/lib/chef/resource/inspec_input.rb +++ b/lib/chef/resource/inspec_input.rb @@ -22,67 +22,56 @@ class Chef provides :inspec_input unified_mode true - description "Use the **inspec_waiver** resource to add a waiver to the Compliance Phase." + description "Use the **inspec_input** resource to add an input to the Compliance Phase." introduced "17.4" examples <<~DOC - **Add an InSpec waiver to the Compliance Phase**: + **Add an InSpec input to the Compliance Phase**: ```ruby - inspec_waiver 'Add waiver entry for control' do - control 'my_inspec_control_01' - run_test false - justification "The subject of this control is not managed by #{ChefUtils::Dist::Infra::PRODUCT} on the systems in policy group \#{node['policy_group']}" - expiration '2022-01-01' - action :add - end + inspec_input { ssh_custom_path: '/whatever2' } ``` - **Add an InSpec waiver to the Compliance Phase using the 'name' property to identify the control**: + **Add an InSpec waiver to the Compliance Phase using the 'name' property to identify the input**: ```ruby - inspec_waiver 'my_inspec_control_01' do - justification "The subject of this control is not managed by #{ChefUtils::Dist::Infra::PRODUCT} on the systems in policy group \#{node['policy_group']}" - action :add + inspec_input "setting my input" do + source( { ssh_custom_path: '/whatever2' }) end ``` - DOC - property :control, String, - name_property: true, - description: "The name of the control being waived" + **Add an InSpec waiver to the Compliance Phase using a TOML, JSON or YAML file**: - property :expiration, String, - description: "The expiration date of the waiver - provided in YYYY-MM-DD format", - callbacks: { - "Expiration date should be a valid calendar date and match the following format: YYYY-MM-DD" => proc { |e| - re = Regexp.new('\d{4}-\d{2}-\d{2}$').freeze - if re.match?(e) - Date.valid_date?(*e.split("-").map(&:to_i)) - else - e.nil? - end - }, - } - - property :run_test, [true, false], - description: "If present and true, the control will run and be reported, but failures in it won’t make the overall run fail. If absent or false, the control will not be run." + ```ruby + inspec_input "/path/to/my/input.yml" + ``` - property :justification, String, - description: "Can be any text you want and might include a reason for the waiver as well as who signed off on the waiver." + **Add an InSpec waiver to the Compliance Phase using a TOML, JSON or YAML file, using the 'name' property**: - action :add do - if new_resource.justification.nil? || new_resource.justification == "" - raise Chef::Exceptions::ValidationFailed, "Entries for an InSpec waiver must have a justification given, this parameter must have a value." + ```ruby + inspec_input "setting my input" do + source "/path/to/my/input.yml" end + ``` + DOC + + property :name, [ Hash, String ] - control_hash = {} - control_hash["expiration_date"] = new_resource.expiration.to_s unless new_resource.expiration.nil? - control_hash["run"] = new_resource.run_test unless new_resource.run_test.nil? - control_hash["justification"] = new_resource.justification.to_s + property :source, [ Hash, String ], + name_property: true - waiver_hash = { new_resource.control => control_hash } + action :add do + include_input(input_hash) + end - include_waiver(waiver_hash) + action_class do + def input_hash + case new_resource.source + when Hash + new_resource.source + when String + parse_file(new_resource.source) + end + end end end end |