Copy-paste code for missing method and tests from automate-cookbook.

Signed-off-by: Pete Higgins <pete@peterhiggins.org>

2 files changed, 109 insertions, 0 deletions

diff --git a/lib/chef/audit/reporter/automate.rb b/lib/chef/audit/reporter/automate.rb
index 1656417f29..e90325f8b7 100644
--- a/lib/chef/audit/reporter/automate.rb
+++ b/lib/chef/audit/reporter/automate.rb
@@ -166,6 +166,45 @@ class Chef
           # If we get an error it's safer to assume none of the profile shas exist in Automate
           report_shas
         end
+
+        # TODO: cleanup
+        def strip_profiles_meta(report, missing_report_shas, run_time_limit)
+          return report unless report.is_a?(Hash) && report[:profiles].is_a?(Array)
+          report[:profiles].each do |p|
+            next if missing_report_shas.include?(p[:sha256])
+            # Profile 'name' is a required property. By not sending it in the report, we make it clear to the ingestion backend that the profile metadata has been stripped from this profile in the report.
+            # Profile 'title' and 'version' are still kept for troubleshooting purposes in the backend.
+            p.delete(:name)
+            p.delete(:groups)
+            p.delete(:copyright_email)
+            p.delete(:copyright)
+            p.delete(:summary)
+            p.delete(:supports)
+            p.delete(:license)
+            p.delete(:maintainer)
+            next unless p[:controls].is_a?(Array)
+            p[:controls].each do |c|
+              c.delete(:code)
+              c.delete(:desc)
+              c.delete(:descriptions)
+              c.delete(:impact)
+              c.delete(:refs)
+              c.delete(:tags)
+              c.delete(:title)
+              c.delete(:source_location)
+              c.delete(:waiver_data) if c[:waiver_data] == {}
+              next unless c[:results].is_a?(Array)
+              c[:results].each do |r|
+                if r[:run_time].is_a?(Float) && r[:run_time] < run_time_limit
+                  r.delete(:start_time)
+                  r.delete(:run_time)
+                end
+              end
+            end
+          end
+          report[:run_time_limit] = run_time_limit
+          report
+        end
       end
     end
   end
diff --git a/spec/unit/audit/reporter/automate_spec.rb b/spec/unit/audit/reporter/automate_spec.rb
index 45ae45714e..4c6e379392 100644
--- a/spec/unit/audit/reporter/automate_spec.rb
+++ b/spec/unit/audit/reporter/automate_spec.rb
@@ -286,4 +286,74 @@ describe Chef::Audit::Reporter::Automate do
       expect(truncated_report[:profiles][0][:controls][0][:results].length).to eq(1)
     end
   end
+
+  describe "#strip_profiles_meta" do
+    it 'removes the metadata from seen profiles' do
+      expected = {
+        other_checks: [],
+        profiles: [
+          {
+            attributes: [
+              {
+                name: 'syslog_pkg',
+                options: {
+                  default: 'rsyslog',
+                  description: 'syslog package...',
+                },
+              },
+            ],
+            controls: [
+              {
+                id: 'tmp-1.0',
+                results: [
+                  {
+                    code_desc: 'File /tmp should be directory',
+                    status: 'passed',
+                  },
+                ],
+              },
+              {
+                id: 'tmp-1.1',
+                results: [
+                  {
+                    code_desc: 'File /tmp should be owned by "root"',
+                    run_time: 1.228845,
+                    start_time: '2016-10-19 11:09:43 -0400',
+                    status: 'passed',
+                  },
+                  {
+                    code_desc: 'File /tmp should be owned by "root"',
+                    run_time: 1.228845,
+                    start_time: '2016-10-19 11:09:43 -0400',
+                    status: 'skipped',
+                  },
+                  {
+                    code_desc: 'File /etc/hosts is expected to be directory',
+                    message: 'expected `File /etc/hosts.directory?` to return true, got false',
+                    run_time: 1.228845,
+                    start_time: '2016-10-19 11:09:43 -0400',
+                    status: 'failed',
+                  },
+                ],
+              },
+            ],
+            sha256: '7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd',
+            title: '/tmp Compliance Profile',
+            version: '0.1.1',
+          },
+        ],
+        run_time_limit: 1.1,
+        statistics: {
+          duration: 0.032332,
+        },
+        version: '1.2.1',
+      }
+      expect(reporter.strip_profiles_meta(inspec_report, [], 1.1)).to eq(expected)
+    end
+
+    it 'does not remove the metadata from missing profiles' do
+      expected = inspec_report.merge(run_time_limit: 1.1)
+      expect(reporter.strip_profiles_meta(inspec_report, ['7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd'], 1.1)).to eq(expected)
+    end
+  end
 end