diff options
author | Pete Higgins <pete@peterhiggins.org> | 2020-11-19 16:50:11 -0800 |
---|---|---|
committer | Pete Higgins <pete@peterhiggins.org> | 2020-12-01 16:12:04 -0800 |
commit | 8aa319e5c781ba1ab25a9fa53e9fd1600af0cd12 (patch) | |
tree | f5812ad0735e5beef77be376e577e2ac1d935347 | |
parent | 6acaedb9e294fd52d7a9e55b6b3e9a3aa451aa01 (diff) | |
download | chef-8aa319e5c781ba1ab25a9fa53e9fd1600af0cd12.tar.gz |
Copy-paste code for missing method and tests from automate-cookbook.
Signed-off-by: Pete Higgins <pete@peterhiggins.org>
-rw-r--r-- | lib/chef/audit/reporter/automate.rb | 39 | ||||
-rw-r--r-- | spec/unit/audit/reporter/automate_spec.rb | 70 |
2 files changed, 109 insertions, 0 deletions
diff --git a/lib/chef/audit/reporter/automate.rb b/lib/chef/audit/reporter/automate.rb index 1656417f29..e90325f8b7 100644 --- a/lib/chef/audit/reporter/automate.rb +++ b/lib/chef/audit/reporter/automate.rb @@ -166,6 +166,45 @@ class Chef # If we get an error it's safer to assume none of the profile shas exist in Automate report_shas end + + # TODO: cleanup + def strip_profiles_meta(report, missing_report_shas, run_time_limit) + return report unless report.is_a?(Hash) && report[:profiles].is_a?(Array) + report[:profiles].each do |p| + next if missing_report_shas.include?(p[:sha256]) + # Profile 'name' is a required property. By not sending it in the report, we make it clear to the ingestion backend that the profile metadata has been stripped from this profile in the report. + # Profile 'title' and 'version' are still kept for troubleshooting purposes in the backend. + p.delete(:name) + p.delete(:groups) + p.delete(:copyright_email) + p.delete(:copyright) + p.delete(:summary) + p.delete(:supports) + p.delete(:license) + p.delete(:maintainer) + next unless p[:controls].is_a?(Array) + p[:controls].each do |c| + c.delete(:code) + c.delete(:desc) + c.delete(:descriptions) + c.delete(:impact) + c.delete(:refs) + c.delete(:tags) + c.delete(:title) + c.delete(:source_location) + c.delete(:waiver_data) if c[:waiver_data] == {} + next unless c[:results].is_a?(Array) + c[:results].each do |r| + if r[:run_time].is_a?(Float) && r[:run_time] < run_time_limit + r.delete(:start_time) + r.delete(:run_time) + end + end + end + end + report[:run_time_limit] = run_time_limit + report + end end end end diff --git a/spec/unit/audit/reporter/automate_spec.rb b/spec/unit/audit/reporter/automate_spec.rb index 45ae45714e..4c6e379392 100644 --- a/spec/unit/audit/reporter/automate_spec.rb +++ b/spec/unit/audit/reporter/automate_spec.rb @@ -286,4 +286,74 @@ describe Chef::Audit::Reporter::Automate do expect(truncated_report[:profiles][0][:controls][0][:results].length).to eq(1) end end + + describe "#strip_profiles_meta" do + it 'removes the metadata from seen profiles' do + expected = { + other_checks: [], + profiles: [ + { + attributes: [ + { + name: 'syslog_pkg', + options: { + default: 'rsyslog', + description: 'syslog package...', + }, + }, + ], + controls: [ + { + id: 'tmp-1.0', + results: [ + { + code_desc: 'File /tmp should be directory', + status: 'passed', + }, + ], + }, + { + id: 'tmp-1.1', + results: [ + { + code_desc: 'File /tmp should be owned by "root"', + run_time: 1.228845, + start_time: '2016-10-19 11:09:43 -0400', + status: 'passed', + }, + { + code_desc: 'File /tmp should be owned by "root"', + run_time: 1.228845, + start_time: '2016-10-19 11:09:43 -0400', + status: 'skipped', + }, + { + code_desc: 'File /etc/hosts is expected to be directory', + message: 'expected `File /etc/hosts.directory?` to return true, got false', + run_time: 1.228845, + start_time: '2016-10-19 11:09:43 -0400', + status: 'failed', + }, + ], + }, + ], + sha256: '7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd', + title: '/tmp Compliance Profile', + version: '0.1.1', + }, + ], + run_time_limit: 1.1, + statistics: { + duration: 0.032332, + }, + version: '1.2.1', + } + expect(reporter.strip_profiles_meta(inspec_report, [], 1.1)).to eq(expected) + end + + it 'does not remove the metadata from missing profiles' do + expected = inspec_report.merge(run_time_limit: 1.1) + expect(reporter.strip_profiles_meta(inspec_report, ['7bd598e369970002fc6f2d16d5b988027d58b044ac3fa30ae5fc1b8492e215cd'], 1.1)).to eq(expected) + end + end end |