diff options
author | Tim Smith <tsmith@chef.io> | 2021-02-25 15:54:26 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-02-25 15:54:26 -0800 |
commit | a758402b8b622befc76518992d89b7eac3d274c0 (patch) | |
tree | 774ca6bdd88cc3700c4188605871bedc6d9b322c | |
parent | f087b21055577aa3fa388cc1b1a3333b886c4ff1 (diff) | |
parent | e1df5f7c1c30b8167f72d8e135da5040846472e8 (diff) | |
download | chef-a758402b8b622befc76518992d89b7eac3d274c0.tar.gz |
Merge pull request #11111 from chef/lcg/add-compliance-node-attr
Signed-off-by: Tim Smith <tsmith@chef.io>
-rw-r--r-- | lib/chef/compliance/default_attributes.rb | 7 | ||||
-rw-r--r-- | lib/chef/compliance/runner.rb | 2 | ||||
-rw-r--r-- | spec/unit/compliance/runner_spec.rb | 7 |
3 files changed, 13 insertions, 3 deletions
diff --git a/lib/chef/compliance/default_attributes.rb b/lib/chef/compliance/default_attributes.rb index ee57be7b89..16c5c078e7 100644 --- a/lib/chef/compliance/default_attributes.rb +++ b/lib/chef/compliance/default_attributes.rb @@ -1,5 +1,5 @@ # Author:: Stephan Renatus <srenatus@chef.io> -# Copyright:: (c) 2016-2019, Chef Software Inc. <legal@chef.io> +# Copyright:: Copyright (c) Chef Software Inc. <legal@chef.io> # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -87,7 +87,10 @@ class Chef # If enabled, a hash representation of the Chef Infra node object will be sent to Chef InSpec in an input # named `chef_node`. - "chef_node_attribute_enabled" => false + "chef_node_attribute_enabled" => false, + + # Should the built-in compliance phase run. + "compliance_phase" => true ) end end diff --git a/lib/chef/compliance/runner.rb b/lib/chef/compliance/runner.rb index 4d8ffc9e5c..8ffa4b65d7 100644 --- a/lib/chef/compliance/runner.rb +++ b/lib/chef/compliance/runner.rb @@ -24,7 +24,7 @@ class Chef logger.debug("#{self.class}##{__method__}: #{Inspec::Dist::PRODUCT_NAME} profiles? #{inspec_profiles.any?}") logger.debug("#{self.class}##{__method__}: audit cookbook? #{audit_cookbook_present}") - inspec_profiles.any? && !audit_cookbook_present + inspec_profiles.any? && !audit_cookbook_present && node["audit"]["compliance_phase"] end def node=(node) diff --git a/spec/unit/compliance/runner_spec.rb b/spec/unit/compliance/runner_spec.rb index d982174e67..d46d756b0e 100644 --- a/spec/unit/compliance/runner_spec.rb +++ b/spec/unit/compliance/runner_spec.rb @@ -19,6 +19,13 @@ describe Chef::Compliance::Runner do expect(runner).to be_enabled end + it "is false if the node attributes have audit profiles and the audit cookbook is not present, and the compliance mode attribute is unset" do + node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" } + node.normal["audit"]["compliance_mode"] = false + + expect(runner).to be_enabled + end + it "is false if the node attributes have audit profiles and the audit cookbook is present" do stub_const("::Reporter::ChefAutomate", true) node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" } |