summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Smith <tsmith@chef.io>2021-02-25 15:54:26 -0800
committerGitHub <noreply@github.com>2021-02-25 15:54:26 -0800
commita758402b8b622befc76518992d89b7eac3d274c0 (patch)
tree774ca6bdd88cc3700c4188605871bedc6d9b322c
parentf087b21055577aa3fa388cc1b1a3333b886c4ff1 (diff)
parente1df5f7c1c30b8167f72d8e135da5040846472e8 (diff)
downloadchef-a758402b8b622befc76518992d89b7eac3d274c0.tar.gz
Merge pull request #11111 from chef/lcg/add-compliance-node-attr
Signed-off-by: Tim Smith <tsmith@chef.io>
-rw-r--r--lib/chef/compliance/default_attributes.rb7
-rw-r--r--lib/chef/compliance/runner.rb2
-rw-r--r--spec/unit/compliance/runner_spec.rb7
3 files changed, 13 insertions, 3 deletions
diff --git a/lib/chef/compliance/default_attributes.rb b/lib/chef/compliance/default_attributes.rb
index ee57be7b89..16c5c078e7 100644
--- a/lib/chef/compliance/default_attributes.rb
+++ b/lib/chef/compliance/default_attributes.rb
@@ -1,5 +1,5 @@
# Author:: Stephan Renatus <srenatus@chef.io>
-# Copyright:: (c) 2016-2019, Chef Software Inc. <legal@chef.io>
+# Copyright:: Copyright (c) Chef Software Inc. <legal@chef.io>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -87,7 +87,10 @@ class Chef
# If enabled, a hash representation of the Chef Infra node object will be sent to Chef InSpec in an input
# named `chef_node`.
- "chef_node_attribute_enabled" => false
+ "chef_node_attribute_enabled" => false,
+
+ # Should the built-in compliance phase run.
+ "compliance_phase" => true
)
end
end
diff --git a/lib/chef/compliance/runner.rb b/lib/chef/compliance/runner.rb
index 4d8ffc9e5c..8ffa4b65d7 100644
--- a/lib/chef/compliance/runner.rb
+++ b/lib/chef/compliance/runner.rb
@@ -24,7 +24,7 @@ class Chef
logger.debug("#{self.class}##{__method__}: #{Inspec::Dist::PRODUCT_NAME} profiles? #{inspec_profiles.any?}")
logger.debug("#{self.class}##{__method__}: audit cookbook? #{audit_cookbook_present}")
- inspec_profiles.any? && !audit_cookbook_present
+ inspec_profiles.any? && !audit_cookbook_present && node["audit"]["compliance_phase"]
end
def node=(node)
diff --git a/spec/unit/compliance/runner_spec.rb b/spec/unit/compliance/runner_spec.rb
index d982174e67..d46d756b0e 100644
--- a/spec/unit/compliance/runner_spec.rb
+++ b/spec/unit/compliance/runner_spec.rb
@@ -19,6 +19,13 @@ describe Chef::Compliance::Runner do
expect(runner).to be_enabled
end
+ it "is false if the node attributes have audit profiles and the audit cookbook is not present, and the compliance mode attribute is unset" do
+ node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
+ node.normal["audit"]["compliance_mode"] = false
+
+ expect(runner).to be_enabled
+ end
+
it "is false if the node attributes have audit profiles and the audit cookbook is present" do
stub_const("::Reporter::ChefAutomate", true)
node.normal["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }