Compliance Phase preflight validation updatesmp/compliance-preflight-2

Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
author: Marc A. Paradise <marc.paradise@gmail.com> 2021-04-20 15:06:19 -0400
committer: Marc A. Paradise <marc.paradise@gmail.com> 2021-04-21 11:13:16 -0400
commit: 3c1a28fce4fb4856dddbf9ebb962b8ce757a242f (patch)
tree: 4f381a80badcaf9d408b47cb275b1c7872518d53 /lib/chef
parent: 0a82c9bae78392a38862a27b1de8f54d0ed3e044 (diff)
download: chef-mp/compliance-preflight-2.tar.gz
2 files changed, 14 insertions, 9 deletions
diff --git a/lib/chef/compliance/reporter/json_file.rb b/lib/chef/compliance/reporter/json_file.rb
index 4d074242ca..ecd2e77b55 100644
--- a/lib/chef/compliance/reporter/json_file.rb
+++ b/lib/chef/compliance/reporter/json_file.rb
@@ -16,7 +16,7 @@ class Chef
 
         def validate_config!
           if @path.nil? || @path.class != String || @path.empty?
-            raise "CMPL007: json_file reporter: node['audit']['json_file']['location'] must contain a file path"
+            raise "CMPL009: json_file reporter: node['audit']['json_file']['location'] must contain a file path"
           end
         end
       end
diff --git a/lib/chef/compliance/runner.rb b/lib/chef/compliance/runner.rb
index 16cdf780ed..68b40ce35b 100644
--- a/lib/chef/compliance/runner.rb
+++ b/lib/chef/compliance/runner.rb
@@ -63,7 +63,10 @@ class Chef
       end
 
       def run_failed(_exception, _run_status)
-        return unless enabled?
+        # If the run has failed because our own validation of compliance
+        # phase configuration has failed, we don't want to submit a report
+        # because we're still not configured correctly.
+        return unless enabled? && @validation_passed
 
         logger.info("#{self.class}##{__method__}: enabling Compliance Phase")
 
@@ -219,7 +222,7 @@ class Chef
       end
 
       def reporter(reporter_type)
-        case reporter_type.downcase
+        case reporter_type
         when "chef-automate"
           require_relative "reporter/automate"
           opts = {
@@ -245,7 +248,7 @@ class Chef
           Chef::Compliance::Reporter::ChefServerAutomate.new(opts)
         when "json-file"
           require_relative "reporter/json_file"
-          path = node["audit"]["json_file"]["location"]
+          path = node.dig("audit", "json_file", "location")
           logger.info "Writing compliance report to #{path}"
           Chef::Compliance::Reporter::JsonFile.new(file: path)
         when "audit-enforcer"
@@ -279,10 +282,11 @@ class Chef
         return unless enabled?
 
         @reporters = {}
-        Array(node["audit"]["reporter"]).each do |reporter_type|
-          type = reporter_type.downcase
+        # Note that the docs don't say you can use an array, but our implementation
+        # supports it.
+        Array(node["audit"]["reporter"]).each do |type|
           unless SUPPORTED_REPORTERS.include? type
-            raise "CMPL003: '#{reporter_type}' found in node['audit']['reporter'] is not a supported reporter for Compliance Phase. Supported reporters are: #{SUPPORTED_REPORTERS.join(",")}. For more information, see the documentation at https://docs.chef.io/chef_compliance_phase/chef_compliance_runners/#reporters"
+            raise "CMPL003: '#{type}' found in node['audit']['reporter'] is not a supported reporter for Compliance Phase. Supported reporters are: #{SUPPORTED_REPORTERS.join(", ")}. For more information, see the documentation at https://docs.chef.io/chef_compliance_phase/chef_compliance_runners/#reporters"
           end
 
           @reporters[type] = reporter(type)
@@ -290,10 +294,11 @@ class Chef
         end
 
         unless (fetcher = node["audit"]["fetcher"]).nil?
-          unless SUPPORTED_FETCHERS.include? fetcher.downcase
-            raise "CMPL002: Unrecognized Compliance Phase fetcher (node['audit']['fetcher'] is #{fetcher}. Supported fetchers are: or #{SUPPORTED_FETCHERS.join(",")}, or nil. For more information, see the documentation at https://docs.chef.io/chef_compliance_phase/chef_compliance_runners/#fetchers"
+          unless SUPPORTED_FETCHERS.include? fetcher
+            raise "CMPL002: Unrecognized Compliance Phase fetcher (node['audit']['fetcher'] = #{fetcher}). Supported fetchers are: #{SUPPORTED_FETCHERS.join(", ")}, or nil. For more information, see the documentation at https://docs.chef.io/chef_compliance_phase/chef_compliance_runners/#fetchers"
           end
         end
+        @validation_passed = true
       end
     end
   end
author	Marc A. Paradise <marc.paradise@gmail.com>	2021-04-20 15:06:19 -0400
committer	Marc A. Paradise <marc.paradise@gmail.com>	2021-04-21 11:13:16 -0400
commit	3c1a28fce4fb4856dddbf9ebb962b8ce757a242f (patch)
tree	4f381a80badcaf9d408b47cb275b1c7872518d53 /lib/chef
parent	0a82c9bae78392a38862a27b1de8f54d0ed3e044 (diff)
download	chef-mp/compliance-preflight-2.tar.gz