Merge pull request #10735 from chef/add-chef-node-attribute-to-compliance-phase

Add audit cookbook's chef_node_attribute_enabled to Compliance Phase.

2 files changed, 12 insertions, 3 deletions

diff --git a/lib/chef/compliance/default_attributes.rb b/lib/chef/compliance/default_attributes.rb
index eb50c3a5e9..9b368d4f64 100644
--- a/lib/chef/compliance/default_attributes.rb
+++ b/lib/chef/compliance/default_attributes.rb
@@ -83,7 +83,11 @@ class Chef
 
       # The array of results per control will be truncated at this limit to avoid large reports that cannot be
       # processed by Chef Automate. A summary of removed results will be sent with each impacted control.
-      "control_results_limit" => 50
+      "control_results_limit" => 50,
+
+      # If enabled, a hash representation of the Chef Infra node object will be sent to Chef InSpec in an input
+      # named `chef_node`.
+      "chef_node_attribute_enabled" => false
     )
   end
 end
diff --git a/lib/chef/compliance/runner.rb b/lib/chef/compliance/runner.rb
index 8948d9c895..86344367c2 100644
--- a/lib/chef/compliance/runner.rb
+++ b/lib/chef/compliance/runner.rb
@@ -61,7 +61,6 @@ class Chef
 
       DEPRECATED_CONFIG_VALUES = %w{
         attributes_save
-        chef_node_attribute_enabled
         fail_if_not_present
         inspec_gem_source
         inspec_version
@@ -93,9 +92,15 @@ class Chef
       end
 
       def inspec_opts
+        inputs = node["audit"]["attributes"].to_h
+        if node["audit"]["chef_node_attribute_enabled"]
+          inputs["chef_node"] = node.to_h
+          inputs["chef_node"]["chef_environment"] = node.chef_environment
+        end
+
         {
           backend_cache: node["audit"]["inspec_backend_cache"],
-          inputs: node["audit"]["attributes"],
+          inputs: inputs,
           logger: logger,
           output: node["audit"]["quiet"] ? ::File::NULL : STDOUT,
           report: true,