diff options
author | Claire McQuin <claire@getchef.com> | 2014-12-11 13:58:39 -0800 |
---|---|---|
committer | tyler-ball <tyleraball@gmail.com> | 2014-12-17 18:52:25 -0800 |
commit | 2dac0859f0fa1f6260fb06d937bcd36086ea166a (patch) | |
tree | 2c3b0e9ee9be78ebc77f0c0a730f783acf6481d2 /lib | |
parent | b1842523a032e96fd049d871562dc31c62e4d810 (diff) | |
download | chef-2dac0859f0fa1f6260fb06d937bcd36086ea166a.tar.gz |
Disable audit-mode by default.
* Modify command line option --audit-mode to accept parameters enabled, disabled, or audit-only.
* Emit a warning if audit-mode is enabled or audit-only.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/chef/application/client.rb | 50 | ||||
-rw-r--r-- | lib/chef/config.rb | 7 |
2 files changed, 45 insertions, 12 deletions
diff --git a/lib/chef/application/client.rb b/lib/chef/application/client.rb index b10f818cf4..72b4848669 100644 --- a/lib/chef/application/client.rb +++ b/lib/chef/application/client.rb @@ -239,17 +239,10 @@ class Chef::Application::Client < Chef::Application end option :audit_mode, - :long => "--[no-]audit-mode", - :description => "If not specified, run converge and audit phase. If true, run only audit phase. If false, run only converge phase.", - :boolean => true, - :proc => lambda { |set| - # Convert boolean to config options of :audit_only or :disabled - if set - :audit_only - else - :disabled - end - } + :long => "--audit-mode SETTING", + :description => "Enable audit-mode with `enabled`. Disabled audit-mode with `disabled`. Skip converge and only audit with `audit-only`", + :proc => lambda { |mode| mode.gsub("-", "_").to_sym }, + :default => :disabled IMMEDIATE_RUN_SIGNAL = "1".freeze @@ -288,6 +281,19 @@ class Chef::Application::Client < Chef::Application config_fetcher = Chef::ConfigFetcher.new(Chef::Config[:json_attribs]) @chef_client_json = config_fetcher.fetch_json end + + if mode = Chef::Config[:audit_mode] + expected_modes = [:enabled, :disabled, :audit_only] + unless expected_modes.include?(mode) + Chef::Application.fatal!(unrecognized_audit_mode(mode)) + end + + unless mode == :disabled + # This should be removed when audit-mode is enabled by default/no longer + # an experimental feature. + Chef::Log.warn(audit_mode_experimental_message) + end + end end def load_config_file @@ -408,4 +414,26 @@ class Chef::Application::Client < Chef::Application "#{"\n interval = #{Chef::Config[:interval]} seconds" if Chef::Config[:interval]}" + "\nEnable chef-client interval runs by setting `:client_fork = true` in your config file or adding `--fork` to your command line options." end + + def audit_mode_settings_explaination + "\n* To enable audit mode after converge, use command line option `--audit-mode enabled` or set `:audit_mode = :enabled` in your config file." + + "\n* To disable audit mode, use command line option `--audit-mode disabled` or set `:audit_mode = :disabled` in your config file." + + "\n* To only run audit mode, use command line option `--audit-mode audit-only` or set `:audit_mode = :audit_only` in your config file." + + "\nAudit mode is disabled by default." + end + + def unrecognized_audit_mode(mode) + "Unrecognized setting #{mode} for audit mode." + audit_mode_settings_explaination + end + + def audit_mode_experimental_message + msg = if Chef::Config[:audit_mode] == :audit_only + "Chef-client has been configured to skip converge and run only audits." + else + "Chef-client has been configure to run audits after it converges." + end + msg += " Audit mode is an experimental feature currently under development. API changes may occur. Use at your own risk." + msg += audit_mode_settings_explaination + return msg + end end diff --git a/lib/chef/config.rb b/lib/chef/config.rb index 19fa272100..9bf9e9d48e 100644 --- a/lib/chef/config.rb +++ b/lib/chef/config.rb @@ -321,7 +321,12 @@ class Chef default :enable_reporting_url_fatals, false # Possible values for :audit_mode # :enabled, :disabled, :audit_only, - default :audit_mode, :enabled + # + # TODO: 11 Dec 2014: Currently audit-mode is an experimental feature + # and is disabled by default. When users choose to enable audit-mode, + # a warning is issued in application/client#reconfigure. + # This can be removed when audit-mode is enabled by default. + default :audit_mode, :disabled # Policyfile is an experimental feature where a node gets its run list and # cookbook version set from a single document on the server instead of |