diff options
-rw-r--r-- | lib/chef/audit/runner.rb | 38 | ||||
-rw-r--r-- | spec/unit/audit/runner_spec.rb | 31 |
2 files changed, 33 insertions, 36 deletions
diff --git a/lib/chef/audit/runner.rb b/lib/chef/audit/runner.rb index 9dbf6b2a70..d5e1b16a7c 100644 --- a/lib/chef/audit/runner.rb +++ b/lib/chef/audit/runner.rb @@ -13,22 +13,31 @@ class Chef class Runner < EventDispatch::Base extend Forwardable - attr_reader :run_status - def_delegators :run_status, :node, :run_context, :run_id + attr_accessor :node, :run_id, :recipes def_delegators :node, :logger def enabled? - cookbook_collection = run_context.cookbook_collection + audit_cookbook_present = recipes.include?("audit::default") logger.info("#{self.class}##{__method__}: inspec profiles? #{inspec_profiles.any?}") - logger.info("#{self.class}##{__method__}: audit cookbook? #{cookbook_collection.key?("audit")}") + logger.info("#{self.class}##{__method__}: audit cookbook? #{audit_cookbook_present}") - inspec_profiles.any? && !cookbook_collection.key?("audit") + inspec_profiles.any? && !audit_cookbook_present end - def run_completed(_node, run_status) - @run_status = run_status + def node_load_success(node) + self.node = node + end + + def run_started(run_status) + self.run_id = run_status.run_id + end + def run_list_expanded(run_list_expansion) + self.recipes = run_list_expansion.recipes + end + + def run_completed(_node, _run_status) return unless enabled? logger.info("#{self.class}##{__method__}: enabling audit mode") @@ -36,16 +45,13 @@ class Chef report end -# TODO: handle error reports -=begin - # Called at the end of a failed Chef run. - def run_failed(exception, run_status); end + def run_failed(_exception, _run_status) + return unless enabled? - # Called after Chef client has loaded the node data. - # Default and override attrs from roles have been computed, but not yet applied. - # Normal attrs from JSON have been added to the node. - def node_load_completed(node, expanded_run_list, config); end -=end + logger.info("#{self.class}##{__method__}: enabling audit mode") + + report + end ### Below code adapted from audit cookbook's files/default/handler/audit_report.rb diff --git a/spec/unit/audit/runner_spec.rb b/spec/unit/audit/runner_spec.rb index ee2da2a812..fdefc33d5e 100644 --- a/spec/unit/audit/runner_spec.rb +++ b/spec/unit/audit/runner_spec.rb @@ -1,57 +1,48 @@ require "spec_helper" describe Chef::Audit::Runner do - let(:test_class) do - Class.new(Chef::Audit::Runner) do - def initialize(run_status = nil) - @run_status = run_status - end - end - end - - let(:cookbook_collection) { Chef::CookbookCollection.new } - let(:event_dispatcher) { Chef::EventDispatch::Dispatcher.new } let(:logger) { double(:logger).as_null_object } let(:node) { Chef::Node.new(logger: logger) } - let(:run_context) { Chef::RunContext.new(node, cookbook_collection, event_dispatcher) } - let(:run_status) do - Chef::RunStatus.new(node, event_dispatcher).tap do |rs| - rs.run_context = run_context + + let(:runner) do + described_class.new.tap do |r| + r.node = node + r.run_id = "my_run_id" + r.recipes = [] end end - let(:runner) { test_class.new(run_status) } - describe "#enabled?" do it "is true if the node attributes have audit profiles and the audit cookbook is not present" do node.default["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" } + runner.recipes = %w{ fancy_cookbook::fanciness tacobell::nachos } expect(runner).to be_enabled end it "is false if the node attributes have audit profiles and the audit cookbook is present" do node.default["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" } - - cookbook_collection["audit"] = double(:audit_cookbook, version: "1.2.3") + runner.recipes = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos } expect(runner).not_to be_enabled end it "is false if the node attributes do not have audit profiles and the audit cookbook is not present" do node.default["audit"]["profiles"] = {} + runner.recipes = %w{ fancy_cookbook::fanciness tacobell::nachos } expect(runner).not_to be_enabled end it "is false if the node attributes do not have audit profiles and the audit cookbook is present" do node.default["audit"]["profiles"] = {} - - cookbook_collection["audit"] = double(:audit_cookbook, version: "1.2.3") + runner.recipes = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos } expect(runner).not_to be_enabled end it "is false if the node attributes do not have audit attributes and the audit cookbook is not present" do + runner.recipes = %w{ fancy_cookbook::fanciness tacobell::nachos } expect(runner).not_to be_enabled end end |