summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/chef/audit/runner.rb38
-rw-r--r--spec/unit/audit/runner_spec.rb31
2 files changed, 33 insertions, 36 deletions
diff --git a/lib/chef/audit/runner.rb b/lib/chef/audit/runner.rb
index 9dbf6b2a70..d5e1b16a7c 100644
--- a/lib/chef/audit/runner.rb
+++ b/lib/chef/audit/runner.rb
@@ -13,22 +13,31 @@ class Chef
class Runner < EventDispatch::Base
extend Forwardable
- attr_reader :run_status
- def_delegators :run_status, :node, :run_context, :run_id
+ attr_accessor :node, :run_id, :recipes
def_delegators :node, :logger
def enabled?
- cookbook_collection = run_context.cookbook_collection
+ audit_cookbook_present = recipes.include?("audit::default")
logger.info("#{self.class}##{__method__}: inspec profiles? #{inspec_profiles.any?}")
- logger.info("#{self.class}##{__method__}: audit cookbook? #{cookbook_collection.key?("audit")}")
+ logger.info("#{self.class}##{__method__}: audit cookbook? #{audit_cookbook_present}")
- inspec_profiles.any? && !cookbook_collection.key?("audit")
+ inspec_profiles.any? && !audit_cookbook_present
end
- def run_completed(_node, run_status)
- @run_status = run_status
+ def node_load_success(node)
+ self.node = node
+ end
+
+ def run_started(run_status)
+ self.run_id = run_status.run_id
+ end
+ def run_list_expanded(run_list_expansion)
+ self.recipes = run_list_expansion.recipes
+ end
+
+ def run_completed(_node, _run_status)
return unless enabled?
logger.info("#{self.class}##{__method__}: enabling audit mode")
@@ -36,16 +45,13 @@ class Chef
report
end
-# TODO: handle error reports
-=begin
- # Called at the end of a failed Chef run.
- def run_failed(exception, run_status); end
+ def run_failed(_exception, _run_status)
+ return unless enabled?
- # Called after Chef client has loaded the node data.
- # Default and override attrs from roles have been computed, but not yet applied.
- # Normal attrs from JSON have been added to the node.
- def node_load_completed(node, expanded_run_list, config); end
-=end
+ logger.info("#{self.class}##{__method__}: enabling audit mode")
+
+ report
+ end
### Below code adapted from audit cookbook's files/default/handler/audit_report.rb
diff --git a/spec/unit/audit/runner_spec.rb b/spec/unit/audit/runner_spec.rb
index ee2da2a812..fdefc33d5e 100644
--- a/spec/unit/audit/runner_spec.rb
+++ b/spec/unit/audit/runner_spec.rb
@@ -1,57 +1,48 @@
require "spec_helper"
describe Chef::Audit::Runner do
- let(:test_class) do
- Class.new(Chef::Audit::Runner) do
- def initialize(run_status = nil)
- @run_status = run_status
- end
- end
- end
-
- let(:cookbook_collection) { Chef::CookbookCollection.new }
- let(:event_dispatcher) { Chef::EventDispatch::Dispatcher.new }
let(:logger) { double(:logger).as_null_object }
let(:node) { Chef::Node.new(logger: logger) }
- let(:run_context) { Chef::RunContext.new(node, cookbook_collection, event_dispatcher) }
- let(:run_status) do
- Chef::RunStatus.new(node, event_dispatcher).tap do |rs|
- rs.run_context = run_context
+
+ let(:runner) do
+ described_class.new.tap do |r|
+ r.node = node
+ r.run_id = "my_run_id"
+ r.recipes = []
end
end
- let(:runner) { test_class.new(run_status) }
-
describe "#enabled?" do
it "is true if the node attributes have audit profiles and the audit cookbook is not present" do
node.default["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
+ runner.recipes = %w{ fancy_cookbook::fanciness tacobell::nachos }
expect(runner).to be_enabled
end
it "is false if the node attributes have audit profiles and the audit cookbook is present" do
node.default["audit"]["profiles"]["ssh"] = { 'compliance': "base/ssh" }
-
- cookbook_collection["audit"] = double(:audit_cookbook, version: "1.2.3")
+ runner.recipes = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos }
expect(runner).not_to be_enabled
end
it "is false if the node attributes do not have audit profiles and the audit cookbook is not present" do
node.default["audit"]["profiles"] = {}
+ runner.recipes = %w{ fancy_cookbook::fanciness tacobell::nachos }
expect(runner).not_to be_enabled
end
it "is false if the node attributes do not have audit profiles and the audit cookbook is present" do
node.default["audit"]["profiles"] = {}
-
- cookbook_collection["audit"] = double(:audit_cookbook, version: "1.2.3")
+ runner.recipes = %w{ audit::default fancy_cookbook::fanciness tacobell::nachos }
expect(runner).not_to be_enabled
end
it "is false if the node attributes do not have audit attributes and the audit cookbook is not present" do
+ runner.recipes = %w{ fancy_cookbook::fanciness tacobell::nachos }
expect(runner).not_to be_enabled
end
end