diff options
| -rw-r--r-- | lib/chef/compliance/reporter/json_file.rb | 2 | ||||
| -rw-r--r-- | lib/chef/compliance/runner.rb | 21 |
2 files changed, 14 insertions, 9 deletions
diff --git a/lib/chef/compliance/reporter/json_file.rb b/lib/chef/compliance/reporter/json_file.rb index 4d074242ca..ecd2e77b55 100644 --- a/lib/chef/compliance/reporter/json_file.rb +++ b/lib/chef/compliance/reporter/json_file.rb @@ -16,7 +16,7 @@ class Chef def validate_config! if @path.nil? || @path.class != String || @path.empty? - raise "CMPL007: json_file reporter: node['audit']['json_file']['location'] must contain a file path" + raise "CMPL009: json_file reporter: node['audit']['json_file']['location'] must contain a file path" end end end diff --git a/lib/chef/compliance/runner.rb b/lib/chef/compliance/runner.rb index 16cdf780ed..68b40ce35b 100644 --- a/lib/chef/compliance/runner.rb +++ b/lib/chef/compliance/runner.rb @@ -63,7 +63,10 @@ class Chef end def run_failed(_exception, _run_status) - return unless enabled? + # If the run has failed because our own validation of compliance + # phase configuration has failed, we don't want to submit a report + # because we're still not configured correctly. + return unless enabled? && @validation_passed logger.info("#{self.class}##{__method__}: enabling Compliance Phase") @@ -219,7 +222,7 @@ class Chef end def reporter(reporter_type) - case reporter_type.downcase + case reporter_type when "chef-automate" require_relative "reporter/automate" opts = { @@ -245,7 +248,7 @@ class Chef Chef::Compliance::Reporter::ChefServerAutomate.new(opts) when "json-file" require_relative "reporter/json_file" - path = node["audit"]["json_file"]["location"] + path = node.dig("audit", "json_file", "location") logger.info "Writing compliance report to #{path}" Chef::Compliance::Reporter::JsonFile.new(file: path) when "audit-enforcer" @@ -279,10 +282,11 @@ class Chef return unless enabled? @reporters = {} - Array(node["audit"]["reporter"]).each do |reporter_type| - type = reporter_type.downcase + # Note that the docs don't say you can use an array, but our implementation + # supports it. + Array(node["audit"]["reporter"]).each do |type| unless SUPPORTED_REPORTERS.include? type - raise "CMPL003: '#{reporter_type}' found in node['audit']['reporter'] is not a supported reporter for Compliance Phase. Supported reporters are: #{SUPPORTED_REPORTERS.join(",")}. For more information, see the documentation at https://docs.chef.io/chef_compliance_phase/chef_compliance_runners/#reporters" + raise "CMPL003: '#{type}' found in node['audit']['reporter'] is not a supported reporter for Compliance Phase. Supported reporters are: #{SUPPORTED_REPORTERS.join(", ")}. For more information, see the documentation at https://docs.chef.io/chef_compliance_phase/chef_compliance_runners/#reporters" end @reporters[type] = reporter(type) @@ -290,10 +294,11 @@ class Chef end unless (fetcher = node["audit"]["fetcher"]).nil? - unless SUPPORTED_FETCHERS.include? fetcher.downcase - raise "CMPL002: Unrecognized Compliance Phase fetcher (node['audit']['fetcher'] is #{fetcher}. Supported fetchers are: or #{SUPPORTED_FETCHERS.join(",")}, or nil. For more information, see the documentation at https://docs.chef.io/chef_compliance_phase/chef_compliance_runners/#fetchers" + unless SUPPORTED_FETCHERS.include? fetcher + raise "CMPL002: Unrecognized Compliance Phase fetcher (node['audit']['fetcher'] = #{fetcher}). Supported fetchers are: #{SUPPORTED_FETCHERS.join(", ")}, or nil. For more information, see the documentation at https://docs.chef.io/chef_compliance_phase/chef_compliance_runners/#fetchers" end end + @validation_passed = true end end end |