lib/chef/audit/audit_reporter.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

#
# Auther:: Tyler Ball (<tball@getchef.com>)
#
# Copyright:: Copyright (c) 2014 Opscode, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

require 'chef/event_dispatch/base'
require 'chef/audit/control_group_data'

class Chef
  class Audit
    class AuditReporter < EventDispatch::Base

      attr_reader :rest_client, :audit_data, :ordered_control_groups
      private :rest_client, :audit_data, :ordered_control_groups

      PROTOCOL_VERSION = '0.1.0'

      def initialize(rest_client)
        if Chef::Config[:audit_mode] == false
          @audit_enabled = false
        else
          @audit_enabled = true
        end
        @rest_client = rest_client
        # Ruby 1.9.3 and above "enumerate their values in the order that the corresponding keys were inserted."
        @ordered_control_groups = Hash.new
      end

      def audit_phase_start(run_status)
        Chef::Log.debug("Audit Reporter starting")
        @audit_data = AuditData.new(run_status.node.name, run_status.run_id)
      end

      def audit_phase_complete
        Chef::Log.debug("Audit Reporter completed successfully without errors")
        ordered_control_groups.each do |name, control_group|
          audit_data.add_control_group(control_group)
        end
        post_auditing_data
      end

      # If the audit phase failed, its because there was some kind of error in the framework
      # that runs tests - normal errors are interpreted as EXAMPLE failures and captured.
      def audit_phase_failed(error)
        # The stacktrace information has already been logged elsewhere
        Chef::Log.error("Audit Reporter failed - not sending any auditing information to the server")
      end

      def control_group_started(name)
        if ordered_control_groups.has_key?(name)
          raise AuditControlGroupDuplicate.new(name)
        end
        ordered_control_groups.store(name, ControlGroupData.new(name))
      end

      def control_example_success(control_group_name, example_data)
        control_group = ordered_control_groups[control_group_name]
        control_group.example_success(example_data)
      end

      def control_example_failure(control_group_name, example_data, error)
        control_group = ordered_control_groups[control_group_name]
        control_group.example_failure(example_data, error.message)
      end

      def auditing_enabled?
        @audit_enabled
      end

      private

      def post_auditing_data
        if auditing_enabled?
          audit_history_url = "controls"
          Chef::Log.info("Sending audit report (run-id: #{audit_data.run_id})")
          run_data = audit_data.to_hash
          Chef::Log.debug run_data.inspect
          compressed_data = encode_gzip(Chef::JSONCompat.to_json(run_data))
          Chef::Log.debug("Sending compressed audit data...")
          # Since we're posting compressed data we can not directly call post_rest which expects JSON
          audit_url = rest_client.create_url(audit_history_url)
          begin
            puts Chef::JSONCompat.to_json_pretty(run_data)
            rest_client.raw_http_request(:POST, audit_url, headers({'Content-Encoding' => 'gzip'}), compressed_data)
          rescue StandardError => e
            if e.respond_to? :response
              error_file = "failed-audit-data.json"
              Chef::FileCache.store(error_file, Chef::JSONCompat.to_json_pretty(run_data), 0640)
              Chef::Log.error("Failed to post audit report to server (HTTP #{e.response.code}), saving to #{Chef::FileCache.load(error_file, false)}")
            else
              Chef::Log.error("Failed to post audit report to server (#{e})")
            end
          end
        else
          Chef::Log.debug("Server doesn't support audit report, skipping.")
        end
      end

      def headers(additional_headers = {})
        options = {'X-Ops-Audit-Report-Protocol-Version' => PROTOCOL_VERSION}
        options.merge(additional_headers)
      end

      def encode_gzip(data)
        "".tap do |out|
          Zlib::GzipWriter.wrap(StringIO.new(out)){|gz| gz << data }
        end
      end

    end
  end
end