fixing resources reporting as updated #142

jeremymv2 · 2016-11-02T22:56:37Z

Description

This PR removes the dependency on chef_chandler because that cookbook's LWRP reports updated resources for each handler enabled. It also removes the inspec custom resource and simply makes it a chef_gem resource with compile_time true. This makes the assumption that inspec gem version is ALWAYS specified via attribute to a specific SEMVER version (node['audit']['inspec_version']) - "latest" is no longer allowed.

Issues Resolved

This addresses #138

Check List

All tests pass. See https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/TESTING.MD
New functionality includes testing.
New functionality has been documented in the README if applicable
All commits have been signed for the Developer Certificate of Origin. See https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD

Signed-off-by: Jeremy J. Miller [email protected]

…rces Signed-off-by: Jeremy J. Miller <[email protected]>

jeremymv2 · 2016-11-02T22:58:37Z

The result of testing collector = chef-server

Notice 0/x resources updated.

root@node:/tmp/vagrant-chef# chef-client -c client.rb
[2016-11-02T22:46:54+00:00] INFO: Forking chef instance to converge...
Starting Chef Client, version 12.15.19
[2016-11-02T22:46:54+00:00] INFO: *** Chef 12.15.19 ***
[2016-11-02T22:46:54+00:00] INFO: Platform: x86_64-linux
[2016-11-02T22:46:54+00:00] INFO: Chef-client pid: 2889
[2016-11-02T22:46:56+00:00] INFO: Run List is [recipe[audit_wrapper::default]]
[2016-11-02T22:46:56+00:00] INFO: Run List expands to [audit_wrapper::default]
[2016-11-02T22:46:56+00:00] INFO: Starting Chef Run for node
[2016-11-02T22:46:56+00:00] INFO: Running start handlers
[2016-11-02T22:46:56+00:00] INFO: Start handlers complete.
[2016-11-02T22:46:56+00:00] INFO: HTTP Request Returned 404 Not Found:
resolving cookbooks for run list: ["audit_wrapper::default"]
[2016-11-02T22:46:56+00:00] INFO: Loading cookbooks [[email protected], [email protected], [email protected]]
Synchronizing Cookbooks:
  - audit_wrapper (0.1.0)
  - audit (2.0.0)
  - compat_resource (12.16.1)
Installing Cookbook Gems:
Compiling Cookbooks...
Recipe: audit::default
  * chef_gem[inspec] action install (up to date)
[2016-11-02T22:46:56+00:00] INFO: loading handler from /var/chef/cache/cookbooks/audit/files/default/handler/audit_report
  Converging 1 resources
  * chef_gem[inspec] action install (up to date)
[2016-11-02T22:46:56+00:00] INFO: Chef Run complete in 0.283401384 seconds

Running handlers:
[2016-11-02T22:46:56+00:00] INFO: Running report handlers
[2016-11-02T22:46:56+00:00] WARN: Format is json-min
[2016-11-02T22:46:56+00:00] INFO: Initialize InSpec
[2016-11-02T22:46:56+00:00] INFO: Running tests from: [{:name=>"linux", :compliance=>"base/linux"}]
[2016-11-02T22:46:57+00:00] INFO: Reporting to chef-server
[2016-11-02T22:46:57+00:00] INFO: Control Profile: ["linux"]
[2016-11-02T22:46:57+00:00] INFO: Control Profil: linux
[2016-11-02T22:46:57+00:00] INFO: Compliance Profils: [{:owner=>"base", :profile_id=>"linux"}]
[2016-11-02T22:46:57+00:00] INFO: Report to Chef Server: https://chef-server.test/compliance/organizations/brewinc/inspec
  - Chef::Handler::AuditReport
Running handlers complete
[2016-11-02T22:46:57+00:00] INFO: Report handlers complete
Chef Client finished, 0/2 resources updated in 02 seconds
root@node:/tmp/vagrant-chef#

chris-rock

Great improvement @jeremymv2

chris-rock · 2016-11-02T23:11:41Z

libraries/helper.rb

+  end
+
+  def load_audit_handler
+    libpath = ::File.join(cookbook_handler_path, 'audit_report')


Very nice approach!

chris-rock · 2016-11-02T23:12:23Z

recipes/default.rb

-
-# install inspec
-inspec 'inspec' do
+chef_gem 'inspec' do
  version node['audit']['inspec_version']


Any reason why we are not using version new_resource.version if new_resource.version != 'latest'?

chris-rock · 2016-11-02T23:14:31Z

metadata.rb

@@ -13,4 +13,3 @@
 chef_version '>= 12.5.1' if respond_to?(:chef_version)

 depends 'compat_resource'


@lamont-granquist Is there any real reason why we need compat_resource

Signed-off-by: Jeremy J. Miller <[email protected]>

jeremymv2 · 2016-11-02T23:27:14Z

This now supports node['audit']['inspec_version'] = 'latest'

Signed-off-by: Jeremy J. Miller <[email protected]>

chris-rock · 2016-11-02T23:42:54Z

resources/inspec.rb

-def verify_inspec_version(inspec_version)
-  require 'inspec'
-  # check that we have the right inspec version
-  if Inspec::VERSION != inspec_version && inspec_version !='latest'


@jeremymv2 Do you think we should keep that warning. May be very helpful for debugging?

Good idea @chris-rock
I've moved it under load_inspec_libs function which seemed appropriate :)

Signed-off-by: Jeremy J. Miller <[email protected]>

chris-rock · 2016-11-03T10:27:44Z

libraries/compliance.rb

@@ -3,6 +3,12 @@
 # load all the inspec and compliance bundle requirements
 def load_inspec_libs
  require 'inspec'
+  if Inspec::VERSION != node['audit']['inspec_version'] && node['audit']['inspec_version'] !='latest'


That is a very nice idea

chris-rock · 2016-11-03T10:28:03Z

Awesome work @jeremymv2

fixing so report handler and inspec are not reported as updated resou…

b6b50fa

…rces Signed-off-by: Jeremy J. Miller <[email protected]>

binamov added the in progress label Nov 2, 2016

chris-rock reviewed Nov 2, 2016

View reviewed changes

re-add support for 'latest' inspec gem version

d6f70ab

Signed-off-by: Jeremy J. Miller <[email protected]>

typo fix

1fbce51

Signed-off-by: Jeremy J. Miller <[email protected]>

chris-rock reviewed Nov 2, 2016

View reviewed changes

jeremymv2 added 3 commits November 2, 2016 20:11

verifying correct inspec lib is loaded

2181e62

Signed-off-by: Jeremy J. Miller <[email protected]>

changing inspec resource for upload recipe

0ba76b7

Signed-off-by: Jeremy J. Miller <[email protected]>

fixing unit test for report

6906dd4

Signed-off-by: Jeremy J. Miller <[email protected]>

chris-rock reviewed Nov 3, 2016

View reviewed changes

chris-rock merged commit 1ea498b into chef-boneyard:master Nov 3, 2016

binamov removed the in progress label Nov 3, 2016

chris-rock mentioned this pull request Nov 3, 2016

version 2.0.0 reporting resources updated #138

Closed

jeremymv2 deleted the fixing_updated_resources branch November 3, 2016 13:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fixing resources reporting as updated #142

fixing resources reporting as updated #142

jeremymv2 commented Nov 2, 2016

jeremymv2 commented Nov 2, 2016

chris-rock left a comment

chris-rock Nov 2, 2016

chris-rock Nov 2, 2016

chris-rock Nov 2, 2016

jeremymv2 commented Nov 2, 2016

chris-rock Nov 2, 2016

jeremymv2 Nov 3, 2016

chris-rock Nov 3, 2016

chris-rock commented Nov 3, 2016

		@@ -13,4 +13,3 @@
		chef_version '>= 12.5.1' if respond_to?(:chef_version)

		depends 'compat_resource'

fixing resources reporting as updated #142

fixing resources reporting as updated #142

Conversation

jeremymv2 commented Nov 2, 2016

Description

Issues Resolved

Check List

jeremymv2 commented Nov 2, 2016

chris-rock left a comment

Choose a reason for hiding this comment

chris-rock Nov 2, 2016

Choose a reason for hiding this comment

chris-rock Nov 2, 2016

Choose a reason for hiding this comment

chris-rock Nov 2, 2016

Choose a reason for hiding this comment

jeremymv2 commented Nov 2, 2016

chris-rock Nov 2, 2016

Choose a reason for hiding this comment

jeremymv2 Nov 3, 2016

Choose a reason for hiding this comment

chris-rock Nov 3, 2016

Choose a reason for hiding this comment

chris-rock commented Nov 3, 2016