From 5891c9aee90f5103a824adb275ae72730b24c25d Mon Sep 17 00:00:00 2001
From: Clinton Wolfe <clintoncwolfe@gmail.com>
Date: Tue, 27 Aug 2019 23:40:53 -0400
Subject: [PATCH] A failing functional test to skip waivered controls

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
---
 test/functional/waivers_test.rb | 73 +++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 test/functional/waivers_test.rb

diff --git a/test/functional/waivers_test.rb b/test/functional/waivers_test.rb
new file mode 100644
index 000000000..b6327afa2
--- /dev/null
+++ b/test/functional/waivers_test.rb
@@ -0,0 +1,73 @@
+require "functional/helper"
+
+describe "waivers" do
+  include FunctionalHelper
+  let(:waivers_profiles_path) { "#{profile_path}/waivers" }
+
+  def assert_test_outcome(expected, result_json)
+    assert_equal expected, result_json["status"]
+  end
+
+  def assert_waiver_annotation(result_json)
+    # TODO - test JSON for waiver annotation
+  end
+
+  def refute_waiver_annotation(result_json)
+    # TODO - test JSON for waiver annotation
+    # Don't suppose we get this for free by defining assert_waiver_annotation ...
+  end
+
+  describe "a fully pre-slugged control file" do
+    it "has all of the expected outcomes" do
+      cmd = "exec #{waivers_profiles_path}/basic --input-file #{waivers_profiles_path}/basic/files/waivers.yaml"
+      run_result = run_inspec_process(cmd,json: true)
+      controls_by_id = run_result.payload.json["profiles"][0]["controls"].map {|c| [c["id"], c] }.to_h
+
+      [
+        "01_not_waivered_passes",
+        "03_waivered_no_expiry_not_skipped_passes", # this had a waiver but still passed - no annotation?
+        "06_waivered_expiry_in_past_not_skipped_passes", # a stale waiver
+        "08_waivered_expiry_in_past_skipped", # another stale waiver
+        "09_waivered_expiry_in_future_not_skipped_passes", # unneeded waiver
+      ].each do |control_id|
+        result = controls_by_id[control_id]["results"][0]
+        assert_test_outcome "passed", result
+        refute_waiver_annotation result
+      end
+
+      [
+        "02_not_waivered_fails",
+        "07_waivered_expiry_in_past_not_skipped_fails", # Should this give a special waiver expired message?
+      ].each do |control_id|
+        result = controls_by_id[control_id]["results"][0]
+        assert_test_outcome "failed", result
+        refute_waiver_annotation result
+      end
+
+      # Each of these should have been forced to skip by the waiver system
+      [
+        "05_waivered_no_expiry_skipped",
+        "11_waivered_expiry_in_future_skipped"
+      ].each do |control_id|
+        result = controls_by_id[control_id]["results"][0]
+        assert_test_outcome "skipped", result
+        assert_waiver_annotation result
+      end
+
+      # Each of these should have had a failure, but had a waiver annotation
+      # added to the output.
+      [
+        "04_waivered_no_expiry_not_skipped_fails",
+        "10_waivered_expiry_in_future_not_skipped_fails"
+      ].each do |control_id|
+        result = controls_by_id[control_id]["results"][0]
+        assert_test_outcome "failed", result
+        assert_waiver_annotation result
+      end
+
+    end
+  end
+
+  # describe "an inherited profile"
+  # describe "a profile whose control ids require transformation"
+end