Alter expiration_date behavior to match spec

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

lib/inspec/rule.rb

@@ -302,10 +302,10 @@ module Inspec
         if expiry.is_a?(Date)
           # It appears that yaml.rb automagically parses dates for us
           return if expiry < Date.today # If the waiver expired, return - no skip applied
-        elsif expiry.match(/never/i) # any other values?
-          # Do nothing, fall through
         else
-          raise Inspec::Exceptions::ResourceFailed, "Unable to parse waiver expiration date '#{expiry}' for control #{@__rule_id}"
+          ui = Inspec::UI.new
+          ui.error("Unable to parse waiver expiration date '#{expiry}' for control #{@__rule_id}")
+          ui.exit(:usage_error)
         end
       end
 

test/functional/waivers_test.rb

@@ -2,10 +2,10 @@ require "functional/helper"
 
 describe "waivers" do
   include FunctionalHelper
-  let(:cmd) { "exec #{waivers_profiles_path}/basic --input-file #{waivers_profiles_path}/basic/files/waivers.yaml" }
-  let(:run_result) { run_inspec_process(cmd, json: true) }
   let(:waivers_profiles_path) { "#{profile_path}/waivers" }
+  let(:run_result) { run_inspec_process(cmd, json: true) }
   let(:controls_by_id) { run_result.payload.json.dig("profiles", 0, "controls").map { |c| [c["id"], c] }.to_h }
+  let(:cmd) { "exec #{waivers_profiles_path}/#{profile_name} --input-file #{waivers_profiles_path}/#{profile_name}/files/#{waiver_file}" }
 
   def assert_test_outcome(expected, control_id)
     assert_equal expected, controls_by_id.dig(control_id, "results", 0, "status")
@@ -21,6 +21,9 @@ describe "waivers" do
   end
 
   describe "a fully pre-slugged control file" do
+    let(:profile_name) { "basic" }
+    let(:waiver_file) { "waivers.yaml" }
+
     it "has all of the expected outcomes" do
       [
         "01_not_waivered_passes",
@@ -64,4 +67,16 @@ describe "waivers" do
 
   # describe "an inherited profile"
   # describe "a profile whose control ids require transformation"
+
+  describe "a waiver file with invalid dates" do
+    let(:profile_name) { "short" }
+    let(:waiver_file) { "bad-date.yaml" }
+    it "gracefully errors" do
+      result = run_result
+      assert_includes "ERROR", result.stdout # the error level
+      assert_includes "01_small", result.stdout # the offending control ID
+      assert_includes "never", result.stdout  # The bad value
+      assert_equal 1, result.exit_status
+    end
+  end
 end

test/unit/mock/profiles/waivers/basic/files/waivers.yaml

@@ -1,15 +1,12 @@
 waiver_03_waivered_no_expiry_not_skipped_passes:
-  expiration_date: never
   justification: Sound reasoning
   skip: no
 
 waiver_04_waivered_no_expiry_not_skipped_fails:
-  expiration_date: never
   justification: Unassailable thinking
   skip: no
 
 waiver_05_waivered_no_expiry_skipped:
-  expiration_date: never
   justification: Sheer cleverness
   skip: yes
 

test/unit/mock/profiles/waivers/small/controls/small.rb

@@ -0,0 +1,5 @@
+control "01_small" do
+  describe true do
+    it { should eq true }
+  end
+end

test/unit/mock/profiles/waivers/small/files/bad-date.yaml

@@ -0,0 +1,4 @@
+waiver_01_small:
+  expiration_date: never
+  skip: true
+  justification: Callous disregard

test/unit/mock/profiles/waivers/small/inspec.yml

@@ -0,0 +1,5 @@
+name: small
+summary: Test profile for running bad waiver files through InSpec
+version: 0.1.0
+supports:
+  platform: os