mirror of
https://github.com/inspec/inspec
synced 2024-11-27 07:00:39 +00:00
Fixes #5373 : Add option to filter empty profiles from report
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
This commit is contained in:
parent
f4126bb05f
commit
7dba4fa641
12 changed files with 101 additions and 2 deletions
|
@ -332,6 +332,8 @@ This subcommand has additional options:
|
||||||
Whether to use disable sspi authentication, defaults to false (WinRM).
|
Whether to use disable sspi authentication, defaults to false (WinRM).
|
||||||
* ``--winrm-transport=WINRM_TRANSPORT``
|
* ``--winrm-transport=WINRM_TRANSPORT``
|
||||||
Specify which transport to use, defaults to negotiate (WinRM).
|
Specify which transport to use, defaults to negotiate (WinRM).
|
||||||
|
* ``--filter-empty-profiles``, ``--no-filter-empty-profiles``
|
||||||
|
Filter empty profiles (profiles without controls) from the report.
|
||||||
|
|
||||||
## help
|
## help
|
||||||
|
|
||||||
|
|
|
@ -164,6 +164,8 @@ module Inspec
|
||||||
desc: "Use --no-diff to suppress 'diff' output of failed textual test results."
|
desc: "Use --no-diff to suppress 'diff' output of failed textual test results."
|
||||||
option :sort_results_by, type: :string, default: "file", banner: "--sort-results-by=none|control|file|random",
|
option :sort_results_by, type: :string, default: "file", banner: "--sort-results-by=none|control|file|random",
|
||||||
desc: "After normal execution order, results are sorted by control ID, or by file (default), or randomly. None uses legacy unsorted mode."
|
desc: "After normal execution order, results are sorted by control ID, or by file (default), or randomly. None uses legacy unsorted mode."
|
||||||
|
option :filter_empty_profiles, type: :boolean, default: false,
|
||||||
|
desc: "Filter empty profiles (profiles without controls) from the report."
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.help(*args)
|
def self.help(*args)
|
||||||
|
|
|
@ -13,6 +13,7 @@ module Inspec
|
||||||
def apply_run_data_filters_to_hash
|
def apply_run_data_filters_to_hash
|
||||||
@config[:runtime_config] = Inspec::Config.cached || {}
|
@config[:runtime_config] = Inspec::Config.cached || {}
|
||||||
apply_report_resize_options
|
apply_report_resize_options
|
||||||
|
filter_empty_profiles
|
||||||
redact_sensitive_inputs
|
redact_sensitive_inputs
|
||||||
suppress_diff_output
|
suppress_diff_output
|
||||||
sort_controls
|
sort_controls
|
||||||
|
@ -36,7 +37,15 @@ module Inspec
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# Find any inputs with :sensitive = true and replace their values with "***"
|
# Filters profiles from report which don't have controls in it.
|
||||||
|
def filter_empty_profiles
|
||||||
|
runtime_config = @config[:runtime_config]
|
||||||
|
if runtime_config[:filter_empty_profiles] && @run_data[:profiles].count > 1
|
||||||
|
@run_data[:profiles].delete_if { |p| p[:controls].empty? }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Find any inputs with :redact_sensitive_inputsitive = true and replace their values with "***"
|
||||||
def redact_sensitive_inputs
|
def redact_sensitive_inputs
|
||||||
@run_data[:profiles]&.each do |p|
|
@run_data[:profiles]&.each do |p|
|
||||||
p[:inputs]&.each do |i|
|
p[:inputs]&.each do |i|
|
||||||
|
|
3
test/fixtures/profiles/dependencies/resource-pack/README.md
vendored
Normal file
3
test/fixtures/profiles/dependencies/resource-pack/README.md
vendored
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
# Example InSpec Profile
|
||||||
|
|
||||||
|
This example shows the implementation of an InSpec profile.
|
10
test/fixtures/profiles/dependencies/resource-pack/inspec.yml
vendored
Normal file
10
test/fixtures/profiles/dependencies/resource-pack/inspec.yml
vendored
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
name: resource-pack
|
||||||
|
title: InSpec Profile
|
||||||
|
maintainer: The Authors
|
||||||
|
copyright: The Authors
|
||||||
|
copyright_email: you@example.com
|
||||||
|
license: Apache-2.0
|
||||||
|
summary: An InSpec Compliance Profile
|
||||||
|
version: 0.1.0
|
||||||
|
supports:
|
||||||
|
platform: os
|
0
test/fixtures/profiles/dependencies/resource-pack/libraries/.gitkeep
vendored
Normal file
0
test/fixtures/profiles/dependencies/resource-pack/libraries/.gitkeep
vendored
Normal file
15
test/fixtures/profiles/dependencies/resource-pack/libraries/example_config.rb
vendored
Normal file
15
test/fixtures/profiles/dependencies/resource-pack/libraries/example_config.rb
vendored
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
class ExampleConfig < Inspec.resource(1)
|
||||||
|
name 'example_config'
|
||||||
|
|
||||||
|
desc "Example's resource description ..."
|
||||||
|
|
||||||
|
example "
|
||||||
|
describe example_config do
|
||||||
|
its('version') { should eq('1.0') }
|
||||||
|
end
|
||||||
|
"
|
||||||
|
|
||||||
|
def version
|
||||||
|
"1.0"
|
||||||
|
end
|
||||||
|
end
|
3
test/fixtures/profiles/dependencies/uses-resource-pack/README.md
vendored
Normal file
3
test/fixtures/profiles/dependencies/uses-resource-pack/README.md
vendored
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
# Example InSpec Profile
|
||||||
|
|
||||||
|
This example shows the implementation of an InSpec profile.
|
18
test/fixtures/profiles/dependencies/uses-resource-pack/controls/example.rb
vendored
Normal file
18
test/fixtures/profiles/dependencies/uses-resource-pack/controls/example.rb
vendored
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
# copyright: 2018, The Authors
|
||||||
|
|
||||||
|
title "sample section"
|
||||||
|
|
||||||
|
# you can also use plain tests
|
||||||
|
describe file("/tmp") do
|
||||||
|
it { should be_directory }
|
||||||
|
end
|
||||||
|
|
||||||
|
# you add controls here
|
||||||
|
control "tmp-1.0" do # A unique ID for this control
|
||||||
|
impact 0.7 # The criticality, if this control fails.
|
||||||
|
title "Create /tmp directory" # A human-readable title
|
||||||
|
desc "An optional description..."
|
||||||
|
describe file("/tmp") do # The actual test
|
||||||
|
it { should be_directory }
|
||||||
|
end
|
||||||
|
end
|
13
test/fixtures/profiles/dependencies/uses-resource-pack/inspec.yml
vendored
Normal file
13
test/fixtures/profiles/dependencies/uses-resource-pack/inspec.yml
vendored
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
name: uses-resource-pack
|
||||||
|
title: InSpec Profile
|
||||||
|
maintainer: The Authors
|
||||||
|
copyright: The Authors
|
||||||
|
copyright_email: you@example.com
|
||||||
|
license: Apache-2.0
|
||||||
|
summary: An InSpec Compliance Profile
|
||||||
|
version: 0.1.0
|
||||||
|
supports:
|
||||||
|
platform: os
|
||||||
|
depends:
|
||||||
|
- name: resource-pack
|
||||||
|
path: ../resource-pack
|
0
test/fixtures/profiles/dependencies/uses-resource-pack/libraries/.gitkeep
vendored
Normal file
0
test/fixtures/profiles/dependencies/uses-resource-pack/libraries/.gitkeep
vendored
Normal file
|
@ -421,6 +421,30 @@ describe "inspec exec with json formatter" do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "JSON reporter" do
|
||||||
|
describe "with --no-filter-empty-profiles option" do
|
||||||
|
let(:run_result) { run_inspec_process("exec #{profile_path}/dependencies/uses-resource-pack --no-filter-empty-profiles", json: true) }
|
||||||
|
let(:profiles) { @json["profiles"] }
|
||||||
|
|
||||||
|
it "does not filter the empty profiles(profiles without controls)" do
|
||||||
|
_(run_result.stderr).must_be_empty
|
||||||
|
_(profiles.count).must_equal 2
|
||||||
|
assert_exit_code(0, run_result)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe "with --filter-empty-profiles option" do
|
||||||
|
let(:run_result) { run_inspec_process("exec #{profile_path}/dependencies/uses-resource-pack --filter-empty-profiles", json: true) }
|
||||||
|
let(:profiles) { @json["profiles"] }
|
||||||
|
|
||||||
|
it "does not filter the empty profiles(profiles without controls)" do
|
||||||
|
_(run_result.stderr).must_be_empty
|
||||||
|
_(profiles.count).must_equal 1
|
||||||
|
assert_exit_code(0, run_result)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe "JSON reporter using the --sort-results-by option" do
|
describe "JSON reporter using the --sort-results-by option" do
|
||||||
let(:run_result) { run_inspec_process("exec #{profile_path}/sorted-results/sort-me-1 --sort-results-by #{sort_option}", json: true) }
|
let(:run_result) { run_inspec_process("exec #{profile_path}/sorted-results/sort-me-1 --sort-results-by #{sort_option}", json: true) }
|
||||||
let(:control_order) { @json["profiles"][0]["controls"].map { |c| c["id"] }.join("") }
|
let(:control_order) { @json["profiles"][0]["controls"].map { |c| c["id"] }.join("") }
|
||||||
|
|
Loading…
Reference in a new issue