CHEF-6422 Modify inspec archive to not check or export by default (#6659) (#6720)

* make profile check optional



* Clarify error message when making inspec check optional



* Add test fixture profile that emits evaluation markers on stderr



* Make export to inspec.json optional, not enabled by default



* Add test confirming non-evaluative archive



* Fix failing plugin search test, failing since we published a new test gem



---------

Signed-off-by: Sathish <sbabu@progress.com>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Co-authored-by: Sathish Babu <80091550+sathish-progress@users.noreply.github.com>
This commit is contained in:
Clinton Wolfe 2023-09-30 02:35:52 -04:00 committed by GitHub
parent d69fa38a65
commit a5e29a842f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 73 additions and 13 deletions

View file

@ -31,6 +31,10 @@ This subcommand has the following additional options:
* ``--airgap``, ``--no-airgap`` * ``--airgap``, ``--no-airgap``
Fallback to using local archives if fetching fails. Fallback to using local archives if fetching fails.
* ``--check``, ``--no-check``
Before running archive, run `inspec check`. Default: do not check.
* ``--export``, ``--no-check``
Include an inspec.json file in the archive, the results of running `inspec export`.
* ``--ignore-errors``, ``--no-ignore-errors`` * ``--ignore-errors``, ``--no-ignore-errors``
Ignore profile warnings. Ignore profile warnings.
* ``-o``, ``--output=OUTPUT`` * ``-o``, ``--output=OUTPUT``

View file

@ -189,6 +189,10 @@ class Inspec::InspecCLI < Inspec::BaseCLI
desc: "Fallback to using local archives if fetching fails." desc: "Fallback to using local archives if fetching fails."
option :ignore_errors, type: :boolean, default: false, option :ignore_errors, type: :boolean, default: false,
desc: "Ignore profile warnings." desc: "Ignore profile warnings."
option :check, type: :boolean, default: false,
desc: "Run profile check before archiving."
option :export, type: :boolean, default: false,
desc: "Export the profile to inspec.json and include in archive"
def archive(path) def archive(path)
o = config o = config
diagnose(o) diagnose(o)
@ -203,7 +207,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
vendor_deps(path, vendor_options) vendor_deps(path, vendor_options)
profile = Inspec::Profile.for_target(path, o) profile = Inspec::Profile.for_target(path, o)
result = profile.check result = profile.check if o[:check]
if result && !o[:ignore_errors] == false if result && !o[:ignore_errors] == false
o[:logger].info "Profile check failed. Please fix the profile before generating an archive." o[:logger].info "Profile check failed. Please fix the profile before generating an archive."

View file

@ -617,7 +617,6 @@ module Inspec
end end
# generates a archive of a folder profile # generates a archive of a folder profile
# assumes that the profile was checked before
def archive(opts) def archive(opts)
# check if file exists otherwise overwrite the archive # check if file exists otherwise overwrite the archive
dst = archive_name(opts) dst = archive_name(opts)
@ -634,31 +633,34 @@ module Inspec
# TODO ignore all .files, but add the files to debug output # TODO ignore all .files, but add the files to debug output
# Generate temporary inspec.json for archive # Generate temporary inspec.json for archive
if opts[:export]
Inspec::Utils::JsonProfileSummary.produce_json( Inspec::Utils::JsonProfileSummary.produce_json(
info: info, info: info, # TODO: conditionalize and call info_from_parse
write_path: "#{root_path}inspec.json", write_path: "#{root_path}inspec.json",
suppress_output: true suppress_output: true
) )
end
# display all files that will be part of the archive # display all files that will be part of the archive
@logger.debug "Add the following files to archive:" @logger.debug "Add the following files to archive:"
files.each { |f| @logger.debug " " + f } files.each { |f| @logger.debug " " + f }
@logger.debug " inspec.json" @logger.debug " inspec.json" if opts[:export]
archive_files = opts[:export] ? files.push("inspec.json") : files
if opts[:zip] if opts[:zip]
# generate zip archive # generate zip archive
require "inspec/archive/zip" require "inspec/archive/zip"
zag = Inspec::Archive::ZipArchiveGenerator.new zag = Inspec::Archive::ZipArchiveGenerator.new
zag.archive(root_path, files.push("inspec.json"), dst) zag.archive(root_path, archive_files, dst)
else else
# generate tar archive # generate tar archive
require "inspec/archive/tar" require "inspec/archive/tar"
tag = Inspec::Archive::TarArchiveGenerator.new tag = Inspec::Archive::TarArchiveGenerator.new
tag.archive(root_path, files.push("inspec.json"), dst) tag.archive(root_path, archive_files, dst)
end end
# Cleanup # Cleanup
FileUtils.rm_f("#{root_path}inspec.json") FileUtils.rm_f("#{root_path}inspec.json") if opts[:export]
@logger.info "Finished archive generation." @logger.info "Finished archive generation."
true true

View file

@ -0,0 +1,15 @@
# This profile emits markers to STDERR at various points to indicate that it was evaluated
$stderr.puts "TOP_LEVEL_MARKER"
$stderr.puts "EVALUATION_MARKER"
control "my-dummy-control" do
$stderr.puts "CONTROL_BODY_MARKER"
title "#{$stderr.puts "METADATA_MARKER"}"
describe true do
$stderr.puts "DESCRIBE_BODY_MARKER"
it do
$stderr.puts "IT_BODY_MARKER"
should be_truthy
end
end
end

View file

@ -0,0 +1,10 @@
name: eval-markers
title: InSpec Profile
maintainer: The Authors
copyright: The Authors
copyright_email: you@example.com
license: Apache-2.0
summary: A profile that emits to STDERR at various points
version: 0.1.0
supports:
platform: os

View file

@ -31,13 +31,24 @@ describe "inspec archive" do
end end
end end
it "archives an inspec.json file" do it "archives an inspec.json file if export if provided --export option" do
prepare_examples("profile") do |dir|
out = inspec("archive " + dir + " --overwrite --export")
_(out.stderr).must_equal ""
t = Zlib::GzipReader.open(auto_dst)
_(Gem::Package::TarReader.new(t).entries.map(&:header).map(&:name)).must_include "inspec.json"
assert_exit_code 0, out
end
end
it "does not archive an inspec.json file by default" do
prepare_examples("profile") do |dir| prepare_examples("profile") do |dir|
out = inspec("archive " + dir + " --overwrite") out = inspec("archive " + dir + " --overwrite")
_(out.stderr).must_equal "" _(out.stderr).must_equal ""
t = Zlib::GzipReader.open(auto_dst) t = Zlib::GzipReader.open(auto_dst)
_(Gem::Package::TarReader.new(t).entries.map(&:header).map(&:name)).must_include "inspec.json" _(Gem::Package::TarReader.new(t).entries.map(&:header).map(&:name)).wont_include "inspec.json"
assert_exit_code 0, out assert_exit_code 0, out
end end
end end
@ -127,4 +138,18 @@ describe "inspec archive" do
assert_exit_code 0, out assert_exit_code 0, out
end end
end end
it "does not evaluate a profile by default" do
eval_marker_path = File.join(profile_path, "eval-markers")
Dir.mktmpdir do |tmpdir|
FileUtils.cp_r(eval_marker_path + "/.", tmpdir)
out = inspec("archive " + tmpdir + " --output " + dst.path)
_(out.stderr).wont_include "EVALUATION_MARKER"
_(out.stderr).must_equal ""
assert_exit_code 0, out
end
end
end end