Rename --ludicrous-speed to --filter-waived-controls and reword usage message

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
This commit is contained in:
Clinton Wolfe 2021-04-05 21:12:14 -04:00
parent b42649e9e2
commit c21055af62
4 changed files with 12 additions and 13 deletions

View file

@ -272,6 +272,8 @@ This subcommand has additional options:
Password for enable mode on Cisco IOS devices.
* ``--filter-empty-profiles``, ``--no-filter-empty-profiles``
Filter empty profiles (profiles without controls) from the report.
* ``--filter-waived-controls``
Do not execute waived controls in InSpec at all. Must use with --waiver-file. Ignores `run` setting of waiver file.
* ``--host=HOST``
Specify a remote host which is tested.
* ``--input=name1=value1 name2=value2``

View file

@ -169,11 +169,10 @@ module Inspec
option :command_timeout, type: :numeric, default: 3600,
desc: "Maximum seconds to allow commands to run during execution. Default 3600.",
long_desc: "Maximum seconds to allow commands to run during execution. Default 3600. A timed out command is considered an error."
# TODO: Resolve how to access this in Profile.rb
option :ludicrous_speed, type: :boolean,
desc: "EXPERIMENTAL: Waived controls are never read into InSpec"
option :filter_waived_controls, type: :boolean,
desc: "Do not execute waived controls in InSpec at all. Must use with --waiver-file. Ignores `run` setting of waiver file."
option :retain_waiver_data, type: :boolean,
desc: "EXPERIMENTAL: Only works in conjunction with ludicrous_speed, retains waiver data about controls that were skipped"
desc: "EXPERIMENTAL: Only works in conjunction with --filter-waived-controls, retains waiver data about controls that were skipped"
end
def self.help(*args)

View file

@ -234,7 +234,7 @@ module Inspec
# Wipe out waived controls
def filter_waived_controls
cfg = Inspec::Config.cached
return self.tests unless cfg["ludicrous_speed"]
return self.tests unless cfg["filter_waived_controls"]
## Find the waivers file
# Issues:
@ -244,7 +244,7 @@ module Inspec
waiver_path = cfg.instance_variable_get(:@cli_opts)["waiver_file"]&.first
unless waiver_path
Inspec::Log.error "Must use --waiver-file with --ludicrous-speed"
Inspec::Log.error "Must use --waiver-file with --filter-waived-controls"
Inspec::UI.new.exit(:usage_error)
end

View file

@ -115,24 +115,22 @@ describe "waivers" do
end
end
describe "with --ludicrous-speed flag" do
describe "with --filter-waived-controls flag" do
it "can execute and not hit failures" do
inspec("exec " + "#{waivers_profiles_path}/purely-broken-controls" + "--ludicrous-speed --waiver-file #{waivers_profiles_path}/purely-broken-controls/files/waivers.yml" + " --no-create-lockfile" + " --no-color")
inspec("exec " + "#{waivers_profiles_path}/purely-broken-controls" + "--filter-waived-controls --waiver-file #{waivers_profiles_path}/purely-broken-controls/files/waivers.yml" + " --no-create-lockfile" + " --no-color")
_(stderr).must_equal ""
_(stdout).wont_include("Control Source Code Error")
_(stdout).must_include "\nProfile Summary: 1 successful control, 0 control failures, 0 controls skipped\n"
_(stderr).must_equal ""
assert_exit_code 0, out
end
end
describe "with --retain-waiver-data flag" do
it "can execute and not hit failures with exact same output as normal" do
inspec("exec " + "#{waivers_profiles_path}/purely-broken-controls" + " --ludicrous-speed --retain-waiver-data --waiver-file #{waivers_profiles_path}/purely-broken-controls/files/waivers.yml" + " --no-create-lockfile" + " --no-color")
inspec("exec " + "#{waivers_profiles_path}/purely-broken-controls" + " --filter-waived-controls --retain-waiver-data --waiver-file #{waivers_profiles_path}/purely-broken-controls/files/waivers.yml" + " --no-create-lockfile" + " --no-color")
_(stderr).must_equal ""
_(stdout).wont_include("Control Source Code Error")
_(stdout).must_include "\nProfile Summary: 1 successful control, 0 control failures, 2 controls skipped\n"
_(stderr).must_equal ""
assert_exit_code 101, out
end
end