Added doc for only if impact change and modified test cases

Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>
2024-11-22 12:43:07 +00:00 · 2022-07-13 14:39:34 +05:30 · 2022-07-13 14:39:34 +05:30 · c8351c9323
commit c8351c9323
parent 1274a39690
3 changed files with 23 additions and 1 deletions
--- a/docs-chef-io/content/inspec/dsl_inspec.md
+++ b/docs-chef-io/content/inspec/dsl_inspec.md
@ -269,6 +269,25 @@ certain controls, which would 100% fail due to the way servers are prepared, but
 you know that the same control suites are reused later in different circumstances
 by different teams.

+This example checks for if Gnome Desktop is installed or not, if not then it resets the impact of the control to the new value which is passed as a hash with impact key. Here it resets it to 0:
+```ruby
+control 'gnome-destkop-settings' do
+  impact 0.5
+  desc 'some good settings'
+  desc 'check', 'check the settings file for good things'
+  desc 'fix', 'set the good things in the file /etc/gnome/settings'
+  tag nist: 'CM-6'
+
+  only_if("The Gnome Desktop is not installed, this control is Not Applicable", impact: 0) {
+    package('gnome-desktop').installed?
+  }
+
+  describe gnome_settings do
+    it should_be set_well
+  end
+end
+```
+
 Some notes about `only_if`:

 - `only_if` applies to the entire `control`. If the results of the `only_if`
@ -277,6 +296,7 @@ Some notes about `only_if`:
  blocks will not be run. However, bare Ruby expressions and bare Chef InSpec
  resources (not assocated with a describe block) preceding the only_if statement
  will run
+- `only_if` also accepts hash with impact key to reset the impact value of the control. Control's impact is useful in determing it's enhanced outcome.

 To illustrate:

--- a/test/fixtures/profiles/enhanced-outcomes-test/controls/example.rb
+++ b/test/fixtures/profiles/enhanced-outcomes-test/controls/example.rb
@ -63,7 +63,8 @@ end

 # Example of setting impact using code and marking it N/A
 control "tmp-6.0.1" do
-  only_if(impact: 0.0) { false }
+  impact 0.5
+  only_if("Some reason for N/A", impact: 0.0) { false }
  describe file("/tmp") do
    it { should be_directory }
  end
--- a/test/functional/inspec_exec_test.rb
+++ b/test/functional/inspec_exec_test.rb
@ -1367,6 +1367,7 @@ EOT

    it "should mark control as N/A using zero impact from only_if" do
      _(run_result.stdout).must_include "N/A  tmp-6.0.1"
+      _(run_result.stdout).must_include "Some reason for N/A"
    end

    it "should not mark control as N/A using non-zeo impact from only_if" do