From c8351c932382715ff4ec4105222562daad6eb307 Mon Sep 17 00:00:00 2001 From: Nikita Mathur Date: Wed, 13 Jul 2022 14:39:34 +0530 Subject: [PATCH] Added doc for only if impact change and modified test cases Signed-off-by: Nikita Mathur --- docs-chef-io/content/inspec/dsl_inspec.md | 20 +++++++++++++++++++ .../controls/example.rb | 3 ++- test/functional/inspec_exec_test.rb | 1 + 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/docs-chef-io/content/inspec/dsl_inspec.md b/docs-chef-io/content/inspec/dsl_inspec.md index 99646e49b..77455d939 100644 --- a/docs-chef-io/content/inspec/dsl_inspec.md +++ b/docs-chef-io/content/inspec/dsl_inspec.md @@ -269,6 +269,25 @@ certain controls, which would 100% fail due to the way servers are prepared, but you know that the same control suites are reused later in different circumstances by different teams. +This example checks for if Gnome Desktop is installed or not, if not then it resets the impact of the control to the new value which is passed as a hash with impact key. Here it resets it to 0: +```ruby +control 'gnome-destkop-settings' do + impact 0.5 + desc 'some good settings' + desc 'check', 'check the settings file for good things' + desc 'fix', 'set the good things in the file /etc/gnome/settings' + tag nist: 'CM-6' + + only_if("The Gnome Desktop is not installed, this control is Not Applicable", impact: 0) { + package('gnome-desktop').installed? + } + + describe gnome_settings do + it should_be set_well + end +end +``` + Some notes about `only_if`: - `only_if` applies to the entire `control`. If the results of the `only_if` @@ -277,6 +296,7 @@ Some notes about `only_if`: blocks will not be run. However, bare Ruby expressions and bare Chef InSpec resources (not assocated with a describe block) preceding the only_if statement will run +- `only_if` also accepts hash with impact key to reset the impact value of the control. Control's impact is useful in determing it's enhanced outcome. To illustrate: diff --git a/test/fixtures/profiles/enhanced-outcomes-test/controls/example.rb b/test/fixtures/profiles/enhanced-outcomes-test/controls/example.rb index 684fae88f..06918c7d6 100644 --- a/test/fixtures/profiles/enhanced-outcomes-test/controls/example.rb +++ b/test/fixtures/profiles/enhanced-outcomes-test/controls/example.rb @@ -63,7 +63,8 @@ end # Example of setting impact using code and marking it N/A control "tmp-6.0.1" do - only_if(impact: 0.0) { false } + impact 0.5 + only_if("Some reason for N/A", impact: 0.0) { false } describe file("/tmp") do it { should be_directory } end diff --git a/test/functional/inspec_exec_test.rb b/test/functional/inspec_exec_test.rb index 082ec71a5..ece2a9e17 100644 --- a/test/functional/inspec_exec_test.rb +++ b/test/functional/inspec_exec_test.rb @@ -1367,6 +1367,7 @@ EOT it "should mark control as N/A using zero impact from only_if" do _(run_result.stdout).must_include "N/A tmp-6.0.1" + _(run_result.stdout).must_include "Some reason for N/A" end it "should not mark control as N/A using non-zeo impact from only_if" do