CHEF-6422 Modify inspec archive to not check or export by default (#6659)

* make profile check optional

Signed-off-by: Sathish <sbabu@progress.com>

* Clarify error message when making inspec check optional

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add test fixture profile that emits evaluation markers on stderr

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Make export to inspec.json optional, not enabled by default

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add test confirming non-evaluative archive

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Fix failing plugin search test, failing since we published a new test gem

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

---------

Signed-off-by: Sathish <sbabu@progress.com>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com>
This commit is contained in:
Sathish Babu 2023-09-29 23:12:37 +01:00 committed by GitHub
parent 4b8efce087
commit e1d39e581a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 77 additions and 13 deletions

View file

@ -35,6 +35,14 @@ This subcommand has the following additional options:
`--no-airgap`
: Fallback to using local archives if fetching fails.
`--check`
`--no-check`
: Before running archive, run `inspec check`. Default: do not check.
`--export`
`--no-export`
: Include an inspec.json file in the archive, the results of running `inspec export`.
`--ignore-errors`
`--no-ignore-errors`
: Ignore profile warnings.

View file

@ -261,6 +261,10 @@ class Inspec::InspecCLI < Inspec::BaseCLI
desc: "Fallback to using local archives if fetching fails."
option :ignore_errors, type: :boolean, default: false,
desc: "Ignore profile warnings."
option :check, type: :boolean, default: false,
desc: "Run profile check before archiving."
option :export, type: :boolean, default: false,
desc: "Export the profile to inspec.json and include in archive"
def archive(path, log_level = nil)
Inspec.with_feature("inspec-cli-archive") {
begin
@ -283,7 +287,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
o[:logger].warn "Archiving a profile that contains gem dependencies, but InSpec cannot package gems with the profile! Please archive your ~/.inspec/gems directory separately."
end
result = profile.check
result = profile.check if o[:check]
if result && !o[:ignore_errors] == false
o[:logger].info "Profile check failed. Please fix the profile before generating an archive."

View file

@ -682,7 +682,6 @@ module Inspec
end
# generates a archive of a folder profile
# assumes that the profile was checked before
def archive(opts)
# check if file exists otherwise overwrite the archive
dst = archive_name(opts)
@ -699,31 +698,34 @@ module Inspec
# TODO ignore all .files, but add the files to debug output
# Generate temporary inspec.json for archive
Inspec::Utils::JsonProfileSummary.produce_json(
info: info,
write_path: "#{root_path}inspec.json",
suppress_output: true
)
if opts[:export]
Inspec::Utils::JsonProfileSummary.produce_json(
info: info, # TODO: conditionalize and call info_from_parse
write_path: "#{root_path}inspec.json",
suppress_output: true
)
end
# display all files that will be part of the archive
@logger.debug "Add the following files to archive:"
files.each { |f| @logger.debug " " + f }
@logger.debug " inspec.json"
@logger.debug " inspec.json" if opts[:export]
archive_files = opts[:export] ? files.push("inspec.json") : files
if opts[:zip]
# generate zip archive
require "inspec/archive/zip"
zag = Inspec::Archive::ZipArchiveGenerator.new
zag.archive(root_path, files.push("inspec.json"), dst)
zag.archive(root_path, archive_files, dst)
else
# generate tar archive
require "inspec/archive/tar"
tag = Inspec::Archive::TarArchiveGenerator.new
tag.archive(root_path, files.push("inspec.json"), dst)
tag.archive(root_path, archive_files, dst)
end
# Cleanup
FileUtils.rm_f("#{root_path}inspec.json")
FileUtils.rm_f("#{root_path}inspec.json") if opts[:export]
@logger.info "Finished archive generation."
true

View file

@ -0,0 +1,15 @@
# This profile emits markers to STDERR at various points to indicate that it was evaluated
$stderr.puts "TOP_LEVEL_MARKER"
$stderr.puts "EVALUATION_MARKER"
control "my-dummy-control" do
$stderr.puts "CONTROL_BODY_MARKER"
title "#{$stderr.puts "METADATA_MARKER"}"
describe true do
$stderr.puts "DESCRIBE_BODY_MARKER"
it do
$stderr.puts "IT_BODY_MARKER"
should be_truthy
end
end
end

View file

@ -0,0 +1,10 @@
name: eval-markers
title: InSpec Profile
maintainer: The Authors
copyright: The Authors
copyright_email: you@example.com
license: Apache-2.0
summary: A profile that emits to STDERR at various points
version: 0.1.0
supports:
platform: os

View file

@ -31,13 +31,24 @@ describe "inspec archive" do
end
end
it "archives an inspec.json file" do
it "archives an inspec.json file if export if provided --export option" do
prepare_examples("profile") do |dir|
out = inspec("archive " + dir + " --overwrite --export")
_(out.stderr).must_equal ""
t = Zlib::GzipReader.open(auto_dst)
_(Gem::Package::TarReader.new(t).entries.map(&:header).map(&:name)).must_include "inspec.json"
assert_exit_code 0, out
end
end
it "does not archive an inspec.json file by default" do
prepare_examples("profile") do |dir|
out = inspec("archive " + dir + " --overwrite")
_(out.stderr).must_equal ""
t = Zlib::GzipReader.open(auto_dst)
_(Gem::Package::TarReader.new(t).entries.map(&:header).map(&:name)).must_include "inspec.json"
_(Gem::Package::TarReader.new(t).entries.map(&:header).map(&:name)).wont_include "inspec.json"
assert_exit_code 0, out
end
end
@ -127,4 +138,18 @@ describe "inspec archive" do
assert_exit_code 0, out
end
end
it "does not evaluate a profile by default" do
eval_marker_path = File.join(profile_path, "eval-markers")
Dir.mktmpdir do |tmpdir|
FileUtils.cp_r(eval_marker_path + "/.", tmpdir)
out = inspec("archive " + tmpdir + " --output " + dst.path)
_(out.stderr).wont_include "EVALUATION_MARKER"
_(out.stderr).must_equal ""
assert_exit_code 0, out
end
end
end