CHEF-6422 Modify inspec archive to not check or export by default (#6659)

* make profile check optional Signed-off-by: Sathish <sbabu@progress.com> * Clarify error message when making inspec check optional Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add test fixture profile that emits evaluation markers on stderr Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Make export to inspec.json optional, not enabled by default Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add test confirming non-evaluative archive Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Fix failing plugin search test, failing since we published a new test gem Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> --------- Signed-off-by: Sathish <sbabu@progress.com> Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2024-11-22 04:33:09 +00:00 · 2023-09-29 23:12:37 +01:00 · 2023-09-29 23:12:37 +01:00 · e1d39e581a
commit e1d39e581a
parent 4b8efce087
6 changed files with 77 additions and 13 deletions
--- a/docs-chef-io/content/inspec/cli.md
+++ b/docs-chef-io/content/inspec/cli.md
@ -35,6 +35,14 @@ This subcommand has the following additional options:
 `--no-airgap`
 : Fallback to using local archives if fetching fails.

+`--check`
+`--no-check`
+: Before running archive, run `inspec check`. Default: do not check.
+
+`--export`
+`--no-export`
+: Include an inspec.json file in the archive, the results of running `inspec export`.
+
 `--ignore-errors`
 `--no-ignore-errors`
 : Ignore profile warnings.
--- a/lib/inspec/cli.rb
+++ b/lib/inspec/cli.rb
@ -261,6 +261,10 @@ class Inspec::InspecCLI < Inspec::BaseCLI
    desc: "Fallback to using local archives if fetching fails."
  option :ignore_errors, type: :boolean, default: false,
    desc: "Ignore profile warnings."
+  option :check, type: :boolean, default: false,
+    desc: "Run profile check before archiving."
+  option :export, type: :boolean, default: false,
+    desc: "Export the profile to inspec.json and include in archive"
  def archive(path, log_level = nil)
    Inspec.with_feature("inspec-cli-archive") {
      begin
@ -283,7 +287,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
          o[:logger].warn "Archiving a profile that contains gem dependencies, but InSpec cannot package gems with the profile! Please archive your ~/.inspec/gems directory separately."
        end

-        result = profile.check
+        result = profile.check if o[:check]

        if result && !o[:ignore_errors] == false
          o[:logger].info "Profile check failed. Please fix the profile before generating an archive."
--- a/lib/inspec/profile.rb
+++ b/lib/inspec/profile.rb
@ -682,7 +682,6 @@ module Inspec
    end

    # generates a archive of a folder profile
-    # assumes that the profile was checked before
    def archive(opts)
      # check if file exists otherwise overwrite the archive
      dst = archive_name(opts)
@ -699,31 +698,34 @@ module Inspec
      # TODO ignore all .files, but add the files to debug output

      # Generate temporary inspec.json for archive
-      Inspec::Utils::JsonProfileSummary.produce_json(
-        info: info,
-        write_path: "#{root_path}inspec.json",
-        suppress_output: true
-      )
+      if opts[:export]
+        Inspec::Utils::JsonProfileSummary.produce_json(
+          info: info, # TODO: conditionalize and call info_from_parse
+          write_path: "#{root_path}inspec.json",
+          suppress_output: true
+        )
+      end

      # display all files that will be part of the archive
      @logger.debug "Add the following files to archive:"
      files.each { |f| @logger.debug "    " + f }
-      @logger.debug "    inspec.json"
+      @logger.debug "    inspec.json" if opts[:export]

+      archive_files = opts[:export] ? files.push("inspec.json") : files
      if opts[:zip]
        # generate zip archive
        require "inspec/archive/zip"
        zag = Inspec::Archive::ZipArchiveGenerator.new
-        zag.archive(root_path, files.push("inspec.json"), dst)
+        zag.archive(root_path, archive_files, dst)
      else
        # generate tar archive
        require "inspec/archive/tar"
        tag = Inspec::Archive::TarArchiveGenerator.new
-        tag.archive(root_path, files.push("inspec.json"), dst)
+        tag.archive(root_path, archive_files, dst)
      end

      # Cleanup
-      FileUtils.rm_f("#{root_path}inspec.json")
+      FileUtils.rm_f("#{root_path}inspec.json") if opts[:export]

      @logger.info "Finished archive generation."
      true
--- a/test/fixtures/profiles/eval-markers/controls/markers.rb
+++ b/test/fixtures/profiles/eval-markers/controls/markers.rb
@ -0,0 +1,15 @@
+# This profile emits markers to STDERR at various points to indicate that it was evaluated
+
+$stderr.puts "TOP_LEVEL_MARKER"
+$stderr.puts "EVALUATION_MARKER"
+control "my-dummy-control" do
+  $stderr.puts "CONTROL_BODY_MARKER"
+  title "#{$stderr.puts "METADATA_MARKER"}"
+  describe true do
+    $stderr.puts "DESCRIBE_BODY_MARKER"
+    it do
+      $stderr.puts "IT_BODY_MARKER"
+      should be_truthy
+    end
+  end
+end
--- a/test/fixtures/profiles/eval-markers/inspec.yml
+++ b/test/fixtures/profiles/eval-markers/inspec.yml
@ -0,0 +1,10 @@
+name: eval-markers
+title: InSpec Profile
+maintainer: The Authors
+copyright: The Authors
+copyright_email: you@example.com
+license: Apache-2.0
+summary: A profile that emits to STDERR at various points
+version: 0.1.0
+supports:
+  platform: os
--- a/test/functional/inspec_archive_test.rb
+++ b/test/functional/inspec_archive_test.rb
@ -31,13 +31,24 @@ describe "inspec archive" do
    end
  end

-  it "archives an inspec.json file" do
+  it "archives an inspec.json file if export if provided --export option" do
+    prepare_examples("profile") do |dir|
+      out = inspec("archive " + dir + " --overwrite --export")
+
+      _(out.stderr).must_equal ""
+      t = Zlib::GzipReader.open(auto_dst)
+      _(Gem::Package::TarReader.new(t).entries.map(&:header).map(&:name)).must_include "inspec.json"
+      assert_exit_code 0, out
+    end
+  end
+
+  it "does not archive an inspec.json file by default" do
    prepare_examples("profile") do |dir|
      out = inspec("archive " + dir + " --overwrite")

      _(out.stderr).must_equal ""
      t = Zlib::GzipReader.open(auto_dst)
-      _(Gem::Package::TarReader.new(t).entries.map(&:header).map(&:name)).must_include "inspec.json"
+      _(Gem::Package::TarReader.new(t).entries.map(&:header).map(&:name)).wont_include "inspec.json"
      assert_exit_code 0, out
    end
  end
@ -127,4 +138,18 @@ describe "inspec archive" do
      assert_exit_code 0, out
    end
  end
+
+  it "does not evaluate a profile by default" do
+    eval_marker_path = File.join(profile_path, "eval-markers")
+
+    Dir.mktmpdir do |tmpdir|
+      FileUtils.cp_r(eval_marker_path + "/.", tmpdir)
+
+      out = inspec("archive " + tmpdir + " --output " + dst.path)
+
+      _(out.stderr).wont_include "EVALUATION_MARKER"
+      _(out.stderr).must_equal ""
+      assert_exit_code 0, out
+    end
+  end
 end