Merge pull request #25 from jeremymv2/fail_if_audits_fail

failing converge if any audits failed
chef-boneyard · Apr 18, 2016 · 99f5f53 · 99f5f53
2 parents c347d6b + 2632a61
commit 99f5f53
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/attributes/default.rb b/attributes/default.rb
@@ -24,3 +24,6 @@
 
 # fail converge if downloaded profile is not present
 default['audit']['fail_if_not_present'] = false
+
+# fail converge after posting report if any audits have failed
+default['audit']['fail_if_any_audits_failed'] = false
diff --git a/libraries/report.rb b/libraries/report.rb
@@ -26,6 +26,8 @@ class ComplianceReport < Chef::Resource
 
       blob = node_info
       blob[:reports] = reports
+      total_failed = 0
+      blob[:reports].each { |k, _| total_failed += blob[:reports][k]['summary']['failure_count'].to_i }
       blob[:profiles] = ownermap
 
       Chef::Config[:verify_api_cert] = false
@@ -46,6 +48,7 @@ class ComplianceReport < Chef::Resource
         Chef::Log.error 'Report NOT saved to server.'
         raise e if run_context.node.audit.raise_if_unreachable
       end
+      fail "#{total_failed} audits have failed.  Aborting chef-client run." if total_failed > 0 && run_context.node.audit.fail_if_any_audits_failed
     end
   end