Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
profile scan is reported every chef-client run even if compliance_profile resource wasn't executed #102
After working around issue #101 the audit cookbook properly fetches and executes compliance profiles according to the interval set in attributes. However, even when the compliance_profile resource does not get executed because of the interval the compliance_report resource still reports the results of the profile using the report results from previous chef-client runs that get cached in
Here is the code that reads the cached report.
Seems like a possible solution would be to delete cached reports at the beginning of the audit recipe. Doing it at the beginning seems safer than at the end because if the chef-client run should fail somehow the cached files could accidentally remain in place for the next chef-client run
Steps to Reproduce:
Use the workaround in issue #101 to get interval settings to work properly.
Then use the following attributes in the audit wrapper cookbook.
Then run chef-client twice (one run right after the other) with this wrapper cookbook in the run list.
Cached profile reports from previous chef-client runs should not get accidentally sent to the server.
As you can see below the fetch and execute action for the
Putting the following in my audit wrapper cookbook's default.rb recipe worked for me. It deletes the reports before including the audit cookbook.