New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for compliance profiles into chef-zero #188

Closed
brentm5 opened this Issue Dec 23, 2016 · 3 comments

Comments

Projects
None yet
3 participants
@brentm5
Contributor

brentm5 commented Dec 23, 2016

Idea

chef/chef-zero picks up flat files in your repo much like databags / nodes so you could mock profiles and fully test a cookbook including the audit cookbook. The current implementation is less of a problem because its just a report handler so failing doesn't matter to the overall state of the kitchen test. Just seems logical to have this functionality.

@chris-rock

This comment has been minimized.

Collaborator

chris-rock commented Jan 4, 2017

@brentm5 Not sure what is not working with chef-zero already. Could you explain this further?

@brentm5

This comment has been minimized.

Contributor

brentm5 commented Jan 4, 2017

So currently when you try and run the audit cookbook in your own infrastructure you will most likely provide a wrapper cookbook that sets some profiles to run by default. This works fine but it also makes things fail if the compliance profiles rely on chef-server to download compliance profiles. What I would suggest is adding the same sort of functionality to compliance profiles as data_bags and nodes have. Where you can specify flat files for your compliance profiles and chef-zero would pick them up and return them to the mocked chef-client running which is pointed to chef-client. So you could mock out compliance profiles for testing in your kitchen environments. Currently if you do not do this you get something like

       Recipe: audit::inspec
         * chef_gem[inspec] action install (up to date)

       Running handlers:
       [2017-01-04T22:20:50+00:00] WARN: Format is json-min
       [2017-01-04T22:20:50+00:00] ERROR: 404 "Not Found" (Net::HTTPServerException)
       /opt/chef/embedded/lib/ruby/2.3.0/net/http/response.rb:120:in `error!'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/http.rb:214:in `streaming_request'
       /tmp/kitchen/cache/cookbooks/audit/files/default/vendor/chef-server/fetcher.rb:95:in `block in download_archive_to_temp'
       /tmp/kitchen/cache/cookbooks/audit/libraries/helper.rb:43:in `with_http_rescue'
       /tmp/kitchen/cache/cookbooks/audit/files/default/vendor/chef-server/fetcher.rb:94:in `download_archive_to_temp'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/inspec-1.8.0/lib/fetchers/url.rb:120:in `temp_archive_path'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/inspec-1.8.0/lib/fetchers/url.rb:103:in `sha256'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/inspec-1.8.0/lib/fetchers/url.rb:93:in `cache_key'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/inspec-1.8.0/lib/inspec/cached_fetcher.rb:32:in `cache_key'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/inspec-1.8.0/lib/inspec/cached_fetcher.rb:39:in `fetch'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/inspec-1.8.0/lib/inspec/profile.rb:68:in `for_fetcher'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/inspec-1.8.0/lib/inspec/profile.rb:75:in `for_target'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/inspec-1.8.0/lib/inspec/runner.rb:164:in `add_target'
       /tmp/kitchen/cache/cookbooks/audit/files/default/handler/audit_report.rb:113:in `block in call'
       /tmp/kitchen/cache/cookbooks/audit/files/default/handler/audit_report.rb:113:in `each'
       /tmp/kitchen/cache/cookbooks/audit/files/default/handler/audit_report.rb:113:in `call'
       /tmp/kitchen/cache/cookbooks/audit/files/default/handler/audit_report.rb:47:in `block in report'
       /tmp/kitchen/cache/cookbooks/audit/files/default/handler/audit_report.rb:33:in `each'
       /tmp/kitchen/cache/cookbooks/audit/files/default/handler/audit_report.rb:33:in `report'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/handler.rb:259:in `run_report_unsafe'
       /tmp/kitchen/cache/cookbooks/audit/files/default/handler/audit_report.rb:59:in `run_report_safely'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/handler.rb:125:in `block in run_report_handlers'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/handler.rb:123:in `each'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/handler.rb:123:in `run_report_handlers'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/handler.rb:135:in `block in <class:Handler>'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/client.rb:441:in `block in run_completed_successfully'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/client.rb:440:in `each'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/client.rb:440:in `run_completed_successfully'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/client.rb:299:in `run'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application.rb:294:in `block in fork_chef_client'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application.rb:282:in `fork'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application.rb:282:in `fork_chef_client'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application.rb:247:in `block in run_chef_client'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/local_mode.rb:44:in `with_server_connectivity'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application.rb:235:in `run_chef_client'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application/client.rb:464:in `sleep_then_run_chef_client'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application/client.rb:451:in `block in interval_run_chef_client'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application/client.rb:450:in `loop'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application/client.rb:450:in `interval_run_chef_client'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application/client.rb:434:in `run_application'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application.rb:59:in `run'
       /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/bin/chef-client:26:in `<top (required)>'
       /opt/chef/bin/chef-client:57:in `load'
       /opt/chef/bin/chef-client:57:in `<main>'
       [2017-01-04T22:20:50+00:00] ERROR: Object does not exist on remote server.
       [2017-01-04T22:20:50+00:00] ERROR: Received HTTP error 404
       [2017-01-04T22:20:50+00:00] ERROR: Report handler Chef::Handler::AuditReport raised #<NoMethodError: undefined method `path' for nil:NilClass>
       [2017-01-04T22:20:50+00:00] ERROR: /tmp/kitchen/cache/cookbooks/audit/files/default/vendor/chef-server/fetcher.rb:98:in `download_archive_to_temp'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/inspec-1.8.0/lib/fetchers/url.rb:120:in `temp_archive_path'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/inspec-1.8.0/lib/fetchers/url.rb:103:in `sha256'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/inspec-1.8.0/lib/fetchers/url.rb:93:in `cache_key'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/inspec-1.8.0/lib/inspec/cached_fetcher.rb:32:in `cache_key'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/inspec-1.8.0/lib/inspec/cached_fetcher.rb:39:in `fetch'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/inspec-1.8.0/lib/inspec/profile.rb:68:in `for_fetcher'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/inspec-1.8.0/lib/inspec/profile.rb:75:in `for_target'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/inspec-1.8.0/lib/inspec/runner.rb:164:in `add_target'
       [2017-01-04T22:20:50+00:00] ERROR: /tmp/kitchen/cache/cookbooks/audit/files/default/handler/audit_report.rb:113:in `block in call'
       [2017-01-04T22:20:50+00:00] ERROR: /tmp/kitchen/cache/cookbooks/audit/files/default/handler/audit_report.rb:113:in `each'
       [2017-01-04T22:20:50+00:00] ERROR: /tmp/kitchen/cache/cookbooks/audit/files/default/handler/audit_report.rb:113:in `call'
       [2017-01-04T22:20:50+00:00] ERROR: /tmp/kitchen/cache/cookbooks/audit/files/default/handler/audit_report.rb:47:in `block in report'
       [2017-01-04T22:20:50+00:00] ERROR: /tmp/kitchen/cache/cookbooks/audit/files/default/handler/audit_report.rb:33:in `each'
       [2017-01-04T22:20:50+00:00] ERROR: /tmp/kitchen/cache/cookbooks/audit/files/default/handler/audit_report.rb:33:in `report'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/handler.rb:259:in `run_report_unsafe'
       [2017-01-04T22:20:50+00:00] ERROR: /tmp/kitchen/cache/cookbooks/audit/files/default/handler/audit_report.rb:59:in `run_report_safely'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/handler.rb:125:in `block in run_report_handlers'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/handler.rb:123:in `each'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/handler.rb:123:in `run_report_handlers'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/handler.rb:135:in `block in <class:Handler>'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/client.rb:441:in `block in run_completed_successfully'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/client.rb:440:in `each'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/client.rb:440:in `run_completed_successfully'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/client.rb:299:in `run'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application.rb:294:in `block in fork_chef_client'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application.rb:282:in `fork'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application.rb:282:in `fork_chef_client'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application.rb:247:in `block in run_chef_client'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/local_mode.rb:44:in `with_server_connectivity'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application.rb:235:in `run_chef_client'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application/client.rb:464:in `sleep_then_run_chef_client'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application/client.rb:451:in `block in interval_run_chef_client'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application/client.rb:450:in `loop'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application/client.rb:450:in `interval_run_chef_client'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application/client.rb:434:in `run_application'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/lib/chef/application.rb:59:in `run'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.17.44/bin/chef-client:26:in `<top (required)>'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/bin/chef-client:57:in `load'
       [2017-01-04T22:20:50+00:00] ERROR: /opt/chef/bin/chef-client:57:in `<main>'
         - Chef::Handler::AuditReport
       Running handlers complete
@cheeseplus

This comment has been minimized.

Collaborator

cheeseplus commented Jul 13, 2018

This actually wouldn't work well because the chef-server just proxies the call to Automate so you'd still need an Automate/Compliance API running somewhere. That's both way out of scope for chef_zero and more importantly the cookbook. Closing this one as this isn't something resolvable by either of the cited projects though this would be valid feedback for the Automate product teams via feedback.chef.io.

@cheeseplus cheeseplus closed this Jul 13, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment