New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

audit cookbook should not report a converge #23

Closed
chris-rock opened this Issue Apr 15, 2016 · 7 comments

Comments

Projects
None yet
4 participants
@chris-rock
Collaborator

chris-rock commented Apr 15, 2016

Since the audit cookbook does not do any converge, it should not report to chef as a changed converge.

@yvovandoorn

This comment has been minimized.

yvovandoorn commented Apr 18, 2016

👍 on this.
Converge means a decision was made on the node in regards to its operating state, where as audit reports on current state.

Would be cool to have Chef client report separately how many resources fired off an audit, but not through the # of converges.

@smford22

This comment has been minimized.

smford22 commented Apr 18, 2016

👍

@chris-rock

This comment has been minimized.

Collaborator

chris-rock commented Apr 28, 2016

As brought up by @mhedgpeth in inspec/inspec#692 the desired solution is:

  • turn audit-mode into an full audit-phase where multiple compliance profiles can be executed (current approach with audit cookbook is well perceived, because the execution can be customized, but users need to ensure manually, that it is the last cookbook in the runlist)
  • be able to run tests located in test/integration directory within that audit phase. That would allow users to reuse the same cookbook tests for test-kitchen and production
@mhedgpeth

This comment has been minimized.

Contributor

mhedgpeth commented May 18, 2016

@chris-rock this will likely prevent us from getting past the proof of concept of using compliance since our reporting is built on the converged nodes being zero every time. Do you have an idea about priority of this issue and thus a rough timeline?

@chris-rock chris-rock added this to the 0.9.0 milestone May 18, 2016

@chris-rock

This comment has been minimized.

Collaborator

chris-rock commented May 18, 2016

I'll scheduled it for next week, so that we can suppress the reporting until we get a reworked audit mode in chef-client

@mhedgpeth

This comment has been minimized.

Contributor

mhedgpeth commented May 18, 2016

that works great @chris-rock thanks. When is the reworked audit mode targeted for, roughly?

@chris-rock chris-rock referenced this issue May 20, 2016

Merged

quiet mode for inspec scans #47

4 of 4 tasks complete
@mhedgpeth

This comment has been minimized.

Contributor

mhedgpeth commented Jun 10, 2016

This works and should be closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment