New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unexpected Error when using chef-automate fetcher #258

Closed
ChefRycar opened this Issue Jul 6, 2017 · 1 comment

Comments

Projects
None yet
1 participant
@ChefRycar
Contributor

ChefRycar commented Jul 6, 2017

Cookbook version

4.1.0

Chef-client version

13.2.20

Platform Details

Ubuntu and Centos, running on default Vagrant test kitchen config (Chef Development Kit Version: 1.4.3, installed on MacOS)

Scenario:

Was attempting to use a trial environment generated via the new Automate Pilot Learn Chef module to get a locally running vagrant VM to fetch and report compliance data to my local Automate instance.

Steps to Reproduce:

Run through the above tutorial to the point where you have an automate server running on your local machine. Via the Compliance UI, select an arbitrary profile to download. I used the linux SSH baseline in my test.

Generate a new cookbook with the stock generator, and make the following updates:

metadata.rb:
depends 'audit'

recipes/default.rb

include_recipe 'audit::default'

.kitchen.yml:

provisioner:
  name: chef_zero
  # You may wish to disable always updating cookbooks in CI or other testing environments.
  # For example:
  #   always_update_cookbooks: <%= !ENV['CI'] %>
  always_update_cookbooks: true
  client_rb:
    data_collector.server_url: 'http://YOUR_WORKSTATION_PRIVATE_IP/data-collector/v0/'
    data_collector.token: '93a49a4f2482c64126f7b6015e6b0f30284287ee4054ff8807fb63d9cbd1c506'

attributes/default.rb

default['audit']['fetcher'] = 'chef-automate'
default['audit']['reporter'] = 'chef-automate'

default['audit']['profiles'] = [
  {
    name: 'SSH Baseline',
    compliance: 'admin/ssh-baseline',
  },
]

Once complete, simply run a kitchen converge. All default vagrant settings/suites were used.

Expected Result:

Compliance scan results for the machine's SSH benchmarks in my local automate server.

Actual Result:

Failure to fetch profile, with a header validation error:
[2017-07-06T19:00:57+00:00] ERROR: Report handler Chef::Handler::AuditReport raised #<RuntimeError: Unable to fetch profile - the following HTTP headers have no value: chef-delivery-enterprise>

This looks to be a conflict between some recent validations added to inspec:
inspec/inspec#1948

...and an empty header sent via the automate fetcher:
https://github.com/chef-cookbooks/audit/blob/master/files/default/vendor/chef-automate/fetcher.rb#L64

From some conversations with @adamleff, I don't believe the enterprise header to be required to fetch a profile, so I'm going to attempt removing it entirely and test to see if there are any other validations that triggers. If so, will re-try with an arbitrary value (e.g. 'default').

ChefRycar added a commit to ChefRycar/audit that referenced this issue Jul 6, 2017

ChefRycar added a commit to ChefRycar/audit that referenced this issue Jul 6, 2017

Non-null value required to address chef-cookbooks#258
Signed-off-by: Nick Rycar <rycar@chef.io>
@ChefRycar

This comment has been minimized.

Show comment
Hide comment
@ChefRycar

ChefRycar Jul 6, 2017

Contributor

"arbitrary value" appears to be the winner. PR incoming once kitchen tests complete.

Contributor

ChefRycar commented Jul 6, 2017

"arbitrary value" appears to be the winner. PR incoming once kitchen tests complete.

@alexpop alexpop closed this in #259 Jul 18, 2017

alexpop added a commit that referenced this issue Jul 18, 2017

Non-null value required to address #258 (#259)
Signed-off-by: Nick Rycar <rycar@chef.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment