Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Audit doesn't run when CCR fails #289
ubuntu-16.04 (as test system)
Run audits when CCR failrs
Steps to Reproduce:
Have a failing CCR with audit cookbook default recipe included
Audit still runs
Audit doesn't run
I have created a PR to resolve this, but I guess a discussion is needed to decide if it is actually wanted. The workaround is to manually add the exception handler in your wrapper cookbook after the include of the audit cookbook default recipe like so:
referenced this issue
Oct 16, 2017
Running audit on success or failure of a CCR feels like the right thing to do so long as we've managed to populate the list of profiles to run. After all, we want to know the security posture of ALL the nodes, not just the ones that have successfully converged. It could be made optional by addition of an attribute to turn if on/off (with default being on)
Not sure what you mean... maybe the description's not that clear.
All we're proposing is that the
@trickyearlobe I think the proposed solution in #290 is okay for now. The real solution would be that we have a real audit handler, that works in both cases. This would also allow us to ensure the audit run is always executed at the end. @thommay is there something planned for the next major release of Chef?