Add optional version parameter when using Compliance store

README.md

@@ -119,6 +119,12 @@ node.default['audit']['profiles'].push("path": "#{PROFILES_PATH}/mylinux-failure
       "name": "linux",
       "compliance": "base/linux"
     },
+    # profile from Chef Compliance at a particular version
+    {
+      "name": "linux-baseline",
+      "compliance": "user/linux-baseline",
+      "version": "2.1.0"
+    },
     # profile from supermarket
     # note: If reporting to Compliance, the Supermarket profile needs to be uploaded to Chef Compliance first
     {

files/default/vendor/chef-automate/fetcher.rb

@@ -23,7 +23,11 @@ def self.resolve(target)
         # verifies that the target e.g base/ssh exists
         profile = sanitize_profile_name(uri)
         owner, id = profile.split('/')
-        profile_path = "/compliance/profiles/#{owner}/#{id}/tar"
+        if target.respond_to?(:key?) && target.key?(:version)
+          profile_path = "/compliance/profiles/#{owner}/#{id}/version/#{target[:version]}/tar"
+        else
+          profile_path = "/compliance/profiles/#{owner}/#{id}/tar"
+        end
         dc = Chef::Config[:data_collector]
         url = URI(dc[:server_url])
         url.path = profile_path

files/default/vendor/chef-server/fetcher.rb

@@ -36,7 +36,12 @@ def self.resolve(target)
       config = {
         'insecure' => true,
       }
-      new(target_url(profile, config), config)
+
+      if target.respond_to?(:key?) && target.key?(:version)
+        new(target_url(profile, config, target[:version]), config)
+      else
+        new(target_url(profile, config), config)
+      end
     rescue URI::Error => _e
       nil
     end
@@ -56,9 +61,13 @@ def self.url_prefix
       ''
     end
 
-    def self.target_url(profile, config)
+    def self.target_url(profile, config, version = nil)
       o, p = profile.split('/')
-      reqpath ="organizations/#{chef_server_org}/owners/#{o}/compliance/#{p}/tar"
+      if version
+        reqpath ="organizations/#{chef_server_org}/owners/#{o}/compliance/#{p}/version/#{version}/tar"
+      else
+        reqpath ="organizations/#{chef_server_org}/owners/#{o}/compliance/#{p}/tar"
+      end
 
       if config['insecure']
         Chef::Config[:verify_api_cert] = false

spec/unit/report/fetcher_spec.rb

@@ -23,26 +23,51 @@
 describe ChefServer::Fetcher do
   let(:mynode) { Chef::Node.new }
   let(:myprofile) { 'compliance://foobazz' }
+  let(:profile_hash) {
+    {
+      name: 'linux-baseline',
+      compliance: 'user/linux-baseline',
+      version: '2.1.0'
+    }
+  }
+  let(:profile_hash_target) {
+    '/organizations/org/owners/user/compliance/linux-baseline/version/2.1.0/tar'
+  }
 
-  before :each do
-    allow(Chef).to receive(:node).and_return(mynode)
-    allow(ChefServer::Fetcher).to receive(:construct_url).and_return(URI(myprofile))
-    allow(ChefServer::Fetcher).to receive(:chef_server_visibility?).and_return(true)
-  end
+  context 'when target is a string' do
+    before :each do
+      allow(Chef).to receive(:node).and_return(mynode)
+      allow(ChefServer::Fetcher).to receive(:construct_url).and_return(URI(myprofile))
+      allow(ChefServer::Fetcher).to receive(:chef_server_visibility?).and_return(true)
+    end
 
-  it 'should resolve a target' do
-    mynode.default['audit']['fetcher'] = nil
-    res = ChefServer::Fetcher.resolve(myprofile)
-    expect(res.target).to eq(URI(myprofile))
-  end
+    it 'should resolve a target' do
+      mynode.default['audit']['fetcher'] = nil
+      res = ChefServer::Fetcher.resolve(myprofile)
+      expect(res.target).to eq(URI(myprofile))
+    end
 
-  it 'should add /compliance URL prefix if needed' do
-    mynode.default['audit']['fetcher'] = 'chef-server'
-    expect(ChefServer::Fetcher.url_prefix).to eq('/compliance')
+    it 'should add /compliance URL prefix if needed' do
+      mynode.default['audit']['fetcher'] = 'chef-server'
+      expect(ChefServer::Fetcher.url_prefix).to eq('/compliance')
+    end
+
+    it 'should omit /compliance if not' do
+      mynode.default['audit']['fetcher'] = nil
+      expect(ChefServer::Fetcher.url_prefix).to eq('')
+    end
   end
 
-  it 'should omit /compliance if not' do
-    mynode.default['audit']['fetcher'] = nil
-    expect(ChefServer::Fetcher.url_prefix).to eq('')
+  context 'when target is a hash' do
+    before :each do
+      Chef::Config[:chef_server_url] = 'http://127.0.0.1:8889/organizations/org'
+      allow(Chef).to receive(:node).and_return(mynode)
+    end
+
+    it 'should resolve a target with a version' do
+      mynode.default['audit']['fetcher'] = nil
+      res = ChefServer::Fetcher.resolve(profile_hash)
+      expect(res.target.request_uri).to eq(profile_hash_target)
+    end
   end
 end