New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Modify examples to not override hash #323

Merged
merged 3 commits into from Jul 18, 2018

Conversation

Projects
None yet
4 participants
@jerryaldrichiii
Collaborator

jerryaldrichiii commented Jul 13, 2018

Description

This modifies all the examples so that they can be copied without causing nil:NilClass errors.

It also sneaks in some other minor corrections.

Modify examples to not override hash
This modifies all the examples so that they can be copied without
causing `nil:NilClass` errors.

It also sneaks in some other minor corrections.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

@jerryaldrichiii jerryaldrichiii requested a review from chef-cookbooks/audit-cookbook-maintainers as a code owner Jul 13, 2018

@robbkidd

Couple of questions and a suggestion.

node.default['audit']['profiles'].push("path": "#{PROFILES_PATH}/mylinux-failure-success")

This comment has been minimized.

@robbkidd

robbkidd Jul 13, 2018

Member

Maybe multiple .push({profile_hash}) would better than = [array, of, profile, hashes] (below) so it's additive instead of clobbering?

This comment has been minimized.

@jerryaldrichiii

jerryaldrichiii Jul 13, 2018

Collaborator

Yup, I like that. Will change.

This comment has been minimized.

@jerryaldrichiii

jerryaldrichiii Jul 13, 2018

Collaborator

Actually...I just removed that line out right. Didn't see the benefit in it.

This comment has been minimized.

@jerryaldrichiii

jerryaldrichiii Jul 13, 2018

Collaborator

Will add it to the other examples though!

"name": "linux",
"compliance": "base/linux"
'name': 'linux',
'compliance': 'base/linux'

This comment has been minimized.

@robbkidd

robbkidd Jul 13, 2018

Member

Uh-oh. QUOTE WAR!

tenor-215372640

This comment has been minimized.

@jerryaldrichiii

jerryaldrichiii Jul 13, 2018

Collaborator

/me grins sheepishly and mutters somethings about opinions

README.md Outdated
# note: If reporting to Compliance, the Supermarket profile needs to be uploaded to Chef Compliance first
# note: Artifactory's Supermarket implementation is not supported at this time

This comment has been minimized.

@robbkidd

robbkidd Jul 13, 2018

Member

Suggest a reword:

Artifactory's Supermarket implementation—"Chef Cookbook repository"—does not support InSpec compliance profiles at this time.

This comment has been minimized.

@jerryaldrichiii

jerryaldrichiii Jul 13, 2018

Collaborator

Muuuuch better. Thanks!

Respond to feedback
This does the following:
  - Uses `.push()` to avoid clobbering
  - Modifies wording on Supermarket + Artifactory support

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
README.md Outdated
@@ -110,74 +108,55 @@ Note on AIX Support:
### Configure node
Once the cookbook is available in Chef Server, you need to add the `audit::default` recipe to the run-list of each node. The profiles are selected via the `node['audit']['profiles']` attribute. A complete list of the possible configuration are documented in [Supported Configurations](docs/supported_configuration.md). For example you can define the attributes in a role or environment file like this:
Once the cookbook is available in Chef Server, you need to add the `audit::default` recipe to the run-list of each node. The profiles are selected via the `node['audit']['profiles']` attribute. A list of example configurations are documented in [Supported Configurations](docs/supported_configuration.md). Below are some other examples:

This comment has been minimized.

@kagarmoe

kagarmoe Jul 13, 2018

Collaborator

s/via/"using" or "through"

This comment has been minimized.

@jerryaldrichiii

jerryaldrichiii Jul 13, 2018

Collaborator

Went with using 😄

README.md Outdated
},
# profile from supermarket
# Profile from Supermarket
# note: If reporting to Compliance, the Supermarket profile needs to be uploaded to Chef Compliance first

This comment has been minimized.

@kagarmoe

kagarmoe Jul 13, 2018

Collaborator

If reporting to Compliance, first upload the Supermarket profile to Chef Compliance.

This comment has been minimized.

@kagarmoe

kagarmoe Jul 13, 2018

Collaborator

Also: Compliance is deprecated. Compliance EOL is 12/31/2018.

This comment has been minimized.

@kagarmoe

kagarmoe Jul 13, 2018

Collaborator

Try Automate!

This comment has been minimized.

@jerryaldrichiii

jerryaldrichiii Jul 13, 2018

Collaborator

I rearranged the wording. Sadly this whole doc needs a "Compliance is EOL" overhaul so I'll skip that bit.

@kagarmoe

Some changes, but I don't want to hold up the PR.

README.md Outdated
},
# profile from supermarket
# Profile from Supermarket
# note: If reporting to Compliance, the Supermarket profile needs to be uploaded to Chef Compliance first

This comment has been minimized.

@kagarmoe

kagarmoe Jul 13, 2018

Collaborator

Try Automate!

README.md Outdated
```
#### Attributes
You can also pass in [InSpec Attributes](https://www.inspec.io/docs/reference/profiles/) to your audit run. You do this by defining the attributes here:
You can also pass in [InSpec Attributes](https://www.inspec.io/docs/reference/profiles/) to your audit run. You do this by defining the attributes like so:

This comment has been minimized.

@kagarmoe

kagarmoe Jul 13, 2018

Collaborator

You can also pass InSpec Attributes into your audit run. Do this by defining attributes:

README.md Outdated
@@ -190,32 +169,29 @@ default['audit']['attributes'] = {
#### Reporting to Chef Automate via Chef Server
If you want the audit cookbook to retrieve compliance profiles and report to Chef Automate (Visibility) through Chef Server, set the `reporter` and `profiles` attributes.
If you want the audit cookbook to retrieve compliance profiles and report to Chef Automate through Chef Server, set the `reporter` and `profiles` attributes.

This comment has been minimized.

@kagarmoe

kagarmoe Jul 13, 2018

Collaborator

To retrieve compliance profiles with the audit cookbook and report ...

README.md Outdated
```
Instead of a refresh token, it is also possible to use a `token` that expires in 12h after creation .
Instead of a refresh token, it is also possible to use a `token` that expires in 12h after creation.

This comment has been minimized.

@kagarmoe

kagarmoe Jul 13, 2018

Collaborator

Instead of a refresh token, you can also use a token that expires 12 hours after its creation.

Otherwise, we are discussing biblical time :-)

This comment has been minimized.

@jerryaldrichiii

jerryaldrichiii Jul 13, 2018

Collaborator

Got a good chuckle out of this. Compliance is EOL though, as of 1,000,000 BC.

README.md Outdated
```
#### Direct reporting to Chef Automate
If you want the audit cookbook to directly report to Chef Automate, set the `reporter` attribute to 'chef-automate'. Also specify where to retrieve the `profiles` from.
If you want the audit cookbook to report directly to Chef Automate, set the `reporter` attribute to 'chef-automate'. Also specify where to retrieve the `profiles` from.

This comment has been minimized.

@kagarmoe

kagarmoe Jul 13, 2018

Collaborator

...set the reporter attribute to 'chef automate' and specify the profiles retrieval point.

there's probably a better word than "point".

This comment has been minimized.

@jerryaldrichiii

jerryaldrichiii Jul 13, 2018

Collaborator

Went with: and specify where to fetch the profiles from.

README.md Outdated
* `insecure` - a `true` value will skip the SSL certificate verification. Default value is `false`
This method is sending the report using the `data_collector.server_url` and `data_collector.token`, defined in `client.rb`. It requires `inspec` version `0.27.1` or greater. Further information is available at Chef Docs: [Configure a Data Collector token in Chef Automate](https://docs.chef.io/ingest_data_chef_automate.html)
This method is sends the report using the `data_collector.server_url` and `data_collector.token`, defined in `client.rb`. It requires `inspec` version `0.27.1` or greater. Further information is available at Chef Docs: [Configure a Data Collector token in Chef Automate](https://docs.chef.io/ingest_data_chef_automate.html)

This comment has been minimized.

@kagarmoe

kagarmoe Jul 13, 2018

Collaborator

s/is sends/sends

s/using the/using

This comment has been minimized.

@jerryaldrichiii

jerryaldrichiii Jul 13, 2018

Collaborator

Kept the the but added options

README.md Outdated
```
### Profile Fetcher
#### Fetch profiles from Chef Automate/Chef Compliance via Chef Server
To enable reporting to Chef Automate with profiles from Chef Compliance or Chef Automate, you need to have Chef Server integrated with [Chef Compliance or Chef Automate](https://docs.chef.io/integrate_compliance_chef_automate.html#collector-chef-server-automate). You can then set the `fetcher` attribute to 'chef-server'.
This will allow the audit cookbook to fetch profiles stored in Chef Compliance. For example:

This comment has been minimized.

@kagarmoe

kagarmoe Jul 13, 2018

Collaborator

s/This will allow/This allows

README.md Outdated
```
#### Fetch profiles directly from Chef Automate
This method is fetching profiles using the `data_collector.server_url` and `data_collector.token`, defined in `client.rb`. It requires `inspec` version `0.27.1` or greater. Further information is available at Chef Docs: [Configure a Data Collector token in Chef Automate](https://docs.chef.io/ingest_data_chef_automate.html)
This method is fetches profiles using the `data_collector.server_url` and `data_collector.token`, defined in `client.rb`. It requires `inspec` version `0.27.1` or greater. Further information is available at Chef Docs: [Configure a Data Collector token in Chef Automate](https://docs.chef.io/ingest_data_chef_automate.html)

This comment has been minimized.

@kagarmoe

kagarmoe Jul 13, 2018

Collaborator

s/is fetches/fetches
s/using the/using
s/, defined/, which are (also in similar example above)

Respond to @kgarmoe's feedback
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
@jerryaldrichiii

This comment has been minimized.

Collaborator

jerryaldrichiii commented Jul 13, 2018

Thank you so much @kagarmoe! Especially for the s/// bits. Makes finding the exact bits easy.

@tas50

This comment has been minimized.

Member

tas50 commented Jul 17, 2018

@jerryaldrichiii @robbkidd @kagarmoe Anything blocking merging this?

@jerryaldrichiii

This comment has been minimized.

Collaborator

jerryaldrichiii commented Jul 17, 2018

Not from my end.

@tas50 tas50 merged commit 6b28863 into master Jul 18, 2018

2 checks passed

DCO This commit has a DCO Signed-off-by
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@tas50 tas50 deleted the ja/modify-examples branch Jul 18, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment