New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

quiet mode for inspec scans #47

Merged
merged 1 commit into from May 20, 2016

Conversation

Projects
None yet
3 participants
@jeremymv2
Contributor

jeremymv2 commented May 20, 2016

Description

This changes the default behavior for inspec during the node converge by suppressing the scan result json report from STDOUT. Various customers have remarked that the default scan results being dumped to STDOUT is too busy and clutters up the converge output. Users can choose to continue to get the json report output by toggling the attribute: default['audit']['quiet'] = false. The default value is true. When, set to true, a short scan result Summary for each profile is output when the compliance_report is executed.

Issues Resolved

N/A

Check List

@iennae iennae added the in progress label May 20, 2016

@@ -25,7 +26,10 @@ class ComplianceReport < Chef::Resource
blob = node_info
blob[:reports] = reports
total_failed = 0
blob[:reports].each { |k, _| total_failed += blob[:reports][k]['summary']['failure_count'].to_i }
blob[:reports].each do |k, _|
Chef::Log.info "Summary for #{k} #{blob[:reports][k]['summary'].to_json}" if quiet

This comment has been minimized.

@chris-rock

chris-rock May 20, 2016

Collaborator

should this be unless quiet?

This comment has been minimized.

@jeremymv2

jeremymv2 May 20, 2016

Contributor

@chris-rock That's intentional. I still think that the summary of the scan results is helpful / borderline necessary to output so that we can tell that the scan report contains valid results. Thus, if quiet == true then we WILL give a small courtesy summary during the compliance_report resource execution that looks like this:

  * compliance_report[chef-server] action execute
[2016-05-20T13:26:20+00:00] INFO: Summary for ssh {"duration":0.085985146,"example_count":69,"failure_count":44,"skip_count":0}
[2016-05-20T13:26:20+00:00] INFO: Summary for linux {"duration":0.624625593,"example_count":45,"failure_count":28,"skip_count":0}
[2016-05-20T13:26:20+00:00] INFO: Summary for apache {"duration":0.063314513,"example_count":5,"failure_count":2,"skip_count":3}

    - report compliance profiles' results

On the other hand, if quiet == false, then we don't want to output that Summary info during the compliance_report resource since it's redundant and already contained in output that is dumped during the compliance_profile execution stage. For example:

  * compliance_profile[apache] action execute
    * chef_gem[inspec] action install (up to date)
    - install/update inspec
[2016-05-20T13:02:55+00:00] INFO: Execute compliance profile base/apache
{"version":"0.22.1","controls":[{"id":"apache-1","status":"failed","code_desc":"Service apache2 should be enabled","message":"expected that `Service apache2` is enabled"},{"id":"apache-1","status":"failed","code_desc":"Service apache2 should be running","message":"expected that `Service apache2` is running"},
{"id":"apache-2","status":"skipped","code_desc":"Apache Config /etc/apache2/apache2.conf Can't find file \"/etc/apache2/apache2.conf\"","skip_message":"Can't find file \"/etc/apache2/apache2.conf\"","resource":"Apache Config /etc/apache2/apache2.conf"},{"id":"apache-3","status":"skipped","code_desc":"Apache Config /etc/apache2/apache2.conf Can't find file \"/etc/apache2/apache2.conf\"","skip_message":"Can't find file \"/etc/apache2/apache2.conf\"","resource":"Apache Config /etc/apache2/apache2.conf"},{"id":"apache-4","status":"skipped","code_desc":"Apache Config /etc/apache2/apache2.conf Can't find file \"/etc/apache2/apache2.conf\"","skip_message":"Can't find file \"/etc/apache2/apache2.conf\"","resource":"Apache Config /etc/apache2/apache2.conf"}],
"summary":{"duration":0.060710606,"example_count":5,"failure_count":2,"skip_count":3}}
    - execute compliance profile

This comment has been minimized.

@jeremymv2

jeremymv2 May 20, 2016

Contributor

LMK if that doesn't feel right to you 😄

This comment has been minimized.

@chris-rock

chris-rock May 20, 2016

Collaborator

I like your approach!

@chris-rock

This comment has been minimized.

Collaborator

chris-rock commented May 20, 2016

Awesome @jeremymv2 This resolves #23

@chris-rock chris-rock merged commit 93a9b46 into chef-cookbooks:master May 20, 2016

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@iennae iennae removed the in progress label May 20, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment