New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Compliance profile upload #96

merged 6 commits into from Sep 19, 2016


None yet
5 participants

jeremymv2 commented Sep 14, 2016

This PR provides action upload on resource compliance_profile

It replaces PR #92.

It uses inspec's Compliance::API.upload() and incorporates some error handling.

Only one mode is supported: direct communication with Compliance Server via token||refresh_token.

Usage is based on the audit hash like so:

default['audit']['server'] = 'https://compliance-server.test/api'
default['audit']['collector'] = 'chef-compliance'
default['audit']['token'] = nil
default['audit']['refresh_token'] = '20/cgm927J9371DRh8mZ2wp_bXRJxKPW52rtThkwQz5PzhBIcbq6VLB0LsdrfOXv_aBxprU1LTv3aUvHxe2mR-m2A=='
default['audit']['profiles'] = {
  'admin/ssh2' => {
    'source' => '/some/base_ssh.tar.gz'
  'admin/linux2' => {
    'source' => '/some/base_linux.tar.gz'
default['audit']['insecure'] = true

The goal is to help enable Compliance Profile uploads via automated pipeline workflow.

Recipe: audit::upload
  * compliance_token[Compliance Token] action create[2016-09-15T13:13:16+00:00] INFO: Using refresh_token to exchange for an access token.

    - compliance server auth token setup
  * compliance_profile[ssh2] action upload[2016-09-15T13:13:16+00:00] INFO: {:valid=>true, :timestamp=>"2016-09-15T13:13:16+00:00", :location=>"/some/base_ssh.tar.gz", :profile=>"ssh", :controls=>62}
[2016-09-15T13:13:16+00:00] INFO: Profile is valid

    - run profile validation checks[2016-09-15T13:13:16+00:00] INFO: Upload from /some/base_ssh.tar.gz to: https://compliance-server.test/api/owners/admin/compliance/ssh2/tar
[2016-09-15T13:13:18+00:00] INFO: Successfully uploaded profile

Issues Resolved


Check List

@iennae iennae added the in progress label Sep 14, 2016

@jeremymv2 jeremymv2 referenced this pull request Sep 14, 2016


profile upload #92

2 of 4 tasks complete

This comment has been minimized.


jeremymv2 commented Sep 14, 2016

Next steps after / if this gets merged are to reduce the duplication in default and upload recipes.


This comment has been minimized.

ricardolupo commented Sep 16, 2016

😄 😸


This comment has been minimized.


chris-rock commented Sep 19, 2016

Great improvement @jeremymv2

@chris-rock chris-rock merged commit dc0c262 into chef-cookbooks:master Sep 19, 2016

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed

@iennae iennae removed the in progress label Sep 19, 2016

@jeremymv2 jeremymv2 deleted the jeremymv2:compliance_profile_upload branch Sep 20, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment