Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFC: Compliance Profile Structure #252

Merged
merged 24 commits into from
Dec 28, 2015
Merged

RFC: Compliance Profile Structure #252

merged 24 commits into from
Dec 28, 2015

Conversation

chris-rock
Copy link
Contributor

Features

  • updates the profile check command
  • implements a new profile archive command
  • support for metadata.yml instead of metadata.rb
  • execution of profiles from tar and zip
  • add documentation for profiles
  • add profile example
  • rename skip_rule to skip_control
  • rename profile controls directory from test to controls to harmonize the naming
  • bugfix: count rules in inspec check properly

Check that the profile is okay

$ inspec check examples/profile              
I, [2015-12-14T14:42:42.385471 #99320]  INFO -- : Checking profile in examples/profile
I, [2015-12-14T14:42:42.385593 #99320]  INFO -- : Metadata OK.
D, [2015-12-14T14:42:42.385847 #99320] DEBUG -- : Verify all rules in  examples/profile/controls/example_spec.rb
D, [2015-12-14T14:42:42.385914 #99320] DEBUG -- : Verify all rules in  examples/profile/controls/gordon_spec.rb
D, [2015-12-14T14:42:42.385956 #99320] DEBUG -- : Found 2 rules.
I, [2015-12-14T14:42:42.385973 #99320]  INFO -- : Rule definitions OK.

Generate tar archive

$ inspec archive examples/profile
I, [2015-12-14T14:43:07.925177 #99330]  INFO -- : Checking profile in examples/profile
I, [2015-12-14T14:43:07.925279 #99330]  INFO -- : Metadata OK.
D, [2015-12-14T14:43:07.925354 #99330] DEBUG -- : Verify all rules in  examples/profile/controls/example_spec.rb
D, [2015-12-14T14:43:07.925374 #99330] DEBUG -- : Verify all rules in  examples/profile/controls/gordon_spec.rb
D, [2015-12-14T14:43:07.925386 #99330] DEBUG -- : Found 2 rules.
I, [2015-12-14T14:43:07.925394 #99330]  INFO -- : Rule definitions OK.
I, [2015-12-14T14:43:07.925518 #99330]  INFO -- : Profile check finished. Generate archive /Users/chartmann/Development/compliance/inspec/inspec_profile.tar.gz.
D, [2015-12-14T14:43:07.926040 #99330] DEBUG -- : Add the following files to archive:
D, [2015-12-14T14:43:07.926079 #99330] DEBUG -- :     controls
D, [2015-12-14T14:43:07.926088 #99330] DEBUG -- :     controls/example_spec.rb
D, [2015-12-14T14:43:07.926096 #99330] DEBUG -- :     controls/gordon_spec.rb
D, [2015-12-14T14:43:07.926103 #99330] DEBUG -- :     libraries
D, [2015-12-14T14:43:07.926111 #99330] DEBUG -- :     libraries/gordon_config.rb
D, [2015-12-14T14:43:07.926162 #99330] DEBUG -- :     metadata.yml
D, [2015-12-14T14:43:07.926170 #99330] DEBUG -- :     README.md
I, [2015-12-14T14:43:07.929115 #99330]  INFO -- : Finished archive generation.

Run the tar archive

$inspec exec inspec_profile.tar.gz
..

Finished in 0.00451 seconds (files took 0.18391 seconds to load)
2 examples, 0 failures

@chris-rock
Copy link
Contributor Author

Do not merge, until I added a integration test with test-kitchen

@chris-rock chris-rock added the Type: Enhancement Improves an existing feature label Nov 27, 2015
@chris-rock chris-rock mentioned this pull request Nov 27, 2015
Closed
@chris-rock chris-rock force-pushed the profile-structure branch 2 times, most recently from 0c9ab45 to a9ab812 Compare November 30, 2015 14:17
@chris-rock chris-rock changed the title Improvement: Optimize Profile Support RFC: Compliance Profile Strucutre Nov 30, 2015
@chris-rock chris-rock added the Type: RFC Community survey for a proposal label Nov 30, 2015
@chris-rock chris-rock mentioned this pull request Nov 30, 2015
Closed
@kennonkwok
Copy link

As discussed in #compliance-support, we should have the ability to include/require controls from an optionally specified location on the filesystem.

@chris-rock
Copy link
Contributor Author

@kennonkwok Yeah, that is a fantastic point. Will add this to this implementation.

jjasghar
jjasghar reviewed Nov 30, 2015
View reviewed changes
docs/profiles.rst

$ inspec exec test.rb

While this approach is very handy for quick tests, it has its limitation for a collection of tests. Once the amount of tests grows, we need mechanoisms to organize our code and re-use existing rules.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SP: mechanisms

@jjasghar
Copy link
Contributor

Apart from the spelling i pointed out, this looks good 👍

@chris-rock
Copy link
Contributor Author

@jjasghar Thanks for the feedback. Will fix this.

@arlimus arlimus changed the title RFC: Compliance Profile Strucutre RFC: Compliance Profile Structure Dec 2, 2015
@chris-rock chris-rock force-pushed the profile-structure branch 2 times, most recently from 80c3e7f to 3aff4e8 Compare December 7, 2015 11:35
@arlimus
Copy link
Contributor

arlimus commented Dec 15, 2015

Solves #296

@chris-rock chris-rock mentioned this pull request Dec 15, 2015
Closed
@arlimus
Copy link
Contributor

arlimus commented Dec 28, 2015

👍 , great to get this in!

@arlimus
Copy link
Contributor

arlimus commented Dec 28, 2015

Thanks everyone for contributing to the discussion around profile structure!! 🎊

arlimus added a commit that referenced this pull request Dec 28, 2015
@arlimus
Merge pull request #252 from chef/profile-structure
91de112 
RFC: Compliance Profile Structure
@arlimus arlimus merged commit 91de112 into master Dec 28, 2015
@arlimus arlimus deleted the profile-structure branch December 28, 2015 12:47
@chris-rock chris-rock added this to the 0.9.8 milestone Jan 11, 2016
arlimus added a commit that referenced this pull request Jan 15, 2016
@arlimus
make metadata.rb legacy mode consistent for supports
acbc345 
Before introducing InSpec profiles in #252 we had `metadata.rb` keep all information. This included an undisclosed field called `supports`. However, this field was never actually used in practice. So for legacy profiles, this means that `supports` was ignored. In order to keep old profiles running in exactly the way they were before, ignore this field when reading from metadata.rb
@arlimus arlimus mentioned this pull request Jan 15, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Type: Enhancement Improves an existing feature Type: RFC Community survey for a proposal
Projects
None yet
Milestone
0.9.8
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@chris-rock @kennonkwok @jjasghar @arlimus @chef-supermarket