JSON formatter redesign #671
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
arlimus
force-pushed
the
dr/formatter-redesign
branch
from
e55fa38
to
1f22ab5
Compare
chris-rock
force-pushed
the
dr/formatter-redesign
branch
from
1f22ab5
to
7c3145e
Compare
|
This is working great. As discussed with @arlimus I renamed |
chris-rock
force-pushed
the
dr/formatter-redesign
branch
3 times, most recently
from
e467557
to
16dfa65
Compare
Full rewrite of all formatters. Create a minimal JSON, a full JSON, and a fallback RSpec formatter. The latter is only needed for corner cases and should not really be used. The former 2 are for (1) running `inspec json` followed by `inspec exec` (`--format json`) and (2) running just `inspec exec --format fulljson`.
this happens when the profile is run (exec) and also interpreted (via profile.params). It will load 2 profile context calls (both via Runner) which in turn gets 2 rounds of interpreter+runner executions. This is an issue with auto-generated IDs, due to their random component, which changes in this case
chris-rock
force-pushed
the
dr/formatter-redesign
branch
from
16dfa65
to
8258d11
Compare
|
Thanks 💯 @arlimus for this improvement! |
|
The formatter names are as following:
You can call those via: |
This was referenced May 6, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The current JSON output formatter follows rspec conventions:
We added
idandimpact, but the latter can be inferred from the profile's JSON representation retrieved viainspec json. This output is also focused on examples, i.e. tests within control blocks, which didn't help with controls in inspec.Because there is a difference between integration-test driven by
describe-blocks and more security-orientedcontrol-blocks, we had added thefulljsonformatter:It is still very rspec-centric and doesnt connect examples/checks to their controls. Bringing these two concepts together and ligning it with the JSON representation of profiles has been a burden.
Goal
The goal of this MR is to consolidate JSON formatters:
rspecjsonjsonthe default and minimal formatter for JSON; It identifies checks and controlsjsonformatter is designed to be used standalone or with a profile's JSON representation viainspec jsonfulljsonformatter is now fully aligned to the profile's JSON representation; it offers all information availablejsonis geared towards integration tests,fulljsontowards security testingjsonformatter:{ "version": "0.19.3", "controls": [ { "id": "ssh-1", "status": "passed", "code_desc": "File /bin/sh should be owned by \"root\"", "profile_id": "profile" }, ... "summary": { "duration": 0.020813599, "example_count": 5, "failure_count": 0, "skip_count": 1 }fulljsonformatter:{ "version": "0.19.3", "summary": { "duration": 0.008793916, "example_count": 5, "failure_count": 0, "skip_count": 1 }, "profiles": { "profile": { "name": "profile", "title": "InSpec Example Profile", "maintainer": "Chef Software, Inc.", "copyright": "Chef Software, Inc.", "copyright_email": "support@chef.io", "license": "Apache 2 license", "summary": "Demonstrates the use of InSpec Compliance Profile", "version": "1.0.0", "supports": [ { "os-family": "unix" } ], "controls": { "ssh-1": { "title": "Allow only SSH Protocol 2", "desc": "Only SSH protocol version 2 connections should be permitted. The default setting in /etc/ssh/sshd_config is correct, and can be verified by ensuring that the following line appears: Protocol 2", "impact": 1, "refs": [ { "ref": "http://people.redhat.com/swells/scap-security-guide/RHEL/6/output/ssg-centos6-guide-C2S.html" } ], "tags": { "production": null, }, "code": "control 'ssh-1' do\n impact 1.0\n\n title 'Allow only SSH Protocol 2'\n desc 'Only SSH protocol version 2 connections should be permitted.\n The default setting in /etc/ssh/sshd_config is correct, and can be\n verified by ensuring that the following line appears: Protocol 2'\n\n tag 'production','development'\n tag 'ssh','sshd','openssh-server'\n\n tag cce: 'CCE-27072-8'\n tag disa: 'RHEL-06-000227'\n\n tag nist: 'AC-3(10).i'\n tag nist: 'IA-5(1)'\n\n tag cci: 'CCI-000776'\n tag cci: 'CCI-000774'\n tag cci: 'CCI-001436'\n\n tag remediation: 'stig_rhel6/recipes/sshd-config.rb'\n tag remediation: 'https://supermarket.chef.io/cookbooks/ssh-hardening'\n\n ref 'NSA-RH6-STIG - Section 3.5.2.1', url: 'https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf'\n ref 'DISA-RHEL6-SG - Section 9.2.1', url: 'http://iasecontent.disa.mil/stigs/zip/Jan2016/U_RedHat_6_V1R10_STIG.zip'\n ref 'http://people.redhat.com/swells/scap-security-guide/RHEL/6/output/ssg-centos6-guide-C2S.html'\n\n describe file('/bin/sh') do\n it { should be_owned_by 'root' }\n end\nend\n", "source_location": [ "examples/profile/controls/meta.rb", 3 ], "results": [ { "status": "passed", "code_desc": "File /bin/sh should be owned by \"root\"", "run_time": 0.006532512, "start_time": "2016-04-24 02:24:18 -0400" } ] }, ...Skip/Pending
Skipped resources used to be marked as
pendingin previous formatters:{ "description": "Can't find file \"/tmp/gordon/config.yaml\"", "full_description": "gordon_config Can't find file \"/tmp/gordon/config.yaml\"", "status": "pending", "file_path": "examples/profile/controls/gordon.rb", "line_number": 23, "run_time": 2.3474e-05, "pending_message": "Not yet implemented", "id": "gordon-1.0", "impact": 0.7 },They are now marked as
skippedinstead with the skip message injsonandfulljsonformatters:{ "id": "gordon-1.0", "status": "skipped", "code_desc": "gordon_config Can't find file \"/tmp/gordon/config.yaml\"", "profile_id": "profile", "skip_message": "Can't find file \"/tmp/gordon/config.yaml\"", "resource": "gordon_config" },ID redesign
InSpec had a mode where you could supply tests with a grouping ID:
{ ... "id": "OUTER/gordon-1.0", }This functionality was removed, as it didn't serve a use-case anymore. All
--idoptions were removed. Instead, in preparation for better exposure on inheritance, we now provide the profile's namespace as the grouping mechanism:{ "id": "gordon-1.0", "profile_id": "profile", ... }