New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix for --controls option is not working as expected. #5434
Conversation
Deploy preview for chef-inspec canceled. Built with commit 513c7be https://app.netlify.com/sites/chef-inspec/deploys/60548abb0c84330007964c14 |
test/functional/inspec_exec_test.rb
Outdated
@@ -178,6 +178,25 @@ def stderr | |||
assert_exit_code 100, out | |||
end | |||
|
|||
it "executes only specified controls when selecting the controls by literal names" do | |||
inspec("exec " + File.join(profile_path, "filter_table") + " --no-create-lockfile --controls foo") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why did you choose the filter_table fixture? I don't think this problem has anything to do with FilterTable. I would suggest either finding a different profile, or creating a new one just for this purpose.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes after checking the impact decided to remove this from here. I thought since we are using --controls options in test with this profile that will be good place to include. But yes definitely this is not the right place to have this. Making the required changes.
test/functional/inspec_exec_test.rb
Outdated
Version: 0.1.0 | ||
Target: local:// | ||
|
||
✔ foo: a thing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is likely too brittle of a test - the check marks vary under Windows, for example. I suggest you write tests that look specifically for what you are looking for. For example,
_(out.stdout).wont_include "bar"
_(out.stdout).wont_include "baz"
test/functional/inspec_exec_test.rb
Outdated
assert_exit_code 0, out | ||
end | ||
|
||
it "executes only specified controls when selecting the controls by literal names" do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This selects by regex, not by literal name
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated.
title '/ profile' | ||
|
||
# you add controls here | ||
control 'tmp-1.0' do # A unique ID for this control | ||
impact 0.7 # The criticality, if this control fails. | ||
title 'Create / directory' # A human-readable title | ||
desc 'An optional description...' # Describe why this is needed | ||
desc 'label', 'An optional description with a label' # Pair a part of the description with a label | ||
tag data: 'temp data' # A tag allows you to associate key information | ||
tag 'security' # to the test | ||
ref 'Document A-12', url: 'http://...' # Additional references | ||
|
||
describe file('/') do # The actual test | ||
it { should be_directory } | ||
end | ||
end | ||
|
||
# you can also use plain tests | ||
describe file('/') do | ||
it { should be_directory } | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file has a lot of extra material in it that is not being tested. Either it should be removed or it should be tested - fixture files should be minimal. Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @clintoncwolfe .Did the required changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a couple of minor notes about the test fixture file, nit-picking really. This works really well. I think users will be very happy with this improvement!
…option Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
This reverts commit 2048c4d.
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
…ing the control block of not included controls in the controls option as it was filtering the controls from the list after evaluating updated the logic so that it gets evaluated after filtering. Removed filter_controls methods as no more using that Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
… getting evaluated as filtering of the control was happening after evaluating so added the filter logic in the control_eval_context. Also when we have describe block outside control block we are we generating a control for them automatically and then execute due that also becomes a control and has to add same logic to filter the control in that mehtod Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
…_list_exist? Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
982ba44
to
428a8a7
Compare
…with some random hex which might contain the number that I have used in the rgex due to which test is failing Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Thanks for fixing this! 🙂 |
Signed-off-by: Vasu1105 vasundhara.jagdale@chef.io
Description
As mentioned in issue #5215 the control block also gets evaluated and due to which the
--controls
option is not working as expected.The reason behind that the filtering of control here https://github.com/inspec/inspec/blob/master/lib/inspec/profile.rb#L228 is happening after evaluating the controls which are happening here https://github.com/inspec/inspec/blob/master/lib/inspec/profile.rb#L220
which calls this
inspec/lib/inspec/profile_context.rb
Line 154 in 2f41c16
inspec/lib/inspec/profile_context.rb
Line 162 in 2f41c16
which then calls this control definition
inspec/lib/inspec/control_eval_context.rb
Line 54 in 2f41c16
and describe definition (descrhttps://github.com/inspec/inspec/blob/2f41c16ad444eaf69f7ec77f4ff681f35aad9210/lib/inspec/control_eval_context.rb#L66
both these methods instantiate Inspec::rule
inspec/lib/inspec/rule.rb
Line 46 in 2f41c16
which basically causing the skipped control is getting evaluated (note not the describe block)
I have added a method in the control_eval_context.rb to filter the controls before evaluating it. I need to add the filter in describe method also because when we are having only describe block without control block the methods creates auto-generated control as described here
inspec/lib/inspec/control_eval_context.rb
Line 63 in 2f41c16
so I am making sure those describe blocks are also get filtered when specifying --controls option.
Related Issue
Fixes #5215
Types of changes
Checklist: