Fix for --controls option is not working as expected. #5434
Conversation
|
Deploy preview for chef-inspec canceled. Built with commit 513c7be https://app.netlify.com/sites/chef-inspec/deploys/60548abb0c84330007964c14 |
test/functional/inspec_exec_test.rb
Outdated
| @@ -178,6 +178,25 @@ def stderr | |||
| assert_exit_code 100, out | |||
| end | |||
|
|
|||
| it "executes only specified controls when selecting the controls by literal names" do | |||
| inspec("exec " + File.join(profile_path, "filter_table") + " --no-create-lockfile --controls foo") | |||
There was a problem hiding this comment.
Why did you choose the filter_table fixture? I don't think this problem has anything to do with FilterTable. I would suggest either finding a different profile, or creating a new one just for this purpose.
There was a problem hiding this comment.
Yes after checking the impact decided to remove this from here. I thought since we are using --controls options in test with this profile that will be good place to include. But yes definitely this is not the right place to have this. Making the required changes.
test/functional/inspec_exec_test.rb
Outdated
| Version: 0.1.0 | ||
| Target: local:// | ||
|
|
||
| ✔ foo: a thing |
There was a problem hiding this comment.
This is likely too brittle of a test - the check marks vary under Windows, for example. I suggest you write tests that look specifically for what you are looking for. For example,
_(out.stdout).wont_include "bar"
_(out.stdout).wont_include "baz"
Vasu1105
changed the title
test/functional/inspec_exec_test.rb
Outdated
| assert_exit_code 0, out | ||
| end | ||
|
|
||
| it "executes only specified controls when selecting the controls by literal names" do |
There was a problem hiding this comment.
This selects by regex, not by literal name
| title '/ profile' | ||
|
|
||
| # you add controls here | ||
| control 'tmp-1.0' do # A unique ID for this control | ||
| impact 0.7 # The criticality, if this control fails. | ||
| title 'Create / directory' # A human-readable title | ||
| desc 'An optional description...' # Describe why this is needed | ||
| desc 'label', 'An optional description with a label' # Pair a part of the description with a label | ||
| tag data: 'temp data' # A tag allows you to associate key information | ||
| tag 'security' # to the test | ||
| ref 'Document A-12', url: 'http://...' # Additional references | ||
|
|
||
| describe file('/') do # The actual test | ||
| it { should be_directory } | ||
| end | ||
| end | ||
|
|
||
| # you can also use plain tests | ||
| describe file('/') do | ||
| it { should be_directory } | ||
| end |
There was a problem hiding this comment.
This file has a lot of extra material in it that is not being tested. Either it should be removed or it should be tested - fixture files should be minimal. Thanks!
There was a problem hiding this comment.
Thanks @clintoncwolfe .Did the required changes.
clintoncwolfe
added
Aspect: Performance
…option Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
This reverts commit 2048c4d.
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
…ing the control block of not included controls in the controls option as it was filtering the controls from the list after evaluating updated the logic so that it gets evaluated after filtering. Removed filter_controls methods as no more using that Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
… getting evaluated as filtering of the control was happening after evaluating so added the filter logic in the control_eval_context. Also when we have describe block outside control block we are we generating a control for them automatically and then execute due that also becomes a control and has to add same logic to filter the control in that mehtod Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
…_list_exist? Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Vasu1105
force-pushed
the
vasundhara/fix-for-controls-option
branch
from
982ba44
to
428a8a7
Compare
…with some random hex which might contain the number that I have used in the rgex due to which test is failing Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Vasu1105
changed the title
|
Thanks for fixing this! 🙂 |
Vasu1105
changed the title
Signed-off-by: Vasu1105 vasundhara.jagdale@chef.io
Description
As mentioned in issue #5215 the control block also gets evaluated and due to which the
--controlsoption is not working as expected.The reason behind that the filtering of control here https://github.com/inspec/inspec/blob/master/lib/inspec/profile.rb#L228 is happening after evaluating the controls which are happening here https://github.com/inspec/inspec/blob/master/lib/inspec/profile.rb#L220
which calls this
inspec/lib/inspec/profile_context.rb
Line 154 in 2f41c16
inspec/lib/inspec/profile_context.rb
Line 162 in 2f41c16
which then calls this control definition
inspec/lib/inspec/control_eval_context.rb
Line 54 in 2f41c16
and describe definition (descrhttps://github.com/inspec/inspec/blob/2f41c16ad444eaf69f7ec77f4ff681f35aad9210/lib/inspec/control_eval_context.rb#L66
both these methods instantiate Inspec::rule
inspec/lib/inspec/rule.rb
Line 46 in 2f41c16
which basically causing the skipped control is getting evaluated (note not the describe block)
I have added a method in the control_eval_context.rb to filter the controls before evaluating it. I need to add the filter in describe method also because when we are having only describe block without control block the methods creates auto-generated control as described here
inspec/lib/inspec/control_eval_context.rb
Line 63 in 2f41c16
so I am making sure those describe blocks are also get filtered when specifying --controls option.
Related Issue
Fixes #5215
Types of changes
Checklist: