Unverified Commit d9419245 authored by Tim Smith's avatar Tim Smith Committed by GitHub
Browse files

Merge pull request #11404 from chef/mp/compliance-preflight-2

Compliance Phase preflight validation updates
parents 5fc9c61c 3c1a28fc
......@@ -16,7 +16,7 @@ class Chef
def validate_config!
if @path.nil? || @path.class != String || @path.empty?
raise "CMPL007: json_file reporter: node['audit']['json_file']['location'] must contain a file path"
raise "CMPL009: json_file reporter: node['audit']['json_file']['location'] must contain a file path"
end
end
end
......
......@@ -63,7 +63,10 @@ class Chef
end
def run_failed(_exception, _run_status)
return unless enabled?
# If the run has failed because our own validation of compliance
# phase configuration has failed, we don't want to submit a report
# because we're still not configured correctly.
return unless enabled? && @validation_passed
logger.info("#{self.class}##{__method__}: enabling Compliance Phase")
......@@ -219,7 +222,7 @@ class Chef
end
def reporter(reporter_type)
case reporter_type.downcase
case reporter_type
when "chef-automate"
require_relative "reporter/automate"
opts = {
......@@ -245,7 +248,7 @@ class Chef
Chef::Compliance::Reporter::ChefServerAutomate.new(opts)
when "json-file"
require_relative "reporter/json_file"
path = node["audit"]["json_file"]["location"]
path = node.dig("audit", "json_file", "location")
logger.info "Writing compliance report to #{path}"
Chef::Compliance::Reporter::JsonFile.new(file: path)
when "audit-enforcer"
......@@ -279,10 +282,11 @@ class Chef
return unless enabled?
@reporters = {}
Array(node["audit"]["reporter"]).each do |reporter_type|
type = reporter_type.downcase
# Note that the docs don't say you can use an array, but our implementation
# supports it.
Array(node["audit"]["reporter"]).each do |type|
unless SUPPORTED_REPORTERS.include? type
raise "CMPL003: '#{reporter_type}' found in node['audit']['reporter'] is not a supported reporter for Compliance Phase. Supported reporters are: #{SUPPORTED_REPORTERS.join(",")}. For more information, see the documentation at https://docs.chef.io/chef_compliance_phase/chef_compliance_runners/#reporters"
raise "CMPL003: '#{type}' found in node['audit']['reporter'] is not a supported reporter for Compliance Phase. Supported reporters are: #{SUPPORTED_REPORTERS.join(", ")}. For more information, see the documentation at https://docs.chef.io/chef_compliance_phase/chef_compliance_runners/#reporters"
end
@reporters[type] = reporter(type)
......@@ -290,10 +294,11 @@ class Chef
end
unless (fetcher = node["audit"]["fetcher"]).nil?
unless SUPPORTED_FETCHERS.include? fetcher.downcase
raise "CMPL002: Unrecognized Compliance Phase fetcher (node['audit']['fetcher'] is #{fetcher}. Supported fetchers are: or #{SUPPORTED_FETCHERS.join(",")}, or nil. For more information, see the documentation at https://docs.chef.io/chef_compliance_phase/chef_compliance_runners/#fetchers"
unless SUPPORTED_FETCHERS.include? fetcher
raise "CMPL002: Unrecognized Compliance Phase fetcher (node['audit']['fetcher'] = #{fetcher}). Supported fetchers are: #{SUPPORTED_FETCHERS.join(", ")}, or nil. For more information, see the documentation at https://docs.chef.io/chef_compliance_phase/chef_compliance_runners/#fetchers"
end
end
@validation_passed = true
end
end
end
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment