cookbook 'audit', '= 4.0.0'
audit
(74) Versions
4.0.0
-
-
9.5.0
-
9.4.0
-
9.3.0
-
9.2.1
-
9.2.0
-
9.1.0
-
9.0.1
-
9.0.0
-
8.1.1
-
8.0.0
-
7.8.0
-
7.7.0
-
7.6.0
-
7.5.0
-
7.4.1
-
7.4.0
-
7.3.0
-
7.2.0
-
7.1.0
-
7.0.1
-
7.0.0
-
6.1.0
-
6.0.2
-
6.0.1
-
6.0.0
-
5.0.4
-
5.0.3
-
5.0.2
-
5.0.1
-
5.0.0
-
4.3.0
-
4.2.0
-
4.1.1
-
4.1.0
-
4.0.0
-
3.1.0
-
3.0.0
-
2.4.0
-
2.3.5
-
2.3.4
-
2.3.3
-
2.3.2
-
2.3.1
-
2.3.0
-
2.2.0
-
2.1.0
-
2.0.0
-
1.1.0
-
1.0.2
-
1.0.1
-
1.0.0
-
0.14.4
-
0.14.3
-
0.14.2
-
0.14.1
-
0.14.0
-
0.13.1
-
0.13.0
-
0.12.0
-
0.11.0
-
0.10.0
-
0.9.1
-
0.9.0
-
0.8.0
-
0.7.0
-
0.6.0
-
0.5.1
-
0.5.0
-
0.4.4
-
0.4.3
-
0.3.3
-
0.3.2
-
0.3.1
-
0.3.0
Follow42
- 9.5.0
- 9.4.0
- 9.3.0
- 9.2.1
- 9.2.0
- 9.1.0
- 9.0.1
- 9.0.0
- 8.1.1
- 8.0.0
- 7.8.0
- 7.7.0
- 7.6.0
- 7.5.0
- 7.4.1
- 7.4.0
- 7.3.0
- 7.2.0
- 7.1.0
- 7.0.1
- 7.0.0
- 6.1.0
- 6.0.2
- 6.0.1
- 6.0.0
- 5.0.4
- 5.0.3
- 5.0.2
- 5.0.1
- 5.0.0
- 4.3.0
- 4.2.0
- 4.1.1
- 4.1.0
- 4.0.0
- 3.1.0
- 3.0.0
- 2.4.0
- 2.3.5
- 2.3.4
- 2.3.3
- 2.3.2
- 2.3.1
- 2.3.0
- 2.2.0
- 2.1.0
- 2.0.0
- 1.1.0
- 1.0.2
- 1.0.1
- 1.0.0
- 0.14.4
- 0.14.3
- 0.14.2
- 0.14.1
- 0.14.0
- 0.13.1
- 0.13.0
- 0.12.0
- 0.11.0
- 0.10.0
- 0.9.1
- 0.9.0
- 0.8.0
- 0.7.0
- 0.6.0
- 0.5.1
- 0.5.0
- 0.4.4
- 0.4.3
- 0.3.3
- 0.3.2
- 0.3.1
- 0.3.0
Allows for fetching and executing compliance profiles, and reporting their results
cookbook 'audit', '= 4.0.0', :supermarket
knife supermarket install audit
knife supermarket download audit
audit cookbook
The audit
cookbook allows you to run InSpec profiles as part of a Chef Client run. It downloads configured profiles from various sources like Chef Compliance, Chef Supermarket or Git and reports audit runs to Chef Compliance or Chef Automate.
Requirements
Chef
- Chef Client >=12.5.1
Support Matrix
Chef Automate
Automate version | InSpec version | Audit Cookbook version |
---|---|---|
< 0.8.0 | ≤ 1.23.0 | ≤ 3.1.0 |
≥ 0.8.0 | ≥ 1.24.0 | ≥ 4.0.0 |
Chef Compliance
Chef Compliance version | InSpec version | Audit Cookbook version |
---|---|---|
≤ 1.1.23 | = 0.20.1 | = 0.7.0 |
> 1.1.23 | ≥ 0.22.1 | = 0.8.0 |
≥ 1.6.8 | ≥ 1.2.0 | > 1.0.2 |
Deprecation Note:
Please use reporter
instead of collector
attribute
With version 3.1.0 the use of the collector
attribute is deprecated. Please use reporter
instead. The collector
attribute will be removed in the next major version.
"audit": {
"collector": "chef-server-compliance",
becomes:
"audit": {
"reporter": "chef-server-compliance",
Use chef-server-automate
and chef-automate
instead of chef-server-visibility
and chef-visibility
With version 3.1.0 the reporter attribute deprecates the values chef-server-visibility
and chef-visibility
. They have been renamed:
-
chef-server-visibility
=>chef-server-automate
-
chef-visibility
=>chef-automate
The support for values chef-server-visibility
and chef-visibility
will be removed in the next major version.
Overview
Component Architecture
┌──────────────────────┐ ┌──────────────────────┐ ┌─────────────────────┐
│ Chef Client │ │ Chef Server Proxy │ │ Chef Compliance │
│ │ │ (optional) │ │ or Chef Automate │
│ ┌──────────────────┐ │ │ │ │ │
│ │ │◀┼────┼──────────────────────┼────│ Profiles │
│ │ audit cookbook │ │ │ │ │ │
│ │ │─┼────┼──────────────────────┼───▶│ Reports │
│ └──────────────────┘ │ │ │ │ │
│ │ │ │ │ │
└──────────────────────┘ └──────────────────────┘ └─────────────────────┘
Inspec Profiles can be hosted from a variety of locations:
┌──────────────────────┐ ┌─────────────────────┐
│ Chef Client │ ┌───────────────────────┐ │ Chef Compliance │
│ │ ┌──│ Profiles(Supermarket, │ │ or Chef Automate │
│ ┌──────────────────┐ │ │ │ Github, local, etc) │ │ │
│ │ │◀┼──┘ └───────────────────────┘ │ │
│ │ audit cookbook │◀┼────────────────────────────────│ Profiles │
│ │ │─┼───────────────────────────────▶│ Reports │
│ └──────────────────┘ │ │ │
│ │ │ │
└──────────────────────┘ └─────────────────────┘
Usage
The audit cookbook needs to be configured for each node where the chef-client
runs. The audit
cookbook can be reused for all nodes, all node-specific configuration is done via Chef attributes.
InSpec Gem Installation
Beginning with version 3.x of the audit
cookbook, the cookbook will first check to see if InSpec is already installed. If it is, it will not attempt to install it. Future releases of the Chef omnibus package are expected to include InSpec so this will reduce audit run times and also ensure that Chef users in air-gapped or firewalled environments can still use the audit
cookbook without requiring gem mirrors, etc.
Also beginning with version 3.x of the audit
cookbook, the default version of the InSpec gem to be installed (if it isn't already installed) is the latest version. Prior versions of the audit
cookbook were version-locked to inspec
version 1.15.0.
To install a different version of the InSpec gem, or to force installation of the gem, set the node['audit']['inspec_version']
attribute to the version you wish to be installed.
Configure node
Once the cookbook is available in Chef Server, you need to add the audit::default
recipe to the run-list of each node. The profiles are selected via the node['audit']['profiles']
attribute. A complete list of the possible configuration are documented in [Supported Configurations](docs/supported_configuration.md). For example you can define the attributes in a role or environment file like this:
node.default['audit']['profiles'].push("path": "#{PROFILES_PATH}/mylinux-failure-success")
"audit": { "reporter": "chef-server-compliance", "inspec_version": "1.2.1", "profiles": [ # profile from Chef Compliance { "name": "linux", "compliance": "base/linux" }, # profile from supermarket # note: If reporting to Compliance, the Supermarket profile needs to be uploaded to Chef Compliance first { "name": "ssh", "supermarket": "hardening/ssh-hardening" }, # local Windows path { "name": "brewinc/win2012_audit", # filesystem path "path": "E:/profiles/win2012_audit" }, # github { "name": "ssl", "git": "https://github.com/dev-sec/ssl-benchmark.git" }, # url { "name": "ssh", "url": "https://github.com/dev-sec/tests-ssh-hardening/archive/master.zip" } ] }
You can also configure in a policyfile like this:
default["audit"] = { "reporter" => "chef-server-compliance", "profiles" => [ { "name": "linux", "compliance": "base/linux" }, { "name": "ssh", "compliance": "base/ssh" } ] }
Reporting
Reporting to Chef Automate via Chef Server
If you want the audit cookbook to retrieve compliance profiles and report to Chef Automate (Visibility) through Chef Server, set the reporter
and profiles
attributes.
This requires Chef Client >= 12.16.42. Also requires Chef Server version 12.11.1 and Chef Automate 0.6.6 or newer, as well as integration between the two. More details here.
Chef Automate is not shipping with build-in profiles at the moment. To upload profiles, you can use the Automate API or the inspec compliance
subcommands (requires InSpec 1.7.2 or newer).
Attributes example of fetching from Automate, reporting to Automate both via Chef Server:
"audit": { "reporter": "chef-server-automate", "fetcher": "chef-server", "insecure": false, "profiles": [ { "name": "my-profile", "compliance": "john/my-profile" } ] }
Direct reporting to Chef Compliance
If you want the audit cookbook to directly report to Chef Compliance, set the reporter
, server
, owner
, refresh_token
and profiles
attributes.
-
reporter
- 'chef-compliance' to report to Chef Compliance -
server
- url of Chef Compliance server with/api
-
owner
- Chef Compliance user or organization that will receive this scan report -
refresh_token
- refresh token for Chef Compliance API (https://github.com/chef/inspec/issues/690)- note: A UI logout revokes the refresh_token. Workaround by logging in once in a private browser session, grab the token and then close the browser without logging out
-
insecure
- atrue
value will skip the SSL certificate verification when retrieving access token. Default value isfalse
"audit": { "reporter": "chef-compliance", "server": "https://compliance-fqdn/api", "owner": "my-comp-org", "refresh_token": "5/4T...g==", "insecure": false, "profiles": [ { "name": "windows", "compliance": "base/windows" } ] }
Instead of a refresh token, it is also possible to use a token
that expires in 12h after creation .
"audit": { "reporter": "chef-compliance", "server": "https://compliance-fqdn/api", "owner": "my-comp-org", "token": "eyJ........................YQ", "profiles": [ { "name": "windows", "compliance": "base/windows" } ] }
Direct reporting to Chef Automate
If you want the audit cookbook to directly report to Chef Automate, set the reporter
attribute to 'chef-automate'. Also specify where to retrieve the profiles
from.
-
insecure
- atrue
value will skip the SSL certificate verification. Default value isfalse
This method is sending the report using the data_collector.server_url
and data_collector.token
, defined in client.rb
. It requires inspec
version 0.27.1
or greater. Further information is available at Chef Docs: Configure a Data Collector token in Chef Automate
"audit": { "reporter": "chef-automate", "insecure": "false", "profiles": [ { "name": "brewinc/tmp_compliance_profile", "url": "https://github.com/nathenharvey/tmp_compliance_profile" } ] }
If you are using a self-signed certificate, please also read how to add the Chef Automate certificate to the trusted_certs directory
Version compatibility matrix:
Automate version | InSpec version | Audit Cookbook version |
---|---|---|
< 0.8.0 | ≤ 1.23.0 | ≤ 3.1.0 |
≥ 0.8.0 | ≥ 1.24.0 | ≥ 4.0.0 |
Write to file on disk
To write the report to a file on disk, simply set the reporter
to 'json-file' like so:
audit: { reporter: 'json-file', profiles: [ { 'name': 'admin/ssh2', 'path': '/some/base_ssh.tar.gz' } ] }
Multiple Reporters
To enable multiple reporters, simply define multiple reporters with all the necessary information
for each one. For example, to report to chef-compliance and write to json file on disk:
"audit": { "reporter": [ "chef-compliance", "json-file" ] "server": "https://compliance-fqdn/api", "owner": "my-comp-org", "refresh_token": "5/4T...g==", "insecure": false, "profiles": [ { "name": "windows", "compliance": "base/windows" } ] }
Profile Fetcher
Fetch profiles from Chef Automate/Chef Compliance via Chef Server
To enable reporting to Chef Automate with profiles from Chef Compliance or Chef Automate, you need to have Chef Server integrated with Chef Compliance or Chef Automate. You can then set the fetcher
attribute to 'chef-server'.
This will allow the audit cookbook to fetch profiles stored in Chef Compliance. For example:
"audit": { "fetcher": "chef-server", "reporter": "chef-server-automate", "profiles": [ { "name": "ssh", "compliance": "base/ssh" } ] }
Fetch profiles directly from Chef Automate
This method is fetching profiles using the data_collector.server_url
and data_collector.token
, defined in client.rb
. It requires inspec
version 0.27.1
or greater. Further information is available at Chef Docs: Configure a Data Collector token in Chef Automate
"audit": { "fetcher": "chef-automate", "reporter": "chef-automate", "profiles": [ { "name": "ssh", "compliance": "base/ssh" } ] }
Profile Upload to Compliance Server
In order to support build cookbook mode, the compliance_profile
resource has an upload
action that allows uploading a compressed
inspec compliance profile to the Compliance Server.
Simply include the upload
recipe in the run_list, with attribute overrides for the audit
hash like so:
audit: { server: 'https://compliance-server.test/api', reporter: 'chef-compliance', refresh_token: '21/XMEK3...', profiles: [ { 'name': 'admin/ssh2', 'path': '/some/base_ssh.tar.gz' } ] }
Relationship with Chef Audit Mode
The following tables compares the Chef Client audit mode with this audit
cookbook.
audit mode | audit cookbook | |
---|---|---|
Works with Chef Compliance | No | Yes |
Execution Engine | Serverspec | InSpec |
Execute InSpec Compliance Profiles | No | Yes |
Execute tests embedded in Chef recipes | Yes | No |
Eventually the audit
cookbook will replace audit mode. The only drawback is that you will not be able to execute tests in Chef recipes, but since you will be running these tests in production, you will want to have a straightforward, consistent process by which you include these tests throughout your development lifecycle. Within Chef Compliance, this is a profile.
Migrating from audit mode to audit cookbook:
We will improve the migration and help to ease the process and to reuse existing audit mode test as much as possible. At this point of time, an existing audit-mode test like:
control_group 'Check SSH Port' do
control 'SSH' do
it 'should be listening on port 22' do
expect(port(22)).to be_listening
end
end
end
can be re-written in InSpec as follows:
# rename `control_group` to `control` and use a unique identifier
control "blog-1" do
title 'Check SSH Port' # add the title from `control_group`
# rename the old `control` to `describe`
describe 'SSH' do
it 'should be listening on port 22' do
expect(port(22)).to be_listening
end
end
end
or even simplified to:
control "blog-1" do
title 'SSH should be listening on port 22'
describe port(22) do
it { should be_listening }
end
end
Interval Settings
If you have long running audit profiles that you don't wish to execute on every chef-client run,
you can enable an interval:
default['audit']['interval']['enabled'] = true
default['audit']['interval']['time'] = 1440 # once a day, the default value
The time attribute is in minutes.
You can enable the interval and set the interval time, along with your desired profiles,
in an environment or role like this:
"audit": { "profiles": [ { "name": "ssh", "compliance": "base/ssh" }, { "name": "linux", "compliance": "base/linux" } ], "interval": { "enabled": true, "time": 1440 } }
Alternate Source Location for inspec
Gem
If you are not able or do not wish to pull the inspec
gem from rubygems.org,
you may specify an alternate source using:
# URI to alternate gem source (e.g. http://gems.server.com or filesytem location)
# root of location must host the *specs.4.8.gz source index
default['audit']['inspec_gem_source'] = 'http://internal.gem.server.com/gems'
Please note that all dependencies to the inspec
gem must also be hosted in this location.
Troubleshooting
Please refer to TROUBLESHOOTING.md.
Please let us know if you have any issues, we are happy to help.
Run the tests for this cookbook:
bundle install bundle exec rake style # run all ChefSpec tests bundle exec rspec # run a specific test bundle exec rspec ./spec/unit/libraries/automate_spec.rb
How to release the audit
cookbook
- Cookbook source located here: (https://github.com/chef-cookbooks/audit)
- Hosted Chef users("collaborators") that can publish it to supermarket.chef.io:
apop
,arlimus
,chris-rock
,sr
. Add more collaborators fromSupermarket>Manage Cookbook>Add Collaborator
Releasing a new cookbook version:
- version bump the metadata.rb and updated changelog (
bundle exec rake changelog
) - Get your changes merged into master
- Go to the
audit
cookbook directory and pull from master - Run
bundle install
- Use stove to publish the cookbook(including git version tag). You must point to the private key of your hosted chef user. For example:
bundle exec stove --username apop --key ~/git/chef-repo/.chef/apop.pem
License
Author: | Stephan Renatus (srenatus@chef.io) |
Author: | Christoph Hartmann (chartmann@chef.io) |
Copyright: | Copyright (c) 2015 Chef Software Inc. |
License: | Apache License, Version 2.0 |
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Change Log
v3.1.0 (2017-05-04)
Closed issues:
- Inspec gem is constantly reinstalled if version is specified #215
- JSON output contains "You have X number of issues or packages out of date" #207
- Audit coobook via Chef Automate fails to inherit profiles #206
- Rename
collector
toreporter
#205 - Audit cookbook failing to install from internal Ruby gem mirror #200
- Document new
chef-server-compliance
collector in Readme #190 - Missing default attribute
fail\_if\_any\_audits\_failed
#182 - ability to install inspec as a package #164
- Warning from wrong attribute syntax #161
- Cannot report meta-profiles to Chef Compliance #155
- Support certificates (insecure) for reporting to chef-visibility #150
- Missing profile results in misleading error message in chef_gate log #144
- Vendor InSpec gem #112
- Compliance Profile inheritence does not work with audit cookbook #38
- Provide gem_source attribute for fetching any required gems #26
Merged pull requests:
- fix cc token and ensure we create a new string for a url #220 (chris-rock)
- stick to plain ruby hash #219 (chris-rock)
- fix reinstallation of inspec if version is already installed #218 (chris-rock)
- update metadata and gemfile #216 (chris-rock)
- refactor reporting #214 (chris-rock)
- Use Automate instead of Visibility #213 (chris-rock)
- Always use json format for inspec report #212 (chris-rock)
- Deprecate
collector
attribute #211 (chris-rock) - Add report summary output to chef logs #210 (chris-rock)
- use inspec without nokogiri #209 (chris-rock)
- better error output #208 (chris-rock)
v3.0.0 (2017-04-03)
Implemented enhancements:
- Automate profile fetcher #193
Closed issues:
- upload failed for cookbooks/audit because missing "compat_resource" #204
- Missing data in Automate UI #199
Merged pull requests:
- Only install InSpec if not installed or version provided #203 (adamleff)
- Use
chef-server-compliance
vschef-server
#202 (jerryaldrichiii)
v2.4.0 (2017-03-01)
Merged pull requests:
v2.3.5 (2017-02-16)
Closed issues:
- Direct reporting to Chef Visibility doesn't work when proxying node data through Chef Server #195
- could not find valid gem 'inspec' #194
Merged pull requests:
v2.3.4 (2017-01-05)
Closed issues:
- audit 2.3.2 no longer supports
chef-server
fetcher +chef-server-visibility
collector #184
Merged pull requests:
- make automate integration tests optional #192 (chris-rock)
- Fix issue with interval being removed because of chef-client cookbook cleanup #191 (brentm5)
v2.3.3 (2017-01-04)
Closed issues:
Merged pull requests:
- Releasing audit 2.3.3 defaulting to inspec 1.8.0 #189 (alexpop)
- fixing #184 #186 (jeremymv2)
- Mention uploading profiles to Automate #183 (alexpop)
- Travis and kitchen-ec2 testing #181 (alexpop)
v2.3.2 (2016-12-08)
Closed issues:
- fail_if_not_present doesn't work #166
Merged pull requests:
- throw chef-client exception if requested by users #180 (chris-rock)
- min chef-client version for chef-server-visibility #179 (jeremymv2)
v2.3.1 (2016-12-06)
Closed issues:
- json-file, unable to save file on a windows system #173
- Update Changelog #170
- Integration testing with Chef Automate via test-kitchen #169
- Support Visibility in Automate via Chef Server #148
Merged pull requests:
- change json-file filename #177 (jeremymv2)
- Attributes file clarifications #176 (jeremymv2)
- Integration tests via OpsWorks ec2 #175 (alexpop)
- Fix #170, update changelog, add release instructions #171 (chris-rock)
- minimum integration tests #162 (jeremymv2)
v2.3.0 (2016-11-23)
Closed issues:
Merged pull requests:
- Install inspec from source #168 (stephenlauck)
- Update fetcher for chef-server-visibility and add chef-server-compliance collector #163 (alexpop)
- Mention the integration guide between Chef Server and Automate #160 (alexpop)
v2.2.0 (2016-11-16)
Closed issues:
- Add chef-server-visibility collector and automate fetcher #156
Merged pull requests:
v2.1.0 (2016-11-11)
Closed issues:
- Modify wording of
ERROR: Please take a look at your interval settings
#149
Merged pull requests:
- Add fetcher info to readme #154 (vjeffrey)
- Add insecure flag for
Collector::ChefVisibility
#153 (jerryaldrichiii) - add reference to self-signed certs with visibility #152 (chris-rock)
- change interval timing msg to warn #151 (vjeffrey)
- dry up chef_gem inspec resource declarations #147 (jeremymv2)
v2.0.0 (2016-11-04)
Closed issues:
- Cannot run profiles from Supermarket #139
- version 2.0.0 reporting resources updated #138
- inspec_version attribute specified twice #137
- README.md "Upload cookbook to Chef Server" #136
- Remove temporary report file #132
- Add Chef Server authentication support #129
- Add unit tests #128
- JSON file reporter #126
- Implement RFC: Harmonize profile location targets #118
- Features missing from 2.0.0 #116
- Implement reporting as InSpec plugin #111
- Harmonize audit cookbook profile fetcher with InSpec fetchers #110
- profile scan is reported every chef-client run even if compliance_profile resource wasn't executed #102
- Timing issues during report aggregation #81
- audit cookbook compliance run and report should not report converge #70
- quiet should control whether converge is reported by Chef #65
- Node information sent to Compliance after first audit run are not accurate #40
- 403 Forbidden #21
Merged pull requests:
- adding support for alternate gem source #146 (jeremymv2)
- enable chef-server fetcher attribute #145 (chris-rock)
- Supermarket #143 (jeremymv2)
- fixing resources reporting as updated #142 (jeremymv2)
- fix #136 thanks @jeremymv2 #141 (chris-rock)
- fix #137 #140 (chris-rock)
- implement chef-server fetcher and reporter #135 (chris-rock)
- fix reporting files #134 (vjeffrey)
- do not hand over run context into reporter #133 (chris-rock)
- Add unit tests #131 (vjeffrey)
- update readme #130 (chris-rock)
- bring back intervals #127 (vjeffrey)
- Integrate with Chef Compliance #124 (chris-rock)
- move testing deps to integration group in berksfile #123 (vjeffrey)
- Upload profiles to Chef Compliance via Chef resource #122 (vjeffrey)
- harmonize profile targets #121 (vjeffrey)
- Update Github PR template #120 (tas50)
- recover examples #119 (chris-rock)
- add reference to 1.x documentation #117 (chris-rock)
- Audit docs improvements #115 (alexpop)
- Activate test-kitchen in travis #114 (chris-rock)
- use chef handler to run inspec tests #113 (vjeffrey)
v1.1.0 (2016-10-18)
Closed issues:
Merged pull requests:
- Fix resource_collection profiles selector. #109 (alexpop)
- convert library resources to proper custom resources #107 (lamont-granquist)
- described refresh_token behavior when logging out of UI #105 (jeremymv2)
- fixing interval issues #104 (jeremymv2)
v1.0.2 (2016-10-12)
Merged pull requests:
v1.0.1 (2016-10-06)
Merged pull requests:
v1.0.0 (2016-09-28)
Closed issues:
- Update to InSpec 1.0 #98
- Some tests against windows machines will fail with winrm unitialized constant errors #94
- Gzip error executing on windows host #93
Merged pull requests:
- Release version 1.0.0 #100 (alexpop)
- update to work with inspec 1.0 json format #99 (vjeffrey)
- Docs and examples improvements #97 (alexpop)
- Compliance profile upload #96 (jeremymv2)
- bump inspec version to 0.34.1 to fix issue #94 #95 (thomascate)
- Compliance Token resource #91 (jeremymv2)
- Updated examples #83 (jwmathe)
v0.14.4 (2016-09-06)
Merged pull requests:
- Release version 0.14.4 #90 (alexpop)
- Improve logging and comments for attributes #89 (alexpop)
- fix Tempfile.new #88 (jeremymv2)
- making Auth - bad clock errors clearer #87 (jeremymv2)
- adding clarifications #86 (jeremymv2)
v0.14.3 (2016-08-25)
Merged pull requests:
- improve compliance refresh token handling #85 (chris-rock)
- Minor fixes and changes #84 (tas50)
v0.14.2 (2016-08-16)
Closed issues:
Merged pull requests:
- Fix compliance direct communitcation #80 (chris-rock)
- restrict travis branch testing to master #79 (chris-rock)
- use new collector attribute in examples #78 (chris-rock)
- improve info logging to see which reporter is used #77 (chris-rock)
- update metadata.rb #76 (chris-rock)
v0.14.1 (2016-08-15)
Merged pull requests:
- ChefCompliance collector fix #75 (alexpop)
- Update changelog generator task to be native rake task #74 (brentm5)
v0.14.0 (2016-08-12)
Merged pull requests:
- removing requirement for setting chef server url #73 (jeremymv2)
- Add collector attribute and visibility reporting #72 (chris-rock)
v0.13.1 (2016-06-27)
Merged pull requests:
- 0.13.1 #69 (chris-rock)
- Standardized node access to classic way #68 (mhedgpeth)
v0.13.0 (2016-06-22)
Closed issues:
- audit cookbook should not report a converge #23
Merged pull requests:
- Merged interval functionality into default.rb recipe, updated documentation, gave quiet default #64 (mhedgpeth)
v0.12.0 (2016-06-09)
Merged pull requests:
v0.11.0 (2016-06-09)
Merged pull requests:
- Release 0.11.0 #60 (smurawski)
- http_rescue not required with tempfile #59 (Anirudh-Gupta)
v0.10.0 (2016-06-01)
Merged pull requests:
- handle auth error #58 (chris-rock)
v0.9.1 (2016-05-26)
Closed issues:
- Reports are not displayed in Chef Compliance #52
- Cookbook issue with Windows path #48
- Report to Chef Compliance directly #45
Merged pull requests:
- test-kitchen example for Chef Compliance direct reporting #57 (chris-rock)
- changed access token handling #56 (cjohannsen81)
- add changelog #55 (chris-rock)
v0.9.0 (2016-05-25)
Closed issues:
- Provide support for additional profile hosting sources #49
- Scan reports showing up as "Skipped" in the Compliance server UI #46
Merged pull requests:
- Optimize the direct reporting to Chef Compliance #54 (chris-rock)
- changed FileUtils, tar_path and profile_path behavior #51 (cjohannsen81)
- Support other sources #50 (jeremymv2)
- quiet mode for inspec scans #47 (jeremymv2)
v0.8.0 (2016-05-18)
Closed issues:
- Compliance results no longer reports back to Chef Compliance with latest version of inspec #41
Merged pull requests:
- Inspec 0.22.1 for Chef Compliance 1.2.3 #44 (chris-rock)
- Update readme and bump patch version #43 (alexpop)
v0.7.0 (2016-05-13)
Closed issues:
- Undefined method 'path' for nil:NilClass #39
- Support chef-client < 12.5.1 #30
- standalone Compliance report #12
- we should use the latest inspec version by default #8
Merged pull requests:
- pin inspec to 0.20.1 #42 (chris-rock)
v0.6.0 (2016-05-03)
Merged pull requests:
- fix: use_ssl value has changed error #37 (jeremymv2)
- Add profile name validation and unit tests #36 (alexpop)
- Adding an interval check, if you don't want to run every time #17 (spuranam)
v0.5.1 (2016-04-27)
Merged pull requests:
v0.5.0 (2016-04-25)
Closed issues:
- add option to fail chef run, if the audit failed #3
Merged pull requests:
- Make inspec_version a cookbook attribute and default it to latest #33 (alexpop)
- update bundler #32 (chris-rock)
- update README.md with client version requirement #29 (jeremymv2)
v0.4.4 (2016-04-22)
Merged pull requests:
- update inspec gem version pin #31 (jeremymv2)
- work with token and direct compliance server API #20 (srenatus)
v0.4.3 (2016-04-20)
Merged pull requests:
- chef-compliance profiles changes require a new ver of inspec #28 (alexpop)
- Add our github templates #27 (tas50)
- failing converge if any audits failed #25 (jeremymv2)
- Misc updates #24 (tas50)
- adding ability to handle offline compliance server #22 (jeremymv2)
v0.3.3 (2016-04-05)
Merged pull requests:
v0.3.2 (2016-04-04)
Merged pull requests:
v0.3.1 (2016-04-01)
Closed issues:
- Do not crash default recipe, if node['audit'] is not defined #4
- add default recipe that reads profiles from attributes #1
Merged pull requests:
- Update readme and update version to test stove cookbook update #16 (alexpop)
- Update github links and change to version 0.3.0 #15 (alexpop)
- prepare test-kitchen tests #10 (chris-rock)
- offer native inspec-style syntax as an alternative #9 (arlimus)
- lint files and activate travis testing #7 (chris-rock)
- Update readme and add license information #6 (chris-rock)
- add default attributes file #5 (srenatus)
- audit::default: read profiles from attributes, push report to chefserver #2 (srenatus)
* This Change Log was automatically generated by github_changelog_generator
Collaborator Number Metric
4.0.0 passed this metric
Contributing File Metric
4.0.0 passed this metric
Foodcritic Metric
4.0.0 passed this metric
License Metric
4.0.0 passed this metric
No Binaries Metric
4.0.0 passed this metric
Testing File Metric
4.0.0 passed this metric
Version Tag Metric
4.0.0 passed this metric
4.0.0 passed this metric
4.0.0 passed this metric
Foodcritic Metric
4.0.0 passed this metric
License Metric
4.0.0 passed this metric
No Binaries Metric
4.0.0 passed this metric
Testing File Metric
4.0.0 passed this metric
Version Tag Metric
4.0.0 passed this metric
4.0.0 passed this metric
4.0.0 passed this metric
No Binaries Metric
4.0.0 passed this metric
Testing File Metric
4.0.0 passed this metric
Version Tag Metric
4.0.0 passed this metric
4.0.0 passed this metric
4.0.0 passed this metric
Version Tag Metric
4.0.0 passed this metric
4.0.0 passed this metric