cookbook 'audit', '= 9.2.0'
audit
(74) Versions
9.2.0
-
-
9.5.0
-
9.4.0
-
9.3.0
-
9.2.1
-
9.2.0
-
9.1.0
-
9.0.1
-
9.0.0
-
8.1.1
-
8.0.0
-
7.8.0
-
7.7.0
-
7.6.0
-
7.5.0
-
7.4.1
-
7.4.0
-
7.3.0
-
7.2.0
-
7.1.0
-
7.0.1
-
7.0.0
-
6.1.0
-
6.0.2
-
6.0.1
-
6.0.0
-
5.0.4
-
5.0.3
-
5.0.2
-
5.0.1
-
5.0.0
-
4.3.0
-
4.2.0
-
4.1.1
-
4.1.0
-
4.0.0
-
3.1.0
-
3.0.0
-
2.4.0
-
2.3.5
-
2.3.4
-
2.3.3
-
2.3.2
-
2.3.1
-
2.3.0
-
2.2.0
-
2.1.0
-
2.0.0
-
1.1.0
-
1.0.2
-
1.0.1
-
1.0.0
-
0.14.4
-
0.14.3
-
0.14.2
-
0.14.1
-
0.14.0
-
0.13.1
-
0.13.0
-
0.12.0
-
0.11.0
-
0.10.0
-
0.9.1
-
0.9.0
-
0.8.0
-
0.7.0
-
0.6.0
-
0.5.1
-
0.5.0
-
0.4.4
-
0.4.3
-
0.3.3
-
0.3.2
-
0.3.1
-
0.3.0
Follow42
- 9.5.0
- 9.4.0
- 9.3.0
- 9.2.1
- 9.2.0
- 9.1.0
- 9.0.1
- 9.0.0
- 8.1.1
- 8.0.0
- 7.8.0
- 7.7.0
- 7.6.0
- 7.5.0
- 7.4.1
- 7.4.0
- 7.3.0
- 7.2.0
- 7.1.0
- 7.0.1
- 7.0.0
- 6.1.0
- 6.0.2
- 6.0.1
- 6.0.0
- 5.0.4
- 5.0.3
- 5.0.2
- 5.0.1
- 5.0.0
- 4.3.0
- 4.2.0
- 4.1.1
- 4.1.0
- 4.0.0
- 3.1.0
- 3.0.0
- 2.4.0
- 2.3.5
- 2.3.4
- 2.3.3
- 2.3.2
- 2.3.1
- 2.3.0
- 2.2.0
- 2.1.0
- 2.0.0
- 1.1.0
- 1.0.2
- 1.0.1
- 1.0.0
- 0.14.4
- 0.14.3
- 0.14.2
- 0.14.1
- 0.14.0
- 0.13.1
- 0.13.0
- 0.12.0
- 0.11.0
- 0.10.0
- 0.9.1
- 0.9.0
- 0.8.0
- 0.7.0
- 0.6.0
- 0.5.1
- 0.5.0
- 0.4.4
- 0.4.3
- 0.3.3
- 0.3.2
- 0.3.1
- 0.3.0
Allows for fetching and executing compliance profiles, and reporting their results
cookbook 'audit', '= 9.2.0', :supermarket
knife supermarket install audit
knife supermarket download audit
audit cookbook
The audit
cookbook allows you to run InSpec profiles as part of a Chef Client run. It downloads configured profiles from various sources like Chef Automate, Chef Supermarket or Git and reports audit runs to Chef Automate.
Quickstart
The audit
cookbook supports a number of different reporters and fetchers which can be confusing. Please see the supported configurations documentation which has a few copy/paste examples to get you started quickly.
Requirements
Chef
- Chef Client >=12.20
Support Matrix
Chef Automate
Automate version | InSpec version | Audit Cookbook version |
---|---|---|
< 0.8.0 | ≤ 1.23.0 | ≤ 3.1.0 |
≥ 0.8.0 | ≥ 1.24.0 | ≥ 4.0.0 |
≥ 2 | ≥ 2.2.102 | ≥ 7.1.0 |
Chef Infra Client
Chef Client | Audit Cookbook version |
---|---|
>= 15 | >= 8.0.0 |
Note:
When used with Chef Client 15 and above, the Audit cookbook must be >= 7.7.0. Otherwise, you will see the following failure.
```
Recipe Compile Error in /var/chef/cache/cookbooks/audit/recipes/default.rb
RuntimeError
Audit Mode is enabled. The audit cookbook and Audit Mode cannot be used at the same time. Please disable Audit Mode in your client configuration.
```
Overview
Component Architecture
┌──────────────────────┐ ┌──────────────────────┐ ┌─────────────────────┐
│ Chef Client │ │ Chef Server Proxy │ │ Chef Automate │
│ │ │ (optional) │ │ │
│ ┌──────────────────┐ │ │ │ │ │
│ │ │◀┼────┼──────────────────────┼────│ Profiles │
│ │ audit cookbook │ │ │ │ │ │
│ │ │─┼────┼──────────────────────┼───▶│ Reports │
│ └──────────────────┘ │ │ │ │ │
│ │ │ │ │ │
└──────────────────────┘ └──────────────────────┘ └─────────────────────┘
InSpec Profiles can be hosted from a variety of locations:
┌──────────────────────┐ ┌─────────────────────┐
│ Chef Client │ ┌───────────────────────┐ │ Chef Automate │
│ │ ┌──│ Profiles(Supermarket, │ │ │
│ ┌──────────────────┐ │ │ │ Github, local, etc) │ │ │
│ │ │◀┼──┘ └───────────────────────┘ │ │
│ │ audit cookbook │◀┼────────────────────────────────│ Profiles │
│ │ │─┼───────────────────────────────▶│ Reports │
│ └──────────────────┘ │ │ │
│ │ │ │
└──────────────────────┘ └─────────────────────┘
Usage
The audit cookbook needs to be configured for each node where the chef-client
runs. The audit
cookbook can be reused for all nodes, all node-specific configuration is done via Chef attributes.
InSpec Gem Installation
Beginning with version 3.x of the audit
cookbook, the cookbook will first check to see if InSpec is already installed. If it is, it will not attempt to install it. Future releases of the Chef omnibus package are expected to include InSpec so this will reduce audit run times and also ensure that Chef users in air-gapped or firewalled environments can still use the audit
cookbook without requiring gem mirrors, etc.
Also beginning with version 3.x of the audit
cookbook, the default version of the InSpec gem to be installed (if it isn't already installed) is the latest version. Prior versions of the audit
cookbook were version-locked to inspec
version 1.15.0.
To install a different version of the InSpec gem, or to force installation of the gem, set the node['audit']['inspec_version']
attribute to the version you wish to be installed.
Starting with Chef Infra Client 15, only the embedded InSpec gem can be used and the inspec_version
attribute will be ignored.
Note on AIX Support:
- InSpec is only supported via the bundled InSpec gem shipped with version >= 13 of the chef-client package.
- Standalone InSpec gem installation or upgrade is not supported.
- The default
nil
value ofnode['audit']['inspec_version']
will ensure the above behavior is adhered to.
Configure node
Once the cookbook is available in Chef Server, you need to add the audit::default
recipe to the run-list of each node (or, preferably create a wrapper cookbook). The profiles are selected using the node['audit']['profiles']
attribute. A list of example configurations are documented in [Supported Configurations](docs/supported_configuration.md). Below is another example demonstrating the different locations profiles can be "fetched" from:
default['audit']['profiles']['linux-baseline'] = { 'compliance': 'user/linux-baseline', 'version': '2.1.0' } default['audit']['profiles']['ssh'] = { 'supermarket': 'hardening/ssh-hardening' } default['audit']['profiles']['brewinc/win2012_audit'] = { 'path': 'E:/profiles/win2012_audit' } default['audit']['profiles']['ssl'] = { 'git': 'https://github.com/dev-sec/ssl-benchmark.git' } default['audit']['profiles']['ssh2'] = { 'url': 'https://github.com/dev-sec/tests-ssh-hardening/archive/master.zip' }
Attributes
You can also pass in InSpec Attributes to your audit run. Do this by defining the attributes:
default['audit']['attributes'] = { first_attribute: 'some value', second_attribute: 'another value', }
Waivers
You can use Chef InSpec's Waiver Feature to mark individual failing controls as being administratively accepted, either on a temporary or permanent basis. Prepare a waiver YAML file, and use your Chef Infra cookbooks to deliver the file to your converging node (for example, using cookbook_file or remote_file). Then set the attribute default['audit']['waiver_file']
to the location of the waiver file on the local node, and Chef InSpec will apply the waivers.
Reporting
Reporting to Chef Automate via Chef Server
To retrieve compliance profiles and report to Chef Automate through Chef Server, set the reporter
and profiles
attributes.
This requires Chef Client >= 12.16.42, Chef Server version 12.11.1, and Chef Automate 0.6.6 or newer, as well as integration between the Chef Server and Chef Automate. More details here.
To upload profiles, you can use the Automate API or the inspec compliance
subcommands (requires InSpec 1.7.2 or newer).
Attributes example of fetching from Automate, reporting to Automate both via Chef Server:
default['audit']['reporter'] = 'chef-server-automate' default['audit']['fetcher'] = 'chef-server' default['audit']['profiles']['my-profile'] = { 'compliance': 'john/my-profile' }
Direct reporting to Chef Automate
To report directly to Chef Automate, set the reporter
attribute to 'chef-automate' and specify where to fetch the profiles
from.
-
insecure
- atrue
value will skip the SSL certificate verification. Default value isfalse
This method sends the report using the data_collector.server_url
and data_collector.token
options, defined in client.rb
. It requires inspec
version 0.27.1
or greater. Further information is available at Chef Docs: Configure a Data Collector token in Chef Automate
default['audit']['reporter'] = 'chef-automate' default['audit']['profiles']['tmp_compliance_profile'] = { 'url': 'https://github.com/nathenharvey/tmp_compliance_profile' }
If you are using a self-signed certificate, please also read how to add the Chef Automate certificate to the trusted_certs directory
Version compatibility matrix:
Automate version | InSpec version | Audit Cookbook version |
---|---|---|
< 0.8.0 | ≤ 1.23.0 | ≤ 3.1.0 |
≥ 0.8.0 | ≥ 1.24.0 | ≥ 4.0.0 |
Compliance report size limitations
The size of the report being generated from running the compliance scan is influenced by a few factors like:
* number of controls and tests in a profile
* number of profile failures for the node
* controls metadata (title, description, tags, etc)
* number of resources (users, processes, etc) that are being tested
Depending on your setup, there are some limits you need to be aware of. A common one is Chef Server default (1MB) request size. Exceeding this limit will reject the report with ERROR: 413 "Request Entity Too Large"
. For more details about these limits, please refer to [TROUBLESHOOTING.md](TROUBLESHOOTING.md#413-request-entity-too-large).
Write to file on disk
To write the report to a file on disk, simply set the reporter
to 'json-file' like so:
default['audit']['reporter'] = 'json-file' default['audit']['profiles']['ssh2'] = { 'path': '/some/base_ssh.tar.gz' }
The resulting file will be written to node['audit']['json_file']['location']
which defaults to
<chef_cache_path>/cookbooks/audit/inspec-<YYYYMMDDHHMMSS>.json
. The path will also be output to
the Chef log:
[2017-08-29T00:22:10+00:00] INFO: Reporting to json-file
[2017-08-29T00:22:10+00:00] INFO: Writing report to /opt/kitchen/cache/cookbooks/audit/inspec-20170829002210.json
[2017-08-29T00:22:10+00:00] INFO: Report handlers complete
Enforce compliance with executed profiles
The audit-enforcer
enables you to enforce compliance with executed profiles. If the system under test is determined to be non-compliant, this reporter will raise an error and fail the Chef Client run. To activate compliance enforcement, set the reporter
attribute to 'audit-enforcer':
default['audit']['reporter'] = 'audit-enforcer'
Note that detection of non-compliance will immediately terminate the Chef Client run. If you specify multiple reporters, place the audit-enforcer
at the end of the list, allowing the other reporters to generate their output prior to run termination.
Multiple Reporters
To enable multiple reporters, simply define multiple reporters with all the necessary information
for each one. For example, to report to Chef Automate and write to json file on disk:
default['audit']['reporter'] = ['chef-server-automate', 'json-file'] default['audit']['profiles']['windows'] = { 'compliance': 'base/windows' } )
Profile Fetcher
Fetch profiles from Chef Automate via Chef Server
To enable reporting to Chef Automate with profiles from Chef Automate, you need to have Chef Server integrated with Chef Automate. You can then set the fetcher
attribute to 'chef-server'.
This allows the audit cookbook to fetch profiles stored in Chef Automate. For example:
default['audit']['reporter'] = 'chef-server-automate' default['audit']['fetcher'] = 'chef-server' default['audit']['profiles']['ssh'] = { 'compliance': 'base/ssh' }
Fetch profiles directly from Chef Automate
This method fetches profiles using the data_collector.server_url
and data_collector.token
options, in client.rb
. It requires inspec
version 0.27.1
or greater. Further information is available at Chef Docs: Configure a Data Collector token in Chef Automate
default['audit']['reporter'] = 'chef-automate' default['audit']['fetcher'] = 'chef-automate' default['audit']['profiles']['ssh'] = { 'name': 'ssh', }
Relationship with Chef Audit Mode
The following tables compares the Chef Client audit mode with this audit
cookbook.
audit mode | audit cookbook | |
---|---|---|
Execution Engine | Serverspec | InSpec |
Execute InSpec Profiles | No | Yes |
Execute tests embedded in Chef recipes | Yes | No |
Eventually the audit
cookbook will replace audit mode. The only drawback is that you will not be able to execute tests in Chef recipes, but since you will be running these tests in production, you will want to have a straightforward, consistent process by which you include these tests throughout your development lifecycle. Within Chef Automate, this is a profile.
Migrating from audit mode to audit cookbook:
We will improve the migration and help to ease the process and to reuse existing audit mode test as much as possible. At this point of time, an existing audit-mode test like:
control_group 'Check SSH Port' do
control 'SSH' do
it 'should be listening on port 22' do
expect(port(22)).to be_listening
end
end
end
can be re-written in InSpec as follows:
# rename `control_group` to `control` and use a unique identifier
control "blog-1" do
title 'Check SSH Port' # add the title from `control_group`
# rename the old `control` to `describe`
describe 'SSH' do
it 'should be listening on port 22' do
expect(port(22)).to be_listening
end
end
end
or even simplified to:
control "blog-1" do
title 'SSH should be listening on port 22'
describe port(22) do
it { should be_listening }
end
end
Disabling 'audit mode' in the Chef client
The audit cookbook and Chef's own "Audit Mode" are not compatible due to global state management done by RSpec which is used by both implementations. To prevent unexpected results, the audit cookbook will prevent Chef from continuing if "Audit Mode" is not disabled.
You can use the chef-client cookbook to disable "Audit Mode" on all of your nodes to permit use of the audit cookbook. As an example, when using the chef-client cookbook you can add this configuration to default_attributes
section of a role and add the chef-client cookbook to the run list.
"chef_client": {
"config": {
"audit_mode": ":disabled"
}
},
Interval Settings
If you have long running audit profiles that you don't wish to execute on every chef-client run,
you can enable an interval:
default['audit']['interval']['enabled'] = true
default['audit']['interval']['time'] = 1440 # once a day, the default value
The time attribute is in minutes.
You can enable the interval and set the interval time, along with your desired profiles,
in an environment or role like this:
"audit": { "profiles": [ { "name": "ssh", "compliance": "base/ssh" }, { "name": "linux", "compliance": "base/linux" } ], "interval": { "enabled": true, "time": 1440 } }
Alternate Source Location for inspec
Gem
If you are not able or do not wish to pull the inspec
gem from rubygems.org,
you may specify an alternate source using:
# URI to alternate gem source (e.g. http://gems.server.com or filesytem location)
# root of location must host the *specs.4.8.gz source index
default['audit']['inspec_gem_source'] = 'http://internal.gem.server.com/gems'
Please note that all dependencies to the inspec
gem must also be hosted in this location.
Using Chef node data
While it is recommended that InSpec profiles should be self-contained and not rely on external data unless
necessary, there are valid use cases where a profile's test may exhibit different behavior depending on
aspects of the node under test.
There are two primary ways to pass Chef data to the InSpec run via the audit cookbook.
Option 1: Explicitly pass necessary data (recommended)
Any data added to the node['audit']['attributes']
hash will be passed as individual InSpec attributes.
This provides a clean interface between the Chef run and InSpec profile, allowing for easy assignment
of sane default values in the InSpec profile. This method is especially recommended if the InSpec profile
is expected to be used outside of the context of the audit cookbook so it's extra clear to profile
consumers what attributes are necessary.
In a wrapper cookbook or similar, set your Chef attributes:
node.normal['audit']['attributes']['key1'] = 'value1' node.normal['audit']['attributes']['debug_enabled'] = node['my_cookbook']['debug_enabled'] node.normal['audit']['attributes']['environment'] = node.chef_environment
... and then use them in your InSpec profile:
environment = attribute('environment', description: 'The chef environment for the node', default: 'dev') control 'debug-disabled-in-production' do title 'Debug logs disabled in production' desc 'Debug logs contain potentially sensitive information and should not be on in prod.' impact 1.0 describe file('/path/to/my/app/config') do its('content') { should_not include "debug=true" } end only_if { environment == 'production' } end
Option 2: Use the chef node object
In the event where it is not practical to opt-in to pass certain attributes and data, the audit cookbook will
pass the Chef node object as an InSpec attribute named chef_node
.
While this provides the ability to write more flexible profiles, it makes it more difficult to reuse profiles
outside of an audit cookbook run, requiring the profile user to know how to pass in a single attribute containing
Chef-like data. Therefore, it is recommended to use Option 1 whenever possible.
To use this option, first enable it in a wrapper cookbook or similar:
node.override['audit']['chef_node_attribute_enabled'] = true
... and then use it in your profile:
chef_node = attribute('chef_node', description: 'Chef Node') control 'no-password-auth-in-prod' do title 'No Password Authentication in Production' desc 'Password authentication is allowed in all environments except production' impact 1.0 describe sshd_config do its('PasswordAuthentication') { should cmp 'No' } end only_if { chef_node['chef_environment'] == 'production' } end
Using the InSpec Backend Cache
Introduced in Audit Cookbook v6.0.0 and InSpec v1.47.0
InSpec v1.47.0 provides the ability to cache the result of commands executed on the node being tested. This drastically improves InSpec performance when slower-running commands are run multiple times during execution.
This feature is enabled by default in the audit cookbook. If your profile runs a command multiple times and expects output to be different each time, you may have to disable this feature. To do so, set the inspec_backend_cache
attribute to false
:
node.normal['audit']['inspec_backend_cache'] = false
Troubleshooting
Please refer to [TROUBLESHOOTING.md](TROUBLESHOOTING.md).
Please let us know if you have any issues, we are happy to help.
Run the tests for this cookbook:
Install Chef Development Kit on your machine.
# Install webmock gem needed by rspec chef gem install webmock # Run style checks rake style # Run all unit and ChefSpec tests rspec # Run a specific test rspec ./spec/unit/libraries/automate_spec.rb
How to release the audit
cookbook
- Cookbook source located here: (https://github.com/chef-cookbooks/audit)
- Hosted Chef users("collaborators") that can publish it to supermarket.chef.io:
apop
,arlimus
,chris-rock
,sr
. Add more collaborators fromSupermarket>Manage Cookbook>Add Collaborator
Releasing a new cookbook version:
- Install changelog gem:
chef gem install github_changelog_generator
- version bump the metadata.rb and updated changelog (
rake changelog
) - Get your changes merged into master
- Go to the
audit
cookbook directory and pull from master - Run
bundle install
- Use stove to publish the cookbook(including git version tag). You must point to the private key of your hosted chef user. For example:
stove --username apop --key ~/git/chef-repo/.chef/apop.pem
License
Author: | Stephan Renatus (srenatus@chef.io) |
Author: | Christoph Hartmann (chartmann@chef.io) |
Copyright: | Copyright (c) 2015 Chef Software Inc. |
License: | Apache License, Version 2.0 |
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
Changelog
v9.2.0 (2020-04-21)
Closed issues:
- Add Chef InSpec Waiver integration into Audit Cookbook #396
Merged pull requests:
- Support the Automate /compliance/profiles/metasearch endpoint to send reduced reports #418 (alexpop)
- Update warnings on size limits, error on nil uuid #417 (btm)
- Automated PR: Standardising Files #416 (xorimabot)
- Automated PR: Cookstyle Changes #415 (xorimabot)
- Error: The
Style/BracesAroundHashParameters
cop has been removed. #414 (Xorima) - Update changelog after release 9.1.0 #411 (alexpop)
v9.1.0 (2020-03-03)
Implemented enhancements:
- Implement waiver file support #397
- Add waiver-file support #398 (clintoncwolfe)
Fixed bugs:
- Send Report returned: 429 "Too Many Requests" from Automate Server #384
- Audit 5.0.0 - NoMethodError: undefined method `path' for nil:NilClass when profile not found #301
Closed issues:
- Apply current cookstyle #407
- Use Net::HTTPClientException instead of Net::HTTPServerException #394
- Add Filter Button for Disconnected Services in the Applications View #392
- Deprecate current scheduling features #333
Merged pull requests:
- Bump version and change travis os #410 (alexpop)
- Get most test kitchen tests passing in Travis #405 (clintoncwolfe)
- Update deprecated Net::HTTPServerException with Net::HTTPClientException #395 (vsingh-msys)
- Detect 429 & 413 and append an additional message #393 (vsingh-msys)
- Bump cookbook to version 9.0.1 #389 (alexpop)
- Update test deps and the kitchen dokken config #355 (tas50)
v9.0.1 (2019-09-19)
Fixed bugs:
- New Hash of Hashs format for specifying profiles does not work #339
Closed issues:
- Remove
.push\(\)
examples from documentation #359
Merged pull requests:
- use Chef Server header auth in Chef Server fetcher #388 (stevendanna)
- Update changelog for v9 #387 (alexpop)
v9.0.0 (2019-09-18)
Implemented enhancements:
Fixed bugs:
- Doc is wrong - https://github.com/chef-cookbooks/audit/blob/master/docs/supported\_configuration.md #241
- audit profile configuration not working #240
- Audit coobook via Chef Automate fails to inherit profiles (#<TypeError: no implicit conversion of URI::HTTPS into String>) #222
Closed issues:
- inspec gem and dependencies #231
Merged pull requests:
- Remove deprecated examples using Array of Hashes #386 (alexpop)
- Change profiles default to a Hash #385 (lamont-granquist)
- Remove compliance and visibility reporters #383 (alexpop)
v8.1.1 (2019-07-25)
Implemented enhancements:
- Implement an 'audit' reporter that will terminate Chef Client runs on profile failures #380 (sbabcoc)
Merged pull requests:
- Update changelog after release 8.1.1 #382 (alexpop)
- Add and check for custom exception to propagate audit failures #381 (sbabcoc)
v8.0.0 (2019-07-03)
Fixed bugs:
Closed issues:
- Readme still indicates chef-client 12.5.1 as lowest client version supported #338
Merged pull requests:
v7.8.0 (2019-06-21)
Implemented enhancements:
- way to ensure that the cookbook runs as last cookbook #13
Fixed bugs:
- AuditReport rasied RunTime Error
supports\_profile
#185
Closed issues:
- Request: Ability to delete old nodes from Compliance or Automate without having to use API calls #306
- Eliminate the need for
.inspec/compliance/config.json
for Chef Compliance reporter #125
Merged pull requests:
- bump chef infra client requirement to 12.20 to match metadata. Obviou… #376 (sarahbakal)
- Restore style, unit and chefspec testing #375 (alexpop)
- Provide option to avoid saving the inspec attributes to the node object #374 (alexpop)
- Add additional audit cookbook matrix conditions around chef-client 15.x #373 (sean-horn)
v7.7.0 (2019-05-31)
Closed issues:
- Cookbook broken with Chef-15 #368
Merged pull requests:
- Release cookbook version 7.7.0 #372 (alexpop)
- Make entity_uuid work for Chef Infra 15 #371 (alexpop)
- Update to kitchen-dokken ~> 2.7.0 #370 (teknofire)
v7.6.0 (2019-05-17)
Implemented enhancements:
- audit cookbook usage in wrapper cookbook #82
Closed issues:
- This is just a simple PR that came up during a review. #365
- Report handler Chef::Handler::AuditReport raised NoMethodError: undefined method 'path' for <String> when profile not found #348
Merged pull requests:
- Release audit version 7.6.0 #369 (alexpop)
- Prevent downgrading to Chef-InSpec < 4 when using Chef 15 #367 (teknofire)
v7.5.0 (2019-04-23)
Merged pull requests:
v7.4.1 (2019-03-20)
Fixed bugs:
- chef-client audit-mode exception when the audit cookbook is used #34
Merged pull requests:
- Prevent failures when running on Chef 15 #362 (tas50)
- Fixing broken link to data collection docs #356 (moutons)
v7.4.0 (2019-02-05)
Closed issues:
- Specify compile_time field on inspec install #342
Merged pull requests:
- Use standard cookstyle #354 (tas50)
- Minor updates to kitchen, chefignore, and codeowners files #353 (tas50)
- Fixes for undefined method 'path' for <String> when profile not found… #349 (vsingh-msys)
- Update the automate support matrix #345 (teknofire)
- Add compile_time flag to inspec install. #344 (jquick)
- Remove Ruby 2.2 support #341 (btm)
- Fix errant dash instead of underscore in example of InSpec version #340 (gsreynolds)
v7.3.0 (2018-09-19)
Implemented enhancements:
- Add ability to configure json-file output location #286
Merged pull requests:
- Bump version to 7.3.0 and update CHANGELOG #337 (alexpop)
- Allow json-file output location to be configured #327 (nvwls)
v7.2.0 (2018-09-18)
Merged pull requests:
v7.1.0 (2018-08-20)
Closed issues:
- Audit cookbook removes inspec_core on new install #329
Merged pull requests:
- Switch to the new json-automate reporter when inspec version allows it #334 (alexpop)
- Add support for node['audit']['profiles'] as a hash of hashes #328 (mattray)
- Modify examples to not override hash #323 (jerryaldrichiii)
v7.0.1 (2018-07-17)
Implemented enhancements:
- Add support for compliance profiles into chef-zero #188
Closed issues:
- NoMethodError: undefined method `inspec_gem' for cookbook: audit, recipe: inspec :Chef::Recipe #320
Merged pull requests:
- Release audit 7.0.1 #324 (jquick)
- [MSYS-829] Fix nil class error when profile not found on automate server #321 (NAshwini)
v7.0.0 (2018-05-11)
Merged pull requests:
- Bump audit major version #319 (jquick)
- Update audit cookbook to use inspec-core. #318 (jquick)
- compat_resource is no longer supported #316 (lamont-granquist)
v6.1.0 (2018-04-19)
Closed issues:
- Support ChefClient 14 #312
Merged pull requests:
v6.0.2 (2018-04-18)
Closed issues:
- Failing to add nodes: Error:Response from server was : status code 403 #307
- Changelog updates #302
- Chef inspec giving error during client run #300
Merged pull requests:
- Bump Audit cookbook to 6.0.2 #314 (jquick)
- pin to chef 13 #311 (chris-rock)
- AIX support notes #309 (jeremymv2)
- Add optional version parameter when using Compliance store #308 (kevinreedy)
- Fix bundler on Travis #305 (adamleff)
- Update the readme regarding audit mode #304 (btm)
- Update changelog #303 (adamleff)
v6.0.1 (2017-12-21)
Closed issues:
- Activate inspec cache by default to boost Windows execution #296
Merged pull requests:
- Update reporters to log report size. Update readme #299 (alexpop)
- README update for inspec_backend_cache feature #298 (adamleff)
v6.0.0 (2017-12-06)
Closed issues:
- Audit doesn't run when CCR fails #289
Merged pull requests:
- Enable Inspec caching #297 (jquick)
- Include handler in exception handlers as well as report handlers #290 (drrk)
v5.0.4 (2017-11-22)
Closed issues:
- attributes not being pulled into control #293
- ERROR: Audit report was not generated properly, skipped reporting #291
Merged pull requests:
- 5.0.4 #295 (alexpop)
- Add CODEOWNERS for audit cookbook #294 (adamleff)
- Send end_time as utc RFC3339 #292 (alexpop)
v5.0.3 (2017-10-02)
Merged pull requests:
v5.0.2 (2017-09-27)
Fixed bugs:
- Default chef attributes value may lead to accessing nil. #282
Merged pull requests:
- Release v5.0.2 #285 (adamleff)
- simplify profile url code #284 (arlimus)
- let inspec set the default attribute for chef node attributes #283 (arlimus)
- Handle '@' in username when grabbing compliance profiles #280 (kevinreedy)
v5.0.1 (2017-09-20)
Closed issues:
Merged pull requests:
- Release v5.0.1 #281 (adamleff)
- Fix Chef deprecation warnings in inspec_gem resource #279 (adamleff)
- The "Format is" log message should debug level #278 (xblitz)
v5.0.0 (2017-08-30)
Merged pull requests:
- Release v5.0.0 #275 (adamleff)
- Make chef_node attribute an opt-in feature #274 (adamleff)
- Add additional words to README re: using Chef node data #273 (adamleff)
v4.3.0 (2017-08-29)
Implemented enhancements:
- Feature enhancement request: Audit cookbook 4.2 to pass node data to Inspec #268
Closed issues:
- Document location of json reports when reporter is
json-file
#269
Merged pull requests:
- Release v4.3.0 #272 (adamleff)
- Pass Chef node to InSpec as an attribute #271 (adamleff)
- Add json-file location to README #270 (adamleff)
v4.2.0 (2017-08-10)
Closed issues:
- Support inspec attributes #261
Merged pull requests:
- Release v4.2.0 #267 (adamleff)
- Add test for InSpec Attributes functionality #266 (adamleff)
- Disable default source when using user-supplied gem source #265 (adamleff)
- Support for attributes within audit cookbook #262 (mhedgpeth)
v4.1.1 (2017-07-18)
Closed issues:
Merged pull requests:
- Release 4.1.1 #263 (alexpop)
- Fix inspec hosted profile diagram for Chef Supermarket #260 (alexpop)
- Non-null header value required for using chef-automate fetcher (#258) #259 (ChefRycar)
v4.1.0 (2017-07-05)
Implemented enhancements:
- Raise exception if no token is set when using the chef-automate fetcher #249 (adamleff)
- Fail Chef run if Audit Mode is enabled #238 (adamleff)
Fixed bugs:
- support profile inheritance for Chef Compliance in audit cookbook 4 #256 (chris-rock)
- fix Reporter::ChefServer does not exist #253 (chris-rock)
- fix InSpec 1.27.0 Compliance::API use #251 (chris-rock)
- Make json-file reporter save JSON content #246 (jeremiahsnapp)
- fix chef compliance profile handling #243 (chris-rock)
Closed issues:
- Ensure support for InSpec 1.25.1+ #252
- json-file reporter saves ruby hash instead of JSON #244
- reporter: chef-server-compliance generates error: NameError: uninitialized constant Reporter::ChefServer #234
- reporter: chef-compliance fails with error "ArgumentError: wrong number of arguments (given 2, expected 1)>" #232
Merged pull requests:
- remove unused test #255 (chris-rock)
- update travis configuration #254 (chris-rock)
- Add link to supported configs in README #250 (adamleff)
- ensure json file outputs a json file #247 (chris-rock)
- Ensure min version of inspec is used #237 (alexpop)
- Update comments in attributes file. #230 (alexpop)
v4.0.0 (2017-05-22)
Closed issues:
- Implement Chef-solo Chef Automate fetcher #226
Merged pull requests:
- update readme #229 (chris-rock)
- add automate fetcher for chef solo #227 (chris-rock)
- Remove typed_attributes and leave the backend handle attributes #225 (alexpop)
- Reduce report enrichment, bump cookbook to version 4.0.0 #224 (alexpop)
- readme updates #223 (jeremymv2)
v3.1.0 (2017-05-04)
Implemented enhancements:
- JSON output contains "You have X number of issues or packages out of date" #207
- ability to install inspec as a package #164
- Warning from wrong attribute syntax #161
- Cannot report meta-profiles to Chef Compliance #155
- Vendor InSpec gem #112
- Provide gem_source attribute for fetching any required gems #26
Fixed bugs:
- Inspec gem is constantly reinstalled if version is specified #215
- Audit coobook via Chef Automate fails to inherit profiles #206
- Compliance Profile inheritence does not work with audit cookbook #38
Closed issues:
- Rename
collector
toreporter
#205 - Audit cookbook failing to install from internal Ruby gem mirror #200
- Document new
chef-server-compliance
collector in Readme #190 - Missing default attribute
fail\_if\_any\_audits\_failed
#182 - Support certificates (insecure) for reporting to chef-visibility #150
- Missing profile results in misleading error message in chef_gate log #144
Merged pull requests:
- 3.1.0 #221 (chris-rock)
- fix cc token and ensure we create a new string for a url #220 (chris-rock)
- stick to plain ruby hash #219 (chris-rock)
- fix reinstallation of inspec if version is already installed #218 (chris-rock)
- update metadata and gemfile #216 (chris-rock)
- refactor reporting #214 (chris-rock)
- Use Automate instead of Visibility #213 (chris-rock)
- Always use json format for inspec report #212 (chris-rock)
- Deprecate
collector
attribute #211 (chris-rock) - Add report summary output to chef logs #210 (chris-rock)
- use inspec without nokogiri #209 (chris-rock)
- better error output #208 (chris-rock)
v3.0.0 (2017-04-03)
Implemented enhancements:
- Automate profile fetcher #193
Closed issues:
- upload failed for cookbooks/audit because missing "compat_resource" #204
- Missing data in Automate UI #199
Merged pull requests:
- Only install InSpec if not installed or version provided #203 (adamleff)
- Use
chef-server-compliance
vschef-server
#202 (jerryaldrichiii)
v2.4.0 (2017-03-01)
Merged pull requests:
v2.3.5 (2017-02-16)
Closed issues:
- Direct reporting to Chef Visibility doesn't work when proxying node data through Chef Server #195
- could not find valid gem 'inspec' #194
Merged pull requests:
v2.3.4 (2017-01-05)
Closed issues:
- audit 2.3.2 no longer supports
chef-server
fetcher +chef-server-visibility
collector #184
Merged pull requests:
- make automate integration tests optional #192 (chris-rock)
- Fix issue with interval being removed because of chef-client cookbook cleanup #191 (brentm5)
- fixing #184 #186 (jeremymv2)
v2.3.3 (2017-01-04)
Implemented enhancements:
- Run Chef Automate integration tests in travis #178
Closed issues:
- Unable to use GIT as a profile source #172
Merged pull requests:
- Releasing audit 2.3.3 defaulting to inspec 1.8.0 #189 (alexpop)
- Mention uploading profiles to Automate #183 (alexpop)
- Travis and kitchen-ec2 testing #181 (alexpop)
v2.3.2 (2016-12-08)
Fixed bugs:
- fail_if_not_present doesn't work #166
Merged pull requests:
- throw chef-client exception if requested by users #180 (chris-rock)
- min chef-client version for chef-server-visibility #179 (jeremymv2)
v2.3.1 (2016-12-06)
Implemented enhancements:
- Support Visibility in Automate via Chef Server #148
- Integration tests via OpsWorks ec2 #175 (alexpop)
Closed issues:
- json-file, unable to save file on a windows system #173
- Update Changelog #170
- Integration testing with Chef Automate via test-kitchen #169
Merged pull requests:
- change json-file filename #177 (jeremymv2)
- Attributes file clarifications #176 (jeremymv2)
- Fix #170, update changelog, add release instructions #171 (chris-rock)
- minimum integration tests #162 (jeremymv2)
v2.3.0 (2016-11-23)
Implemented enhancements:
- Improve cookbook usability(fetcher, reporter) renaming #158
- Update fetcher for chef-server-visibility and add chef-server-compliance collector #163 (alexpop)
- Mention the integration guide between Chef Server and Automate #160 (alexpop)
Closed issues:
- Update chef web docs #159
v2.2.0 (2016-11-16)
Implemented enhancements:
- Add chef-server-visibility collector and automate fetcher #156
- Add chef-server-visibility collector #157 (alexpop)
v2.1.0 (2016-11-11)
Closed issues:
- Modify wording of
ERROR: Please take a look at your interval settings
#149
Merged pull requests:
- Add fetcher info to readme #154 (vjeffrey)
- Add insecure flag for
Collector::ChefVisibility
#153 (jerryaldrichiii) - add reference to self-signed certs with visibility #152 (chris-rock)
- change interval timing msg to warn #151 (vjeffrey)
- dry up chef_gem inspec resource declarations #147 (jeremymv2)
v2.0.0 (2016-11-04)
Implemented enhancements:
Fixed bugs:
- Timing issues during report aggregation #81
Closed issues:
- Cannot run profiles from Supermarket #139
- version 2.0.0 reporting resources updated #138
- inspec_version attribute specified twice #137
- README.md "Upload cookbook to Chef Server" #136
- Remove temporary report file #132
- Add Chef Server authentication support #129
- Add unit tests #128
- JSON file reporter #126
- Features missing from 2.0.0 #116
- Implement reporting as InSpec plugin #111
- Harmonize audit cookbook profile fetcher with InSpec fetchers #110
- profile scan is reported every chef-client run even if compliance_profile resource wasn't executed #102
- audit cookbook compliance run and report should not report converge #70
- quiet should control whether converge is reported by Chef #65
- Node information sent to Compliance after first audit run are not accurate #40
- 403 Forbidden #21
Merged pull requests:
- adding support for alternate gem source #146 (jeremymv2)
- enable chef-server fetcher attribute #145 (chris-rock)
- Supermarket #143 (jeremymv2)
- fixing resources reporting as updated #142 (jeremymv2)
- fix #136 thanks @jeremymv2 #141 (chris-rock)
- fix #137 #140 (chris-rock)
- implement chef-server fetcher and reporter #135 (chris-rock)
- fix reporting files #134 (vjeffrey)
- do not hand over run context into reporter #133 (chris-rock)
- Add unit tests #131 (vjeffrey)
- update readme #130 (chris-rock)
- bring back intervals #127 (vjeffrey)
- Integrate with Chef Compliance #124 (chris-rock)
- move testing deps to integration group in berksfile #123 (vjeffrey)
- Upload profiles to Chef Compliance via Chef resource #122 (vjeffrey)
- harmonize profile targets #121 (vjeffrey)
- Update Github PR template #120 (tas50)
- recover examples #119 (chris-rock)
- add reference to 1.x documentation #117 (chris-rock)
- Activate test-kitchen in travis #114 (chris-rock)
- use chef handler to run inspec tests #113 (vjeffrey)
v1.1.0 (2016-10-18)
Fixed bugs:
- cookbook in master fails to converge #108
Closed issues:
- Interval setting is not working properly #101
Merged pull requests:
- Fix resource_collection profiles selector. #109 (alexpop)
- convert library resources to proper custom resources #107 (lamont-granquist)
- described refresh_token behavior when logging out of UI #105 (jeremymv2)
- fixing interval issues #104 (jeremymv2)
v1.0.2 (2016-10-12)
Fixed bugs:
v1.0.1 (2016-10-06)
Merged pull requests:
v1.0.0 (2016-09-28)
Implemented enhancements:
Fixed bugs:
- Update to InSpec 1.0 #98
Closed issues:
- Some tests against windows machines will fail with winrm unitialized constant errors #94
- Gzip error executing on windows host #93
Merged pull requests:
- update to work with inspec 1.0 json format #99 (vjeffrey)
- Compliance profile upload #96 (jeremymv2)
- bump inspec version to 0.34.1 to fix issue #94 #95 (thomascate)
- Compliance Token resource #91 (jeremymv2)
- Updated examples #83 (jwmathe)
v0.14.4 (2016-09-06)
Implemented enhancements:
Merged pull requests:
- fix Tempfile.new #88 (jeremymv2)
- making Auth - bad clock errors clearer #87 (jeremymv2)
- adding clarifications #86 (jeremymv2)
v0.14.3 (2016-08-25)
Implemented enhancements:
- improve compliance refresh token handling #85 (chris-rock)
Fixed bugs:
v0.14.2 (2016-08-16)
Implemented enhancements:
- restrict travis branch testing to master #79 (chris-rock)
- improve info logging to see which reporter is used #77 (chris-rock)
Fixed bugs:
- Fix compliance direct communitcation #80 (chris-rock)
- use new collector attribute in examples #78 (chris-rock)
Closed issues:
Merged pull requests:
- update metadata.rb #76 (chris-rock)
v0.14.1 (2016-08-15)
Merged pull requests:
- ChefCompliance collector fix #75 (alexpop)
- Update changelog generator task to be native rake task #74 (brentm5)
v0.14.0 (2016-08-12)
Merged pull requests:
- removing requirement for setting chef server url #73 (jeremymv2)
- Add collector attribute and visibility reporting #72 (chris-rock)
v0.13.1 (2016-06-27)
Merged pull requests:
- 0.13.1 #69 (chris-rock)
- Standardized node access to classic way #68 (mhedgpeth)
v0.13.0 (2016-06-22)
Closed issues:
- audit cookbook should not report a converge #23
Merged pull requests:
- Merged interval functionality into default.rb recipe, updated documentation, gave quiet default #64 (mhedgpeth)
v0.12.0 (2016-06-09)
Merged pull requests:
v0.11.0 (2016-06-09)
Merged pull requests:
- Release 0.11.0 #60 (smurawski)
- http_rescue not required with tempfile #59 (Anirudh-Gupta)
v0.10.0 (2016-06-01)
Merged pull requests:
- handle auth error #58 (chris-rock)
v0.9.1 (2016-05-26)
Closed issues:
- Reports are not displayed in Chef Compliance #52
- Cookbook issue with Windows path #48
- Report to Chef Compliance directly #45
Merged pull requests:
- test-kitchen example for Chef Compliance direct reporting #57 (chris-rock)
- changed access token handling #56 (cjohannsen81)
- add changelog #55 (chris-rock)
- Inspec 0.22.1 for Chef Compliance 1.2.3 #44 (chris-rock)
v0.9.0 (2016-05-25)
Closed issues:
- Provide support for additional profile hosting sources #49
- Scan reports showing up as "Skipped" in the Compliance server UI #46
Merged pull requests:
- Optimize the direct reporting to Chef Compliance #54 (chris-rock)
- changed FileUtils, tar_path and profile_path behavior #51 (cjohannsen81)
- Support other sources #50 (jeremymv2)
- quiet mode for inspec scans #47 (jeremymv2)
v0.8.0 (2016-05-18)
Closed issues:
- Compliance results no longer reports back to Chef Compliance with latest version of inspec #41
Merged pull requests:
v0.7.0 (2016-05-13)
Closed issues:
- Undefined method 'path' for nil:NilClass #39
- Support chef-client < 12.5.1 #30
- standalone Compliance report #12
- we should use the latest inspec version by default #8
Merged pull requests:
- pin inspec to 0.20.1 #42 (chris-rock)
v0.6.0 (2016-05-03)
Merged pull requests:
- fix: use_ssl value has changed error #37 (jeremymv2)
- Add profile name validation and unit tests #36 (alexpop)
- Adding an interval check, if you don't want to run every time #17 (spuranam)
v0.5.1 (2016-04-27)
Merged pull requests:
v0.5.0 (2016-04-25)
Closed issues:
- add option to fail chef run, if the audit failed #3
Merged pull requests:
- Make inspec_version a cookbook attribute and default it to latest #33 (alexpop)
- update bundler #32 (chris-rock)
- update README.md with client version requirement #29 (jeremymv2)
v0.4.4 (2016-04-22)
Merged pull requests:
- update inspec gem version pin #31 (jeremymv2)
- work with token and direct compliance server API #20 (srenatus)
v0.4.3 (2016-04-20)
Merged pull requests:
- chef-compliance profiles changes require a new ver of inspec #28 (alexpop)
- Add our github templates #27 (tas50)
- failing converge if any audits failed #25 (jeremymv2)
- Misc updates #24 (tas50)
- adding ability to handle offline compliance server #22 (jeremymv2)
v0.3.3 (2016-04-05)
Merged pull requests:
v0.3.2 (2016-04-04)
Merged pull requests:
v0.3.1 (2016-04-01)
Closed issues:
- Do not crash default recipe, if node['audit'] is not defined #4
- add default recipe that reads profiles from attributes #1
Merged pull requests:
- Update readme and update version to test stove cookbook update #16 (alexpop)
- Update github links and change to version 0.3.0 #15 (alexpop)
- prepare test-kitchen tests #10 (chris-rock)
- offer native inspec-style syntax as an alternative #9 (arlimus)
- lint files and activate travis testing #7 (chris-rock)
- Update readme and add license information #6 (chris-rock)
- add default attributes file #5 (srenatus)
- audit::default: read profiles from attributes, push report to chefserver #2 (srenatus)
* This Changelog was automatically generated by github_changelog_generator
Collaborator Number Metric
9.2.0 passed this metric
Contributing File Metric
9.2.0 passed this metric
Foodcritic Metric
9.2.0 passed this metric
No Binaries Metric
9.2.0 passed this metric
Testing File Metric
9.2.0 passed this metric
Version Tag Metric
9.2.0 passed this metric
9.2.0 passed this metric
9.2.0 passed this metric
Foodcritic Metric
9.2.0 passed this metric
No Binaries Metric
9.2.0 passed this metric
Testing File Metric
9.2.0 passed this metric
Version Tag Metric
9.2.0 passed this metric
9.2.0 passed this metric
9.2.0 passed this metric
Testing File Metric
9.2.0 passed this metric
Version Tag Metric
9.2.0 passed this metric
9.2.0 passed this metric
9.2.0 passed this metric