class Chef::Audit::AuditReporter

Constants

PROTOCOL_VERSION

Attributes

audit_data[R]
ordered_control_groups[R]
rest_client[R]
run_status[R]

Public Class Methods

new(rest_client) click to toggle source
# File lib/chef/audit/audit_reporter.rb, line 33
def initialize(rest_client)
  @rest_client = rest_client
  # Ruby 1.9.3 and above "enumerate their values in the order that the corresponding keys were inserted."
  @ordered_control_groups = Hash.new
  @audit_phase_error = nil
end

Public Instance Methods

audit_phase_complete(audit_output) click to toggle source
# File lib/chef/audit/audit_reporter.rb, line 50
def audit_phase_complete(audit_output)
  Chef::Log.trace("Audit Reporter completed successfully without errors.")
  ordered_control_groups.each_value do |control_group|
    audit_data.add_control_group(control_group)
  end
end
audit_phase_failed(error, audit_output) click to toggle source

If the audit phase failed, its because there was some kind of error in the framework that runs tests - normal errors are interpreted as EXAMPLE failures and captured. We still want to send available audit information to the server so we process the known control groups.

# File lib/chef/audit/audit_reporter.rb, line 61
def audit_phase_failed(error, audit_output)
  # The stacktrace information has already been logged elsewhere
  @audit_phase_error = error
  Chef::Log.trace("Audit Reporter failed.")
  ordered_control_groups.each_value do |control_group|
    audit_data.add_control_group(control_group)
  end
end
audit_phase_start(run_status) click to toggle source
# File lib/chef/audit/audit_reporter.rb, line 44
def audit_phase_start(run_status)
  Chef::Log.trace("Audit Reporter starting")
  @audit_data = AuditData.new(run_status.node.name, run_status.run_id)
  @run_status = run_status
end
auditing_enabled?() click to toggle source

If @audit_enabled is nil or true, we want to run audits

# File lib/chef/audit/audit_reporter.rb, line 99
def auditing_enabled?
  Chef::Config[:audit_mode] != :disabled
end
control_example_failure(control_group_name, example_data, error) click to toggle source
# File lib/chef/audit/audit_reporter.rb, line 93
def control_example_failure(control_group_name, example_data, error)
  control_group = ordered_control_groups[control_group_name]
  control_group.example_failure(example_data, error.message)
end
control_example_success(control_group_name, example_data) click to toggle source
# File lib/chef/audit/audit_reporter.rb, line 88
def control_example_success(control_group_name, example_data)
  control_group = ordered_control_groups[control_group_name]
  control_group.example_success(example_data)
end
control_group_started(name) click to toggle source
# File lib/chef/audit/audit_reporter.rb, line 80
def control_group_started(name)
  if ordered_control_groups.has_key?(name)
    raise Chef::Exceptions::AuditControlGroupDuplicate.new(name)
  end
  metadata = run_context.audits[name].metadata
  ordered_control_groups.store(name, ControlGroupData.new(name, metadata))
end
run_completed(node) click to toggle source
# File lib/chef/audit/audit_reporter.rb, line 70
def run_completed(node)
  post_auditing_data
end
run_context() click to toggle source
# File lib/chef/audit/audit_reporter.rb, line 40
def run_context
  run_status.run_context
end
run_failed(error) click to toggle source
# File lib/chef/audit/audit_reporter.rb, line 74
def run_failed(error)
  # Audit phase errors are captured when audit_phase_failed gets called.
  # The error passed here isn't relevant to auditing, so we ignore it.
  post_auditing_data
end

Private Instance Methods

encode_gzip(data) click to toggle source
# File lib/chef/audit/audit_reporter.rb, line 165
def encode_gzip(data)
  "".tap do |out|
    Zlib::GzipWriter.wrap(StringIO.new(out)) { |gz| gz << data }
  end
end
headers(additional_headers = {}) click to toggle source
# File lib/chef/audit/audit_reporter.rb, line 160
def headers(additional_headers = {})
  options = { "X-Ops-Audit-Report-Protocol-Version" => PROTOCOL_VERSION }
  options.merge(additional_headers)
end
iso8601ify(time) click to toggle source
# File lib/chef/audit/audit_reporter.rb, line 171
def iso8601ify(time)
  time.utc.iso8601.to_s
end
post_auditing_data() click to toggle source
# File lib/chef/audit/audit_reporter.rb, line 105
def post_auditing_data
  unless auditing_enabled?
    Chef::Log.trace("Audit Reports are disabled. Skipping sending reports.")
    return
  end

  unless run_status
    Chef::Log.trace("Run failed before audit mode was initialized, not sending audit report to server")
    return
  end

  audit_data.start_time = iso8601ify(run_status.start_time)
  audit_data.end_time = iso8601ify(run_status.end_time)

  audit_history_url = "controls"
  Chef::Log.trace("Sending audit report (run-id: #{audit_data.run_id})")
  run_data = audit_data.to_hash

  if @audit_phase_error
    error_info = "#{@audit_phase_error.class}: #{@audit_phase_error.message}"
    error_info << "\n#{@audit_phase_error.backtrace.join("\n")}" if @audit_phase_error.backtrace
    run_data[:error] = error_info
  end

  Chef::Log.trace "Audit Report:\n#{Chef::JSONCompat.to_json_pretty(run_data)}"
  begin
    rest_client.post(audit_history_url, run_data, headers)
  rescue StandardError => e
    if e.respond_to? :response
      # 404 error code is OK. This means the version of server we're running against doesn't support
      # audit reporting. Don't alarm failure in this case.
      if e.response.code == "404"
        Chef::Log.trace("Server doesn't support audit reporting. Skipping report.")
        return
      else
        # Save the audit report to local disk
        error_file = "failed-audit-data.json"
        Chef::FileCache.store(error_file, Chef::JSONCompat.to_json_pretty(run_data), 0640)
        if Chef::Config.chef_zero.enabled
          Chef::Log.trace("Saving audit report to #{Chef::FileCache.load(error_file, false)}")
        else
          Chef::Log.error("Failed to post audit report to server. Saving report to #{Chef::FileCache.load(error_file, false)}")
        end
      end
    else
      Chef::Log.error("Failed to post audit report to server (#{e})")
    end

    if Chef::Config[:enable_reporting_url_fatals]
      Chef::Log.error("Reporting fatals enabled. Aborting run.")
      raise
    end
  end
end