Module: Chef::Compliance
- Defined in:
- lib/chef/compliance/input.rb,
lib/chef/compliance/runner.rb,
lib/chef/compliance/waiver.rb,
lib/chef/compliance/profile.rb,
lib/chef/compliance/reporter/cli.rb,
lib/chef/compliance/fetcher/automate.rb,
lib/chef/compliance/input_collection.rb,
lib/chef/compliance/reporter/automate.rb,
lib/chef/compliance/waiver_collection.rb,
lib/chef/compliance/default_attributes.rb,
lib/chef/compliance/profile_collection.rb,
lib/chef/compliance/reporter/json_file.rb,
lib/chef/compliance/fetcher/chef_server.rb,
lib/chef/compliance/reporter/compliance_enforcer.rb,
lib/chef/compliance/reporter/chef_server_automate.rb
Defined Under Namespace
Modules: Fetcher, Reporter Classes: Input, InputCollection, Profile, ProfileCollection, Runner, Waiver, WaiverCollection
Constant Summary collapse
- DEFAULT_ATTRIBUTES =
Chef::Node::VividMash.new( # If enabled, a cache is built for all backend calls. This should only be # disabled if you are expecting unique results from the same backend call. # Under the covers, this controls :command and :file caching on Chef InSpec's # Train connection. "inspec_backend_cache" => true, # Controls what is done with the resulting report after the Chef InSpec run. # Accepts a single string value or an array of multiple values. # Accepted values: 'chef-server-automate', 'chef-automate', 'json-file', 'audit-enforcer', 'compliance-enforcer', 'cli' "reporter" => nil, # Controls if Chef InSpec profiles should be fetched from Chef Automate or Chef Infra Server # in addition to the default fetch locations provided by Chef Inspec. # Accepted values: nil, 'chef-server', 'chef-automate' "fetcher" => nil, # Allow for connections to HTTPS endpoints using self-signed ssl certificates. "insecure" => nil, # Controls verbosity of Chef InSpec runner. See less output when true. "quiet" => true, # Chef Inspec Compliance profiles to be used for scan of node. # See Compliance Phase documentation for further details: # https://docs.chef.io/chef_compliance_phase/#compliance-phase-configuration "profiles" => {}, # Extra inputs passed to Chef InSpec to allow finer-grained control over behavior. # See Chef Inspec's documentation for more information: https://docs.chef.io/inspec/inputs/ "inputs" => {}, # Legacy alias for inputs "attributes" => {}, # A string path or an array of paths to Chef InSpec waiver files. # See Chef Inspec's documentation for more information: https://docs.chef.io/inspec/waivers/ "waiver_file" => nil, "json_file" => { # The location on disk that Chef InSpec's json reports are saved to when using the # 'json-file' reporter. Defaults to: # <chef_cache_path>/compliance_reports/compliance-<timestamp>.json "location" => Chef::Util::PathHelper.join( Chef::Config[:cache_path], "compliance_reports", Time.now.utc.strftime("compliance-%Y%m%d%H%M%S.json") ), }, # Control results that have a `run_time` below this limit will # be stripped of the `start_time` and `run_time` fields to # reduce the size of the reports being sent to Chef Automate. "run_time_limit" => 1.0, # A control result message that exceeds this character limit will be truncated. # This helps keep reports to a reasonable size. On rare occasions, we've seen messages exceeding 9 MB in size, # causing the report to not be ingested in the backend because of the 4 MB report size rpc limitation. # Chef InSpec will append this text at the end of any truncated messages: `[Truncated to 10000 characters]` "result_message_limit" => 10000, # When a Chef InSpec resource throws an exception, results will contain a short error message and a # detailed ruby stacktrace of the error. This attribute instructs Chef InSpec not to include the detailed stacktrace in order # to keep the overall report to a manageable size. "result_include_backtrace" => false, # The array of results per control will be truncated at this limit to avoid large reports that cannot be # processed by Chef Automate. A summary of removed results will be sent with each impacted control. "control_results_limit" => 50, # If enabled, a hash representation of the Chef Infra node object will be sent to Chef InSpec in an input # named `chef_node`. "chef_node_attribute_enabled" => true, # Should the built-in compliance phase run. True and false force the behavior. Nil does magic based on if you have # profiles defined but do not have the audit cookbook enabled. "compliance_phase" => false, "interval" => { # control how often inspec scans are run, if not on every node converge # notes: false value will result in running inspec scan every converge "enabled" => false, # controls how often inspec scans are run (in minutes) # notes: only used if interval is enabled above "time" => 1440, } )