Class: Chef::Compliance::WaiverCollection

Inherits:
Array
  • Object
show all
Defined in:
lib/chef/compliance/waiver_collection.rb

Constant Summary collapse

HIDDEN_IVARS =
[ :@events ].freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(events) ⇒ WaiverCollection

Returns a new instance of WaiverCollection.



29
30
31
# File 'lib/chef/compliance/waiver_collection.rb', line 29

def initialize(events)
  @events = events
end

Instance Attribute Details

#eventsChef::EventDispatch::Dispatcher (readonly)

Event dispatcher for this run.



27
28
29
# File 'lib/chef/compliance/waiver_collection.rb', line 27

def events
  @events
end

Instance Method Details

#from_file(filename, cookbook_name) ⇒ Object

Add a waiver to the waiver collection. The cookbook_name needs to be determined by the caller and is used in the include_waiver API to match on. The path should be the complete path on the host of the yml file, including the filename.

Parameters:



40
41
42
43
44
# File 'lib/chef/compliance/waiver_collection.rb', line 40

def from_file(filename, cookbook_name)
  new_waiver = Waiver.from_file(events, filename, cookbook_name)
  self << new_waiver
  events&.compliance_waiver_loaded(new_waiver)
end

#from_hash(hash) ⇒ Object

Add a waiver from a raw hash. This waiver will be enabled by default.

Parameters:



51
52
53
54
55
# File 'lib/chef/compliance/waiver_collection.rb', line 51

def from_hash(hash)
  new_waiver = Waiver.from_hash(events, hash)
  new_waiver.enable!
  self << new_waiver
end

#include_waiver(arg) ⇒ Object

DSL method to enable waiver files. This matches on the filename of the waiver file. If the specific waiver is omitted then it uses the default waiver. The string supports regular expression matching.

include_waiver "acme_cookbook::ssh-001"

include_waiver "acme_cookbook"

include_waiver "acme_cookbook::.*"

include_waiver "acme_cookbook::ssh.*"

include_waiver ".::ssh."

include_waiver({ "ssh-01" => { "expiration_date" => "2033-07-31", "run" => false, "justification" => "the reason it is waived", } })

Examples:

Specific waiver file in a cookbook

The compliance/waiver/default.rb waiver file in a cookbook

Every waiver file in a cookbook

Matching waivers by regexp in a cookbook

Matching waivers by regexp in any cookbook in the cookbook collection

Adding an arbitrary hash of data (not from any file in a cookbook)



95
96
97
98
99
100
101
102
103
104
105
# File 'lib/chef/compliance/waiver_collection.rb', line 95

def include_waiver(arg)
  raise "include_waiver was given a nil value" if arg.nil?

  # if we're given a hash argument just shove it in the collection
  if arg.is_a?(Hash)
    from_hash(arg)
    return
  end

  matching_waivers!(arg).each(&:enable!)
end

#inspec_dataArray<Waiver>

Returns inspec waivers which are enabled in a form suitable to pass to inspec.

Returns:

  • (Array<Waiver>)

    inspec waivers which are enabled in a form suitable to pass to inspec



59
60
61
# File 'lib/chef/compliance/waiver_collection.rb', line 59

def inspec_data
  select(&:enabled?).each_with_object({}) { |waiver, hash| hash.merge!(waiver.inspec_data) }
end

#inspectObject

Omit the event object from error output



115
116
117
118
119
120
# File 'lib/chef/compliance/waiver_collection.rb', line 115

def inspect
  ivar_string = (instance_variables.map(&:to_sym) - HIDDEN_IVARS).map do |ivar|
    "#{ivar}=#{instance_variable_get(ivar).inspect}"
  end.join(", ")
  "#<#{self.class}:#{object_id} #{ivar_string}>"
end

#valid?(arg) ⇒ Boolean

Returns:

  • (Boolean)


107
108
109
# File 'lib/chef/compliance/waiver_collection.rb', line 107

def valid?(arg)
  !matching_waivers(arg).empty?
end