class Chef::Compliance::WaiverCollection
Constants
- HIDDEN_IVARS
Attributes
Event dispatcher for this run.
@return [Chef::EventDispatch::Dispatcher]
Public Class Methods
# File lib/chef/compliance/waiver_collection.rb, line 29 def initialize(events) @events = events end
Public Instance Methods
Add a waiver to the waiver collection. The cookbook_name needs to be determined by the caller and is used in the ‘include_waiver` API to match on. The path should be the complete path on the host of the yml file, including the filename.
@param path [String] @param cookbook_name [String]
# File lib/chef/compliance/waiver_collection.rb, line 40 def from_file(filename, cookbook_name) new_waiver = Waiver.from_file(events, filename, cookbook_name) self << new_waiver events&.compliance_waiver_loaded(new_waiver) end
Add a waiver from a raw hash. This waiver will be enabled by default.
@param path [String] @param cookbook_name [String]
# File lib/chef/compliance/waiver_collection.rb, line 51 def from_hash(hash) new_waiver = Waiver.from_hash(events, hash) new_waiver.enable! self << new_waiver end
DSL
method to enable waiver files. This matches on the filename of the waiver file. If the specific waiver is omitted then it uses the default waiver. The string supports regular expression matching.
@example Specific waiver file in a cookbook
include_waiver
“acme_cookbook::ssh-001”
@example The compliance/waiver/default.rb waiver file in a cookbook
include_waiver
“acme_cookbook”
@example Every waiver file in a cookbook
include_waiver
“acme_cookbook::.*”
@example Matching waivers by regexp in a cookbook
include_waiver
“acme_cookbook::ssh.*”
@example Matching waivers by regexp in any cookbook in the cookbook collection
include_waiver
“.::ssh.”
@example Adding an arbitrary hash of data (not from any file in a cookbook)
include_waiver
({ “ssh-01” => {
"expiration_date" => "2033-07-31", "run" => false, "justification" => "the reason it is waived",
} })
# File lib/chef/compliance/waiver_collection.rb, line 95 def include_waiver(arg) raise "include_waiver was given a nil value" if arg.nil? # if we're given a hash argument just shove it in the collection if arg.is_a?(Hash) from_hash(arg) return end matching_waivers!(arg).each(&:enable!) end
@return [Array<Waiver>] inspec waivers which are enabled in a form suitable to pass to inspec
# File lib/chef/compliance/waiver_collection.rb, line 59 def inspec_data select(&:enabled?).each_with_object({}) { |waiver, hash| hash.merge!(waiver.inspec_data) } end
Omit the event object from error output
# File lib/chef/compliance/waiver_collection.rb, line 115 def inspect ivar_string = (instance_variables.map(&:to_sym) - HIDDEN_IVARS).map do |ivar| "#{ivar}=#{instance_variable_get(ivar).inspect}" end.join(", ") "#<#{self.class}:#{object_id} #{ivar_string}>" end
# File lib/chef/compliance/waiver_collection.rb, line 107 def valid?(arg) !matching_waivers(arg).empty? end
Private Instance Methods
# File lib/chef/compliance/waiver_collection.rb, line 124 def matching_waivers(arg, should_raise: false) (cookbook_name, waiver_name) = arg.split("::") waiver_name = "default" if waiver_name.nil? waivers = select { |waiver| /^#{cookbook_name}$/.match?(waiver.cookbook_name) && /^#{waiver_name}$/.match?(waiver.pathname) } if waivers.empty? && should_raise raise "No inspec waivers matching '#{waiver_name}' found in cookbooks matching '#{cookbook_name}'" end waivers end
# File lib/chef/compliance/waiver_collection.rb, line 138 def matching_waivers!(arg) matching_waivers(arg, should_raise: true) end