Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore inspec_version for chef client >= 15 #378

Merged
merged 2 commits into from
Jul 3, 2019
Merged

Ignore inspec_version for chef client >= 15 #378

merged 2 commits into from
Jul 3, 2019

Conversation

alexpop
Copy link
Contributor

@alexpop alexpop commented Jul 2, 2019

The default['audit']['inspec_version'] attribute has been added to the cookbook before chef-client came with an embedded InSpec gem.

Currently the inspec_gem resource of the audit cookbook is uninstalling the existing versions of InSpec and installing the one specified by the inspec_version attribute. With the release of Chef Infra Client 15, this breaks /opt/chef/bin/chef-client as can be seen here:

[root@myapache ~]# chef-client
Traceback (most recent call last):
    3: from /usr/bin/chef-client:59:in `<main>'
    2: from /opt/chef/embedded/lib/ruby/2.6.0/rubygems/core_ext/kernel_gem.rb:65:in `gem'
    1: from /opt/chef/embedded/lib/ruby/2.6.0/rubygems/dependency.rb:323:in `to_spec'
/opt/chef/embedded/lib/ruby/2.6.0/rubygems/dependency.rb:313:in `to_specs': Could not find 'inspec-core' (= 4.3.2) - did find: [inspec-core-4.6.4]

I reproduced this issue by converging a node with Chef Infra Client 15.0.300 and the audit cookbook with attribute inspec_version set to 4.6.4. The inspec_gem resource uninstalled the embedded inspec-core version 4.3.2 and installed 4.6.4.

With this PR the audit cookbook ignores the inspec_version attribute when Chef Infra Client version 15+ is detected and uses the embedded InSpec gem for the scan. Not breaking chef-client at this moment is more important than using a specific version of InSpec for the scan.

@alexpop
Ignore inspec_version for chef client >= 15
162e33b 
Signed-off-by: Alex Pop <alexpop@users.noreply.github.com>
@alexpop alexpop added Type: Bug Does not work as expected. Type: Breaking Change Changes the way existing features work in a way that affects users. labels Jul 2, 2019
@alexpop alexpop requested a review from a team July 2, 2019 12:08
teknofire
teknofire reviewed Jul 2, 2019
View reviewed changes
metadata.rb
@@ -5,7 +5,7 @@
license 'Apache-2.0'
description 'Allows for fetching and executing compliance profiles, and reporting its results'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '7.8.0'
version '8.0.0'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should update the README support matrix entry for Chef Client 15 to >= 8.0.0 as well

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, pushed a commit for that, thank you!

@alexpop
Update readme for version requirements
583ef8b 
Signed-off-by: Alex Pop <alexpop@users.noreply.github.com>
@alexpop alexpop merged commit 7a64754 into master Jul 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@teknofire teknofire teknofire left review comments

@miah miah miah approved these changes

Assignees
No one assigned
Labels
Type: Breaking Change Changes the way existing features work in a way that affects users. Type: Bug Does not work as expected.
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alexpop @teknofire @miah