Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Profile Inheritance with Chef Server Fetcher #400

Open
donwlewis opened this issue Nov 21, 2019 · 1 comment
Open

Profile Inheritance with Chef Server Fetcher #400

donwlewis opened this issue Nov 21, 2019 · 1 comment
Labels
Aspect: Integration Works correctly with other projects or systems. Type: Bug Does not work as expected.

Comments

@donwlewis
Copy link

Cookbook version

9.0.1

Chef-client version

15.4.45

Platform Details

RHEL 7.7

Scenario:

Create a simple inspec profile that inherits from a compliance profile that is on our Automate instance, leveraging the chef server as the fetcher

Steps to Reproduce:

Create a profile that runs a couple of controls from an inherited profile. Use the audit cookbook to run that profile, and configured the following audit attributes:

Inspec YAML

name: inspec_test
title: Inspec Test
maintainer: Me
copyright: Me
license: Proprietary, All rights reserved
summary: This is a test.
version: 0.1.1
supports:
  - os-family: linux
depends:
  - name: cis-rhel7-level2-server
    compliance: [email protected]/cis-rhel7-level1-server

Audit Controls

include_controls 'cis-rhel7-level1-server' do
  control 'xccdf_org.cisecurity.benchmarks_rule_5.2.11_Ensure_only_approved_MAC_algorithms_are_used'
  control 'xccdf_org.cisecurity.benchmarks_rule_5.2.10_Ensure_SSH_PermitUserEnvironment_is_disabled' do
    impact 0.5
  end
end

Audit Cookbook Attributes

default['audit']['reporter'] = 'chef-server-automate'
default['audit']['fetcher'] = 'chef-server'
default['audit']['profiles']['inspec_test'] = {
  'git': 'https://gitrepo.test/compliance/inspec_test.git'
}

Expected Result:

The audit cookbook should pull down dependencies and run the specified controls, and report back to the automate server.

Actual Result:

The following error occurs:

[2019-11-20T21:34:01+00:00] INFO: Running tests from: [{:git=>"https://code.ad.merlin.net/compliance/inspec_test.git", :name=>"inspec_test"}]
[2019-11-20T21:34:01+00:00] INFO: Fetching profile from: https://chef-server.test/compliance/organizations/dev/owners/[email protected]/compliance/cis-rhel7-level1-server/tar
[2019-11-20T21:34:01+00:00] ERROR: Report handler Chef::Handler::AuditReport raised #<NoMethodError: undefined method `[]' for nil:NilClass>
[2019-11-20T21:34:01+00:00] ERROR: /var/chef/cache/cookbooks/audit/files/default/vendor/chef-server/fetcher.rb:135:in `chef_server_url'
[2019-11-20T21:34:01+00:00] ERROR: /var/chef/cache/cookbooks/audit/files/default/vendor/chef-server/fetcher.rb:87:in `resolved_source'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/cached_fetcher.rb:22:in `resolved_source'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/dependencies/requirement.rb:79:in `resolved_source'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/dependencies/resolver.rb:67:in `block in resolve'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/dependencies/resolver.rb:59:in `each'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/dependencies/resolver.rb:59:in `resolve'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/dependencies/resolver.rb:30:in `resolve'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/dependencies/dependency_set.rb:90:in `vendor'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/profile.rb:537:in `generate_lockfile'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/profile.rb:524:in `lockfile'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/profile.rb:548:in `load_dependencies'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/profile.rb:492:in `locked_dependencies'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/runner.rb:104:in `block in load'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/runner.rb:99:in `each'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/runner.rb:99:in `load'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/runner.rb:127:in `run'
[2019-11-20T21:34:01+00:00] ERROR: /var/chef/cache/cookbooks/audit/files/default/handler/audit_report.rb:174:in `call'
[2019-11-20T21:34:01+00:00] ERROR: /var/chef/cache/cookbooks/audit/files/default/handler/audit_report.rb:82:in `report'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/handler.rb:256:in `run_report_unsafe'
[2019-11-20T21:34:01+00:00] ERROR: /var/chef/cache/cookbooks/audit/files/default/handler/audit_report.rb:100:in `run_report_safely'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/handler.rb:123:in `block in run_report_handlers'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/handler.rb:121:in `each'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/handler.rb:121:in `run_report_handlers'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/handler.rb:133:in `block in <class:Handler>'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/client.rb:418:in `block in run_completed_successfully'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/client.rb:417:in `each'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/client.rb:417:in `run_completed_successfully'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/client.rb:293:in `run'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/application.rb:320:in `run_with_graceful_exit_option'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/application.rb:296:in `block in run_chef_client'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/local_mode.rb:42:in `with_server_connectivity'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/application.rb:279:in `run_chef_client'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/application/base.rb:330:in `run_application'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/application.rb:69:in `run'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-bin-15.4.45/bin/chef-client:25:in `<top (required)>'
[2019-11-20T21:34:01+00:00] ERROR: /bin/chef-client:163:in `load'
[2019-11-20T21:34:01+00:00] ERROR: /bin/chef-client:163:in `<main>'
  - Chef::Handler::AuditReport
Running handlers complete
[2019-11-20T21:34:01+00:00] INFO: Report handlers complete
Chef Infra Client finished, 0/2 resources updated in 03 seconds
@donwlewis
Copy link
Author

There was a type in the name seciton, but I fixed that and still get the same issue.

@clintoncwolfe clintoncwolfe added Aspect: Integration Works correctly with other projects or systems. Type: Bug Does not work as expected. labels Nov 25, 2019
@clintoncwolfe clintoncwolfe added this to the Sprint - 2019-11-27 milestone Nov 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Aspect: Integration Works correctly with other projects or systems. Type: Bug Does not work as expected.
Milestone
No milestone
Development

No branches or pull requests
3 participants
@clintoncwolfe @donwlewis @kekaichinose