audit icon indicating copy to clipboard operation
audit copied to clipboard

Published 20 hours ago verified publisher icon chef-boneyard

Profile Inheritance with Chef Server Fetcher

Open donwlewis opened this issue 5 years ago • 1 comments

Cookbook version

9.0.1

Chef-client version

15.4.45

Platform Details

RHEL 7.7

Scenario:

Create a simple inspec profile that inherits from a compliance profile that is on our Automate instance, leveraging the chef server as the fetcher

Steps to Reproduce:

Create a profile that runs a couple of controls from an inherited profile. Use the audit cookbook to run that profile, and configured the following audit attributes:

Inspec YAML

name: inspec_test
title: Inspec Test
maintainer: Me
copyright: Me
license: Proprietary, All rights reserved
summary: This is a test.
version: 0.1.1
supports:
  - os-family: linux
depends:
  - name: cis-rhel7-level2-server
    compliance: [email protected]/cis-rhel7-level1-server

Audit Controls

include_controls 'cis-rhel7-level1-server' do
  control 'xccdf_org.cisecurity.benchmarks_rule_5.2.11_Ensure_only_approved_MAC_algorithms_are_used'
  control 'xccdf_org.cisecurity.benchmarks_rule_5.2.10_Ensure_SSH_PermitUserEnvironment_is_disabled' do
    impact 0.5
  end
end

Audit Cookbook Attributes

default['audit']['reporter'] = 'chef-server-automate'
default['audit']['fetcher'] = 'chef-server'
default['audit']['profiles']['inspec_test'] = {
  'git': 'https://gitrepo.test/compliance/inspec_test.git'
}

Expected Result:

The audit cookbook should pull down dependencies and run the specified controls, and report back to the automate server.

Actual Result:

The following error occurs:

[2019-11-20T21:34:01+00:00] INFO: Running tests from: [{:git=>"https://code.ad.merlin.net/compliance/inspec_test.git", :name=>"inspec_test"}]
[2019-11-20T21:34:01+00:00] INFO: Fetching profile from: https://chef-server.test/compliance/organizations/dev/owners/[email protected]/compliance/cis-rhel7-level1-server/tar
[2019-11-20T21:34:01+00:00] ERROR: Report handler Chef::Handler::AuditReport raised #<NoMethodError: undefined method `[]' for nil:NilClass>
[2019-11-20T21:34:01+00:00] ERROR: /var/chef/cache/cookbooks/audit/files/default/vendor/chef-server/fetcher.rb:135:in `chef_server_url'
[2019-11-20T21:34:01+00:00] ERROR: /var/chef/cache/cookbooks/audit/files/default/vendor/chef-server/fetcher.rb:87:in `resolved_source'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/cached_fetcher.rb:22:in `resolved_source'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/dependencies/requirement.rb:79:in `resolved_source'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/dependencies/resolver.rb:67:in `block in resolve'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/dependencies/resolver.rb:59:in `each'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/dependencies/resolver.rb:59:in `resolve'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/dependencies/resolver.rb:30:in `resolve'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/dependencies/dependency_set.rb:90:in `vendor'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/profile.rb:537:in `generate_lockfile'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/profile.rb:524:in `lockfile'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/profile.rb:548:in `load_dependencies'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/profile.rb:492:in `locked_dependencies'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/runner.rb:104:in `block in load'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/runner.rb:99:in `each'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/runner.rb:99:in `load'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/inspec-core-4.17.17/lib/inspec/runner.rb:127:in `run'
[2019-11-20T21:34:01+00:00] ERROR: /var/chef/cache/cookbooks/audit/files/default/handler/audit_report.rb:174:in `call'
[2019-11-20T21:34:01+00:00] ERROR: /var/chef/cache/cookbooks/audit/files/default/handler/audit_report.rb:82:in `report'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/handler.rb:256:in `run_report_unsafe'
[2019-11-20T21:34:01+00:00] ERROR: /var/chef/cache/cookbooks/audit/files/default/handler/audit_report.rb:100:in `run_report_safely'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/handler.rb:123:in `block in run_report_handlers'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/handler.rb:121:in `each'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/handler.rb:121:in `run_report_handlers'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/handler.rb:133:in `block in <class:Handler>'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/client.rb:418:in `block in run_completed_successfully'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/client.rb:417:in `each'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/client.rb:417:in `run_completed_successfully'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/client.rb:293:in `run'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/application.rb:320:in `run_with_graceful_exit_option'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/application.rb:296:in `block in run_chef_client'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/local_mode.rb:42:in `with_server_connectivity'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/application.rb:279:in `run_chef_client'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/application/base.rb:330:in `run_application'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.4.45/lib/chef/application.rb:69:in `run'
[2019-11-20T21:34:01+00:00] ERROR: /opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-bin-15.4.45/bin/chef-client:25:in `<top (required)>'
[2019-11-20T21:34:01+00:00] ERROR: /bin/chef-client:163:in `load'
[2019-11-20T21:34:01+00:00] ERROR: /bin/chef-client:163:in `<main>'
  - Chef::Handler::AuditReport
Running handlers complete
[2019-11-20T21:34:01+00:00] INFO: Report handlers complete
Chef Infra Client finished, 0/2 resources updated in 03 seconds

donwlewis avatar Nov 21 '19 15:11 donwlewis

There was a type in the name seciton, but I fixed that and still get the same issue.

donwlewis avatar Nov 21 '19 18:11 donwlewis