-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds cops to detect Chef Vault usage. #762
Conversation
Fixed typo in comment in cookstyle.yml Signed-off-by: Scott Vidmar <svidmar@chef.io>
Signed-off-by: Scott Vidmar <svidmar@chef.io>
Signed-off-by: Scott Vidmar <svidmar@chef.io>
Signed-off-by: Scott Vidmar <svidmar@chef.io>
(str "chef-vault")) | ||
PATTERN | ||
|
||
def_node_matcher :include?, <<-PATTERN |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since the string is the same on these you could turn them into a single matcher { :require :include_recipe :chef_gem}. It's probably a bit faster to process a single matcher.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome! I didn't realize I could do that. Updated!
Signed-off-by: Scott Vidmar <svidmar@chef.io>
Updated with PR comments, tests below: $ bundle exec rake style; bundle exec rake validate_config; bundle exec rspec spec -f p 454 files inspected, no offenses detected All examples were filtered out; ignoring {:focus=>true} Randomized with seed 18395 Finished in 1.27 seconds (files took 1.15 seconds to load) Randomized with seed 18395 |
docs/cops_chefeffortless.md
Outdated
|
||
### References | ||
|
||
* [https://rubystyle.guide#chefeffortlessdependschefvault](ttps://rubystyle.guide#chefeffortlessdependschefvault) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* [https://rubystyle.guide#chefeffortlessdependschefvault](ttps://rubystyle.guide#chefeffortlessdependschefvault) | |
* [https://rubystyle.guide#chefeffortlessdependschefvault](https://rubystyle.guide#chefeffortlessdependschefvault) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch! Fixed that up.
docs/cops_chefeffortless.md
Outdated
|
||
### References | ||
|
||
* [https://rubystyle.guide#chefeffortlessdependschefvault](ttps://rubystyle.guide#chefeffortlessdependschefvault) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* [https://rubystyle.guide#chefeffortlessdependschefvault](ttps://rubystyle.guide#chefeffortlessdependschefvault) | |
* [https://rubystyle.guide#chefeffortlessdependschefvault](https://rubystyle.guide#chefeffortlessdependschefvault) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed this one up! Thanks!
Signed-off-by: Scott Vidmar <svidmar@chef.io>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few minor changes
config/cookstyle.yml
Outdated
Description: Cookbook uses Chef Vault, which cannot be used in the Effortless Infra pattern | ||
StyleGuide: '#chefeffortlesscookbookuseschefvault' | ||
Enabled: false | ||
VersionAdded: '6.19.2' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
VersionAdded: '6.19.2' | |
VersionAdded: '6.19' |
config/cookstyle.yml
Outdated
Description: Cookbook depends on Chef Vault, which cannot be used in the Effortless Infra pattern | ||
StyleGuide: '#chefeffortlesscookbookdependschefvault' | ||
Enabled: false | ||
VersionAdded: '6.19.2' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
VersionAdded: '6.19.2' | |
VersionAdded: '6.19' |
@@ -0,0 +1,46 @@ | |||
# frozen_string_literal: true | |||
# | |||
# Copyright:: 2019, Chef Software Inc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# Copyright:: 2019, Chef Software Inc. | |
# Copyright:: 2020, Chef Software Inc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Might as well toss an author block up there as well to give yourself some street cred
@@ -0,0 +1,87 @@ | |||
# frozen_string_literal: true | |||
# | |||
# Copyright:: 2019, Chef Software Inc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# Copyright:: 2019, Chef Software Inc. | |
# Copyright:: 2020, Chef Software Inc. |
module Cop | ||
module Chef | ||
module ChefEffortless | ||
# Cookbook:: Chef Vault does not work with Effortless |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# Cookbook:: Chef Vault does not work with Effortless | |
# Chef Vault is not compatible with the Chef Infra Effortless pattern due to its reliance on Data Bags to store secrets. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed that up.
module Cop | ||
module Chef | ||
module ChefEffortless | ||
# Cookbook:: metadata.rb Chef Vault does not work with Effortless |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# Cookbook:: metadata.rb Chef Vault does not work with Effortless | |
# Chef Vault is not compatible with the Chef Infra Effortless pattern due to its reliance on Data Bags to store secrets. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ack! Sorry, that was careless of me. Fixed.
# depends 'chef-vault' | ||
# | ||
class DependsChefVault < Base | ||
MSG = 'Chef Vault usage is not supported in the Effortless pattern' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
MSG = 'Chef Vault usage is not supported in the Effortless pattern' | |
MSG = 'Chef Vault usage is not supported in the Effortless pattern' | |
RESTRICT_ON_SEND = [:depends].freeze |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good call! Done!
- Correct copyright statements to 2020. - Update version added to 6.19, not 6.19.2 - Add author statements. Signed-off-by: Scott Vidmar <svidmar@chef.io>
Should have all changes requested incorporated: $ bundle exec rake style; bundle exec rake validate_config; bundle exec rspec spec -f p 454 files inspected, no offenses detected All examples were filtered out; ignoring {:focus=>true} Randomized with seed 43876 Finished in 1.23 seconds (files took 1.2 seconds to load) Randomized with seed 43876 |
Added two cops to detect Chef Vault usage in the Effortless module:
Description
Chef Vault cannot be used while utilizing the Effortless pattern. These cops detect depends statements in metadata.rb and usage of methods and constants related to Chef Vault.
Related Issue
#346
Types of changes
Checklist:
Testing
$ bundle exec rake style; bundle exec rake validate_config; bundle exec rspec spec -f p
bundle exec cookstyle
Inspecting 454 files
......................................................................................................................................................................................................................................................................................................................................................................................................................................................................
454 files inspected, no offenses detected
Checking that all cops are defined in config/cookstyle.yml:
All Cops found in the config. Good work.
Run options: include {:focus=>true}
All examples were filtered out; ignoring {:focus=>true}
Randomized with seed 17373
.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Finished in 1.44 seconds (files took 1.24 seconds to load)
793 examples, 0 failures
Randomized with seed 17373