Adds cops to detect Chef Vault usage. #762
Conversation
Fixed typo in comment in cookstyle.yml Signed-off-by: Scott Vidmar <svidmar@chef.io>
Signed-off-by: Scott Vidmar <svidmar@chef.io>
Signed-off-by: Scott Vidmar <svidmar@chef.io>
Signed-off-by: Scott Vidmar <svidmar@chef.io>
| (str "chef-vault")) | ||
| PATTERN | ||
|
|
||
| def_node_matcher :include?, <<-PATTERN |
There was a problem hiding this comment.
Since the string is the same on these you could turn them into a single matcher { :require :include_recipe :chef_gem}. It's probably a bit faster to process a single matcher.
There was a problem hiding this comment.
Awesome! I didn't realize I could do that. Updated!
Signed-off-by: Scott Vidmar <svidmar@chef.io>
|
Updated with PR comments, tests below: $ bundle exec rake style; bundle exec rake validate_config; bundle exec rspec spec -f p 454 files inspected, no offenses detected All examples were filtered out; ignoring {:focus=>true} Randomized with seed 18395 Finished in 1.27 seconds (files took 1.15 seconds to load) Randomized with seed 18395 |
docs/cops_chefeffortless.md
Outdated
|
|
||
| ### References | ||
|
|
||
| * [https://rubystyle.guide#chefeffortlessdependschefvault](ttps://rubystyle.guide#chefeffortlessdependschefvault) |
There was a problem hiding this comment.
| * [https://rubystyle.guide#chefeffortlessdependschefvault](ttps://rubystyle.guide#chefeffortlessdependschefvault) | |
| * [https://rubystyle.guide#chefeffortlessdependschefvault](https://rubystyle.guide#chefeffortlessdependschefvault) |
docs/cops_chefeffortless.md
Outdated
|
|
||
| ### References | ||
|
|
||
| * [https://rubystyle.guide#chefeffortlessdependschefvault](ttps://rubystyle.guide#chefeffortlessdependschefvault) |
There was a problem hiding this comment.
| * [https://rubystyle.guide#chefeffortlessdependschefvault](ttps://rubystyle.guide#chefeffortlessdependschefvault) | |
| * [https://rubystyle.guide#chefeffortlessdependschefvault](https://rubystyle.guide#chefeffortlessdependschefvault) |
Signed-off-by: Scott Vidmar <svidmar@chef.io>
config/cookstyle.yml
Outdated
| Description: Cookbook uses Chef Vault, which cannot be used in the Effortless Infra pattern | ||
| StyleGuide: '#chefeffortlesscookbookuseschefvault' | ||
| Enabled: false | ||
| VersionAdded: '6.19.2' |
There was a problem hiding this comment.
| VersionAdded: '6.19.2' | |
| VersionAdded: '6.19' |
config/cookstyle.yml
Outdated
| Description: Cookbook depends on Chef Vault, which cannot be used in the Effortless Infra pattern | ||
| StyleGuide: '#chefeffortlesscookbookdependschefvault' | ||
| Enabled: false | ||
| VersionAdded: '6.19.2' |
There was a problem hiding this comment.
| VersionAdded: '6.19.2' | |
| VersionAdded: '6.19' |
| @@ -0,0 +1,46 @@ | |||
| # frozen_string_literal: true | |||
| # | |||
| # Copyright:: 2019, Chef Software Inc. | |||
There was a problem hiding this comment.
| # Copyright:: 2019, Chef Software Inc. | |
| # Copyright:: 2020, Chef Software Inc. |
There was a problem hiding this comment.
Might as well toss an author block up there as well to give yourself some street cred
| @@ -0,0 +1,87 @@ | |||
| # frozen_string_literal: true | |||
| # | |||
| # Copyright:: 2019, Chef Software Inc. | |||
There was a problem hiding this comment.
| # Copyright:: 2019, Chef Software Inc. | |
| # Copyright:: 2020, Chef Software Inc. |
| module Cop | ||
| module Chef | ||
| module ChefEffortless | ||
| # Cookbook:: Chef Vault does not work with Effortless |
There was a problem hiding this comment.
| # Cookbook:: Chef Vault does not work with Effortless | |
| # Chef Vault is not compatible with the Chef Infra Effortless pattern due to its reliance on Data Bags to store secrets. |
| module Cop | ||
| module Chef | ||
| module ChefEffortless | ||
| # Cookbook:: metadata.rb Chef Vault does not work with Effortless |
There was a problem hiding this comment.
| # Cookbook:: metadata.rb Chef Vault does not work with Effortless | |
| # Chef Vault is not compatible with the Chef Infra Effortless pattern due to its reliance on Data Bags to store secrets. |
There was a problem hiding this comment.
Ack! Sorry, that was careless of me. Fixed.
| # depends 'chef-vault' | ||
| # | ||
| class DependsChefVault < Base | ||
| MSG = 'Chef Vault usage is not supported in the Effortless pattern' |
There was a problem hiding this comment.
| MSG = 'Chef Vault usage is not supported in the Effortless pattern' | |
| MSG = 'Chef Vault usage is not supported in the Effortless pattern' | |
| RESTRICT_ON_SEND = [:depends].freeze |
- Correct copyright statements to 2020. - Update version added to 6.19, not 6.19.2 - Add author statements. Signed-off-by: Scott Vidmar <svidmar@chef.io>
|
Should have all changes requested incorporated: $ bundle exec rake style; bundle exec rake validate_config; bundle exec rspec spec -f p 454 files inspected, no offenses detected All examples were filtered out; ignoring {:focus=>true} Randomized with seed 43876 Finished in 1.23 seconds (files took 1.2 seconds to load) Randomized with seed 43876 |
Added two cops to detect Chef Vault usage in the Effortless module:
Description
Chef Vault cannot be used while utilizing the Effortless pattern. These cops detect depends statements in metadata.rb and usage of methods and constants related to Chef Vault.
Related Issue
#346
Types of changes
Checklist:
Testing
$ bundle exec rake style; bundle exec rake validate_config; bundle exec rspec spec -f p
bundle exec cookstyle
Inspecting 454 files
......................................................................................................................................................................................................................................................................................................................................................................................................................................................................
454 files inspected, no offenses detected
Checking that all cops are defined in config/cookstyle.yml:
All Cops found in the config. Good work.
Run options: include {:focus=>true}
All examples were filtered out; ignoring {:focus=>true}
Randomized with seed 17373
.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Finished in 1.44 seconds (files took 1.24 seconds to load)
793 examples, 0 failures
Randomized with seed 17373