From 1ed5a7e8e37a346a33225d20dda17f9bbd1dfff6 Mon Sep 17 00:00:00 2001
From: CyrodiilSavior <cyrodillsavior@gmail.com>
Date: Tue, 14 Mar 2023 12:10:26 -0400
Subject: [PATCH] Fix tolerance defaults to be nil if not specified  (#154)

* Set tolerance setting to nil unless specified, ignore any disabled/remediation if nil

* Change logic to account for zero case

* Add rescue

* Add changelog and version bump

* Dates are hard

---------

Co-authored-by: Garrett Adams <garrett@sicura.us>
---
 CHANGELOG                             | 4 ++++
 lib/puppetx/simp/compliance_mapper.rb | 7 ++++++-
 metadata.json                         | 2 +-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 50b00a4..a4bdef0 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,7 @@
+* Tue Mar 14 2023 Garrett Adams <garrett@sicure.us> - 3.3.1
+- Change enforcement tolerance to be nil if not specified, by default.
+  nil will ignore any remediation/disabled checks.
+
 * Thu Feb 16 2023 Garrett Adams <garrett@sicure.us> - 3.3.0
 - Add tolerance as hiera lookup. Confine checks that can be enforced
   based on the tolerance setting.
diff --git a/lib/puppetx/simp/compliance_mapper.rb b/lib/puppetx/simp/compliance_mapper.rb
index ac3e2f1..3784281 100644
--- a/lib/puppetx/simp/compliance_mapper.rb
+++ b/lib/puppetx/simp/compliance_mapper.rb
@@ -47,7 +47,12 @@ def enforcement(key, context=self, options={"mode" => "value"}, &block)
 
     begin
       profile_list = Array(call_function('lookup', 'compliance_markup::enforcement', { 'default_value' => [] }))
-      options[:tolerance_setting] = Integer(call_function('lookup', 'compliance_markup::enforcement_tolerance_level', { 'default_value' => 40 }).to_i)
+      begin
+        tolerance_setting = call_function('lookup', 'compliance_markup::enforcement_tolerance_level')
+      rescue
+        tolerance_setting = nil
+      end
+      options[:tolerance_setting] = tolerance_setting.to_i unless tolerance_setting.nil?      
 
       unless profile_list == []
         debug("debug: compliance_markup::enforcement set to #{profile_list}, attempting to enforce")
diff --git a/metadata.json b/metadata.json
index 6dc488e..d7d037f 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "simp-compliance_markup",
-  "version": "3.3.0",
+  "version": "3.3.1",
   "author": "SIMP Team",
   "summary": "Compliance-mapping annotation for Puppet code",
   "license": "Apache-2.0",