(#150) Updated reporting to account for escaped dashes (#151)

Fixes #150
simp · Jun 8, 2022 · d847216 · d847216
1 parent 700a3cc
commit d847216
Show file tree

Hide file tree

Showing 6 changed files with 99 additions and 3 deletions.
diff --git a/.gitignore b/.gitignore
@@ -9,7 +9,12 @@
 .idea/
 dist
 /pkg
-/spec/fixtures
+# Read everything in fixtures
+/spec/fixtures/*
+# Un-ignore hieradata
+!/spec/fixtures/hieradata/*
+# Except this one, which is auto-generated
+/spec/fixtures/hieradata/hiera.yaml
 /spec/rp_env
 /.rspec_system
 /.vagrant
@@ -18,4 +23,4 @@ dist
 /vendor
 /junit
 /log
-/doc
+/doc
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,6 @@
+* Fri Jun 03 2022 Mike Riddle <[email protected]> - 3.2.3
+- Updated reporting to account for escaping knockout prefixes
+
 * Fri May 20 2022 Trevor Vaughan <[email protected]> - 3.2.2
 - Allow for escaping knockout prefixes in strings to preserve leading `--`
   entries

diff --git a/lib/puppetx/simp/compliance_map.rb b/lib/puppetx/simp/compliance_map.rb
@@ -311,6 +311,12 @@ def compliance_map(args, context)
           # ie, functions or built ins.
           if profile_settings.key?('value')
             expected_value = profile_settings['value']
+
+            # Allow for escaping knockout prefixes that we want to preserve in strings
+            # NOTE: This is horrible but less horrible than traversing all manner of
+            # data structures recursively.
+            expected_value = JSON.load(expected_value.to_json.gsub('\\--', '--'))
+
             result = {
                 'compliant_value' => expected_value,
                 'system_value'    => current_value,

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "simp-compliance_markup",
-  "version": "3.2.2",
+  "version": "3.2.3",
   "author": "SIMP Team",
   "summary": "Compliance-mapping annotation for Puppet code",
   "license": "Apache-2.0",

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -163,6 +163,10 @@ class test3 (
                   ) { }
                 }
 
+                class test4 (
+                  $list1 = ['item1','item2'],
+                ){ }
+
                 define testdef1 (
                   $defarg1_1 = 'deffoo1_1'
                 ) {
@@ -184,6 +188,7 @@ class test3 (
 
                 include 'test1'
                 include 'test2::test3'
+                include 'test4'
 
                 testdef1 { 'test_definition': }
                 testdef2 { 'test_definition': defarg1_2 => 'test_bad' }
@@ -212,6 +217,10 @@ class test3 (
                   ) { }
                 }
 
+                class test4 (
+                  $list1 = ['item1','item2'],
+                ){ }
+
                 define testdef1 (
                   $defarg1_1 = 'deffoo1_1'
                 ) {
@@ -233,6 +242,7 @@ class test3 (
 
                 include '::test1'
                 include '::test2::test3'
+                include '::test4'
 
                 testdef1 { 'test_definition': }
                 testdef2 { 'test_definition': defarg1_2 => 'test_bad' }
@@ -640,6 +650,49 @@ class test3 (
               end
             end
 
+            context 'when an option in test4 has an escaped knockout prefix' do
+              before(:all) do
+                activate_data('escaped_knockout')
+              end
+
+              after(:all) do
+                remove_data
+              end
+
+              let(:params) { @default_params }
+
+              let(:facts) {
+                os_facts.merge(
+                  {
+                    :target_compliance_profile => profile_name
+                  }
+                )
+              }
+
+              let(:hieradata) { 'compliance-engine' }
+
+              let(:human_name) { 'Class[Test4]' }
+
+              let(:params) {
+                _params = Marshal.load(Marshal.dump(@default_params))
+
+                _params['options'].merge!(
+                  {
+                    'client_report' => true,
+                    'report_types'  => ['full']
+                  }
+                )
+
+                _params
+              }
+
+              it { is_expected.to(create_class('compliance_markup')) }
+
+              it 'should have 0 non_compliant parameters' do
+                expect( report['compliance_profiles'][profile_name]['summary']['non_compliant'] ).to eq(0)
+              end
+            end
+
             context 'when an option in test1 has deviated' do
               before(:all) do
                 activate_data('test1_deviation')

diff --git a/spec/fixtures/hieradata/escaped_knockout/SIMP/compliance_profiles/escaped_knockout.yaml b/spec/fixtures/hieradata/escaped_knockout/SIMP/compliance_profiles/escaped_knockout.yaml
@@ -0,0 +1,29 @@
+---
+# Some very basic compliance checks designed for the tests
+#
+# These should all pass
+
+version: 2.0.0
+
+compliance_markup::enforcement:
+  - test_profile
+
+profiles:
+  test_profile:
+    controls:
+      test_control: true
+
+controls:
+  test_control: {}
+
+checks:
+  oval:test4:
+    type: puppet-class-parameter
+    settings:
+      parameter: test4::list1
+      value: 
+        - '\\-- not_a_knockout'
+    controls:
+      test_control: true
+    identifiers:
+      - 'ESC_KNOCKOUT'