Skip to main content

6. Delta Formatting

Daniel Medina, George DiasJanuary 5, 2024About 2 min

6.1 InSpec Delta Formatting Process

Before performing the delta process, it's beneficial to use a common format. Follow these steps:

6.1.1 Preparing the Profile Before Running the Delta Process

  1. Run RuboCop: Install the RuboCop gem and use it to lint the controls into Cookstyle format. Verify the gem installation with gem list rubocop. Create a .rubocop.yml file with the provided example settings or modify these settings via the command line. Run rubocop -a ./controls.
RuboCop Configuration File (rubocop.yml)
AllCops:
  NewCops: enable
  Exclude:
  - "libraries/**/*"
Layout/LineLength:
  Max: 1500
  AllowURI: true
  IgnoreCopDirectives: true
Naming/FileName:
  Enabled: false
Metrics/BlockLength:
  Max: 1000
Lint/ConstantDefinitionInBlock:
  Enabled: false
# Required for Profiles as it can introduce profile errors
Style/NumericPredicate:
  Enabled: false
Style/WordArray:
  Description: "Use %w or %W for an array of words. (https://rubystyle.guide#percent-w)"
  Enabled: false
Style/RedundantPercentQ:
  Enabled: true
Style/NestedParenthesizedCalls:
  Enabled: false
Style/TrailingCommaInHashLiteral:
  Description: "https://docs.rubocop.org/rubocop/cops_style.html#styletrailingcommainhashliteral"
  Enabled: true
  EnforcedStyleForMultiline: no_comma
Style/TrailingCommaInArrayLiteral:
  Enabled: true
  EnforcedStyleForMultiline: no_comma
Style/BlockDelimiters:
  Enabled: false
Lint/AmbiguousBlockAssociation:
  Enabled: false
Metrics/BlockNesting:
  Enabled: false
Lint/ShadowingOuterLocalVariable:
  Enabled: false
Style/FormatStringToken:
  Enabled: false
Style/FrozenStringLiteralComment:
  Enabled: false

# The following cops were added to RuboCop, but are not configured. Please set Enabled to either `true` or `false` in your `.rubocop.yml` file.
# Please also note that you can opt-in to new cops by default by adding this to your config:
# For more information: https://docs.rubocop.org/rubocop/versioning.html
Gemspec/DateAssignment: # new in 1.10
  Enabled: true
Gemspec/RequireMFA: # new in 1.23
  Enabled: true
Layout/LineEndStringConcatenationIndentation: # new in 1.18
  Enabled: true
Layout/SpaceBeforeBrackets: # new in 1.7
  Enabled: true
Lint/AmbiguousAssignment: # new in 1.7
  Enabled: true
Lint/AmbiguousOperatorPrecedence: # new in 1.21
  Enabled: true
Lint/AmbiguousRange: # new in 1.19
  Enabled: true
Lint/DeprecatedConstants: # new in 1.8
  Enabled: true
Lint/DuplicateBranch: # new in 1.3
  Enabled: true
Lint/DuplicateRegexpCharacterClassElement: # new in 1.1
  Enabled: true
Lint/EmptyBlock: # new in 1.1
  Enabled: true
Lint/EmptyClass: # new in 1.3
  Enabled: true
Lint/EmptyInPattern: # new in 1.16
  Enabled: true
Lint/IncompatibleIoSelectWithFiberScheduler: # new in 1.21
  Enabled: true
Lint/LambdaWithoutLiteralBlock: # new in 1.8
  Enabled: true
Lint/NoReturnInBeginEndBlocks: # new in 1.2
  Enabled: true
Lint/NumberedParameterAssignment: # new in 1.9
  Enabled: true
Lint/OrAssignmentToConstant: # new in 1.9
  Enabled: true
Lint/RedundantDirGlobSort: # new in 1.8
  Enabled: true
Lint/RequireRelativeSelfPath: # new in 1.22
  Enabled: true
Lint/SymbolConversion: # new in 1.9
  Enabled: true
Lint/ToEnumArguments: # new in 1.1
  Enabled: true
Lint/TripleQuotes: # new in 1.9
  Enabled: true
Lint/UnexpectedBlockArity: # new in 1.5
  Enabled: true
Lint/UnmodifiedReduceAccumulator: # new in 1.1
  Enabled: true
Lint/UselessRuby2Keywords: # new in 1.23
  Enabled: true
Naming/BlockForwarding: # new in 1.24
  Enabled: true
Security/IoMethods: # new in 1.22
  Enabled: true
Style/ArgumentsForwarding: # new in 1.1
  Enabled: true
Style/CollectionCompact: # new in 1.2
  Enabled: true
Style/DocumentDynamicEvalDefinition: # new in 1.1
  Enabled: true
Style/EndlessMethod: # new in 1.8
  Enabled: true
Style/FileRead: # new in 1.24
  Enabled: true
Style/FileWrite: # new in 1.24
  Enabled: true
Style/HashConversion: # new in 1.10
  Enabled: true
Style/HashExcept: # new in 1.7
  Enabled: true
Style/IfWithBooleanLiteralBranches: # new in 1.9
  Enabled: true
Style/InPatternThen: # new in 1.16
  Enabled: true
Style/MapToHash: # new in 1.24
  Enabled: true
Style/MultilineInPatternThen: # new in 1.16
  Enabled: true
Style/NegatedIfElseCondition: # new in 1.2
  Enabled: true
Style/NilLambda: # new in 1.3
  Enabled: true
Style/NumberedParameters: # new in 1.22
  Enabled: true
Style/NumberedParametersLimit: # new in 1.22
  Enabled: true
Style/OpenStructUse: # new in 1.23
  Enabled: true
Style/QuotedSymbols: # new in 1.16
  Enabled: true
Style/RedundantArgument: # new in 1.4
  Enabled: true
Style/RedundantSelfAssignmentBranch: # new in 1.19
  Enabled: true
Style/SelectByRegexp: # new in 1.22
  Enabled: true
Style/StringChars: # new in 1.12
  Enabled: true
Style/SwapValues: # new in 1.1
  Enabled: true

6.2 Testing Commands

Upon completion of the delta process, you may want to test the correctness of the new and updated controls.

6.2.1 Linting and validating controls

The current available commands for testing are:

  bundle exec rake [inspec or cinc-auditor]:check # validate the inspec profile
  bundle exec rake lint                           # Run RuboCop
  bundle exec rake lint:auto_correct               # Autocorrect RuboCop offenses (only when it's safe)
  bundle exec rake lint:auto_correct_all           # Autocorrect RuboCop offenses (safe and unsafe)
  bundle exec rake pre_commit_checks              # Ensure the controls are ready to be committed into the repo

Profile Controls Formatting

In the past, cookstyle format was used. However, support for cookstyle formatted profiles is limited and is geared more towards Chef cookbooks. Profile controls are written in ruby code, hence rubocop is preferred.

Edit this page on GitHub
Last update: 12/17/2024, 8:22:47 PM
Contributors: Daniel Medina,Aaron Lippold,George M Dias,George M. Dias
Apache-2.0 | Copyright © 2022 - The MITRE Corporation
Copyright © 2024 Daniel Medina, George Dias