audit cookbook compliance run and report should not report converge

[mhedgpeth]

Scenario:

We still can't run the audit cookbook in production because it reports resources that are converged, which causes us to lose the ability to know when our run is entirely idempotent.

Steps to Reproduce:

Run the audit cookbook configured to run against profiles

Expected Result:

At the end of an audit cookbook run, 0 resources should report as failed

Actual Result:

resources report as converged

Implementation

The audit cookbook is implemented incorrectly. Resources in chef are there to configure the machine, not report on that machine. This is a fundamental misuse of the chef model.

Instead a report handler should be used to both download and report on the chef run. The recipe can ensure that inspec is properly installed and that the handler is used.

I am happy to create a PR for this if you think it's the right direction for the cookbook. It is a fundamental departure from what is there now.

[mhedgpeth]

This is a duplicate of #23 but it doesn't look like that got fixed.

[mhedgpeth]

@chris-rock I see that this cookbook went 1.0 but is still converging resources. What is the plan for fixing this?

[chris-rock]

This is done with version 2.0 of the audit cookbook