Is your feature request related to a problem? Please describe.
overuse of describe docker.object(id) do, this is a simple line but causes up to 10000 chars to be included in the JSON, this may be fine for 1 or 2 controls across 1 or 2 docker containers, but when there are over 20 uses if this in the code and for example's sake 50 containers, this is causing over 1 million chars to be included and the JSON to extend over 8MB
Describe the solution you'd like
docker.object(id) under the hood runs a docker inspect $INSTANCE_ID, this returns the whole object every time.
a better option would be to use the command resource (https://docs.chef.io/inspec/resources/command/), to better filter down what is required at each instance with the docker inspect --format='{{Required item}}' to select only the item required to verify against.
Describe alternatives you've considered
alternatively, you could do as in control 'docker-5.7' where the item is gotten wholly and then broken down before use. In this good example, it returns a code_desc of "false is expected to eq false" vs in the bad example of control 'docker-4.1' using the describe docker.object(id) do where it returns a code_desc of...
"#<Hashie::Mash AppArmorProfile=\"\" Args=#<Hashie::Array []> Config=#<Hashie::Mash AttachStderr=false AttachStdin=false AttachStdout=false Cmd=nil Domainname=\"\" Entrypoint=#<Hashie::Array [\"/service/launch.sh\"]>.....!! OVER 9000 chars removed !!......Running=true StartedAt=\"2022-07-05T14:42:30.809073423Z\" Status=\"running\">> [\"Config\", \"User\"] is expected to eq \"ubuntu\""
the above is well over 9k chars long (and I've removed these for brevity and security.)
Is your feature request related to a problem? Please describe.
overuse of
describe docker.object(id) do, this is a simple line but causes up to 10000 chars to be included in the JSON, this may be fine for 1 or 2 controls across 1 or 2 docker containers, but when there are over 20 uses if this in the code and for example's sake 50 containers, this is causing over 1 million chars to be included and the JSON to extend over 8MBDescribe the solution you'd like
docker.object(id)under the hood runs adocker inspect $INSTANCE_ID, this returns the whole object every time.a better option would be to use the command resource (https://docs.chef.io/inspec/resources/command/), to better filter down what is required at each instance with the
docker inspect --format='{{Required item}}'to select only the item required to verify against.Describe alternatives you've considered
alternatively, you could do as in
control 'docker-5.7'where the item is gotten wholly and then broken down before use. In this good example, it returns acode_descof"false is expected to eq false"vs in the bad example ofcontrol 'docker-4.1'using thedescribe docker.object(id) dowhere it returns acode_descof...the above is well over 9k chars long (and I've removed these for brevity and security.)
Additional context
As per https://docs.chef.io/chef_compliance_phase/#result_message_limit - "Chef Automate has a 4 MB report size limit and cannot ingest reports exceeding this limitation. "