Skip to content

Commit

Permalink
Merge pull request #130 from chef/dr/controls
Browse files Browse the repository at this point in the history
allow filtering controls
  • Loading branch information
chris-rock authored Apr 19, 2017
2 parents eb88166 + 1116e55 commit 44d02ec
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 0 deletions.
16 changes: 16 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,22 @@ verifier:
output: path/to/results/%{platform}_%{suite}_inspec.xml
```
You can also decide to only run specific controls, instead of a full profile. This is done by specifying a list of controls:
```
suites:
- name: supermarket
run_list:
- recipe[apt]
- recipe[ssh-hardening]
verifier:
inspec_tests:
- name: dev-sec/ssh-baseline
controls:
- sshd-46
...
```

### Directory Structure

By default `kitchen-inspec` expects test to be in `test/integration/%suite%` directory structure (we use Chef as provisioner here):
Expand Down
1 change: 1 addition & 0 deletions lib/kitchen/verifier/inspec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -186,6 +186,7 @@ def runner_options(transport, state = {}, platform = nil, suite = nil) # rubocop
runner_options["format"] = config[:format] unless config[:format].nil?
runner_options["output"] = config[:output] % { platform: platform, suite: suite } unless config[:output].nil?
runner_options["profiles_path"] = config[:profiles_path] unless config[:profiles_path].nil?
runner_options[:controls] = config[:controls]
end
end

Expand Down
14 changes: 14 additions & 0 deletions spec/kitchen/verifier/inspec_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,20 @@
verifier.call(port: 123)
end

it "constructs an Inspec::Runner with a controls filter" do
config[:controls] = %w{a control}

expect(Inspec::Runner).to receive(:new)
.with(
hash_including(
controls: %w{a control}
)
)
.and_return(runner)

verifier.call(port: 123)
end

it "provide platform and test suite to build output path" do
allow(Inspec::Runner).to receive(:new).and_return(runner)

Expand Down

0 comments on commit 44d02ec

Please sign in to comment.