Inspec and ruby



got some code that runs fine but causes the inspec check to fail - any ideas ?

if == 'redhat'
  sysacc = yaml(content: inspec.profile.file('SystemAccountsLinux.yml')).params
elsif == 'solaris'
  sysacc = yaml(content: inspec.profile.file('SystemAccountsSolaris.yml')).params
AccountsList = sysacc['Accounts']
puts AccountsList
control 'SEG_15.02.01' do
  title 'SEG_15.02.01 - Ensure system accounts are non-login'
  impact 0.5
  desc 'Ensure system accounts cannot be logged into'
  if == 'redhat'
    describe passwd.shells(/nologin/) do
      AccountsList.each do |account|
        its('users') { should include account }
  elsif == 'solaris'
    AccountsList.each do |account|
      describe passwd.users(account) do
        its('shells') { should match [nil] }


[root@lnx-dockd1 Inspec]# inspec check sgcb
Traceback (most recent call last):
                23: from /usr/local/bundle/bin/inspec:23:in `<main>'
                22: from /usr/local/bundle/bin/inspec:23:in `load'
                21: from /usr/local/bundle/gems/inspec-2.2.10/bin/inspec:12:in `<top (required)>'
                20: from /usr/local/bundle/gems/thor-0.20.0/lib/thor/base.rb:466:in `start'
                19: from /usr/local/bundle/gems/thor-0.20.0/lib/thor.rb:387:in `dispatch'
                18: from /usr/local/bundle/gems/thor-0.20.0/lib/thor/invocation.rb:126:in `invoke_command'
                17: from /usr/local/bundle/gems/thor-0.20.0/lib/thor/command.rb:27:in `run'
                16: from /usr/local/bundle/gems/inspec-2.2.10/lib/inspec/cli.rb:76:in `check'
                15: from /usr/local/bundle/gems/inspec-2.2.10/lib/inspec/profile.rb:297:in `check'
                14: from /usr/local/bundle/gems/inspec-2.2.10/lib/inspec/profile.rb:326:in `controls_count'
                13: from /usr/local/bundle/gems/inspec-2.2.10/lib/inspec/profile.rb:160:in `params'
                12: from /usr/local/bundle/gems/inspec-2.2.10/lib/inspec/profile.rb:466:in `load_params'
                11: from /usr/local/bundle/gems/inspec-2.2.10/lib/inspec/profile.rb:473:in `load_checks_params'
                10: from /usr/local/bundle/gems/inspec-2.2.10/lib/inspec/profile.rb:165:in `collect_tests'
                9: from /usr/local/bundle/gems/inspec-2.2.10/lib/inspec/dependencies/dependency_set.rb:64:in `each'
                8: from /usr/local/bundle/gems/inspec-2.2.10/lib/inspec/dependencies/dependency_set.rb:64:in `each'
                7: from /usr/local/bundle/gems/inspec-2.2.10/lib/inspec/dependencies/dependency_set.rb:65:in `block in each'
                6: from /usr/local/bundle/gems/inspec-2.2.10/lib/inspec/profile.rb:167:in `collect_tests'
                5: from /usr/local/bundle/gems/inspec-2.2.10/lib/inspec/profile.rb:167:in `each'
                4: from /usr/local/bundle/gems/inspec-2.2.10/lib/inspec/profile.rb:170:in `block in collect_tests'
                3: from /usr/local/bundle/gems/inspec-2.2.10/lib/inspec/profile_context.rb:142:in `load_control_file'
                2: from /usr/local/bundle/gems/inspec-2.2.10/lib/inspec/profile_context.rb:158:in `load_with_context'
                1: from /usr/local/bundle/gems/inspec-2.2.10/lib/inspec/profile_context.rb:158:in `instance_eval'
/share/sgcb/SGCBCustom/controls/UserIDAuth.rb:10:in `load_with_context': undefined method `[]' for nil:NilClass (NoMethodError)


Looks like the error specific to your control is on line 10. Your sample code doesn’t seem to match up with this, so I’m assuming that your line 10 is:

AccountsList = sysacc['Accounts']

If that’s the case, then sysacc is nil, so your yaml file was never loaded and assigned to that variable. The conditional block that controls this is explicitly checking for redhat and solaris. Is that the host operating system where you are running the inspec check command? The check command will interpret and run the ruby profile as is on the local system where it’s being invoked. So for example, if I ran check on my mac with this profile, I would see the same error. But if I ran this on a redhat box, assuming I had that SystemAccountsLinux.yml file available, it should yield a different result.