I’m trying to solve the following problem:
“do the same connection tests (think firewalls) for two differrent sets of environments.”
envA: a1 -b1, a3-b3, etc…
envB: a2-b2, a4-b4, etc…
so, basically the same controls, but each environment has a different set of from’s and to’s
I thought this sounds like a task for profile inheritance, so i put the controls in a base-profile and created specific profiles for each of the environments i have to check.
In each specific environment profile i have a list of servers as profile/files/servers.yml, which i reference like this in the base profiles control:
servers = yaml(content: inspec.profile.file('servers.yml')).params servers.each do |s| ... end
and the target machines get fed in via a shell script and --target param at startup.
When i “include_controls” the base profile in the env specific profiles, it only reads the base profile’ servers , not the one from the profile it gets called from.
next i tried to override the’servers’ variable like this
require_controls 'check_server' do control 'server connectivity' do servers = yaml(content: inspec.profile.file('servers.yml')).params end end
doesnt work either…
so i had to go back to copy and paste, …
Is there any more elegant way to solve that?