Using inherited controls with local files


Hello all,

I’m trying to solve the following problem:

“do the same connection tests (think firewalls) for two differrent sets of environments.”

envA: a1 -b1, a3-b3, etc…

envB: a2-b2, a4-b4, etc…

so, basically the same controls, but each environment has a different set of from’s and to’s

I thought this sounds like a task for profile inheritance, so i put the controls in a base-profile and created specific profiles for each of the environments i have to check.

In each specific environment profile i have a list of servers as profile/files/servers.yml, which i reference like this in the base profiles control:

  servers = yaml(content: inspec.profile.file('servers.yml')).params

  servers.each do |s|

and the target machines get fed in via a shell script and --target param at startup.

When i “include_controls” the base profile in the env specific profiles, it only reads the base profile’ servers , not the one from the profile it gets called from.

next i tried to override the’servers’ variable like this

require_controls 'check_server' do
  control 'server connectivity' do
    servers = yaml(content: inspec.profile.file('servers.yml')).params

doesnt work either…

so i had to go back to copy and paste, …

Is there any more elegant way to solve that?