You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When Controls in an overlayProfile are created as multiple files, e.g. one Control per file, InSpec does not define the correct number of Controls nor the correct number of Tests.
Bottom Line Up Front (BLUF)
+ Profile
Single File Overlay
Multiple File Overlay
Single File Underlay
Works
Not Working
Multiple File Underlay
Works
Not Working
The same results occur on:
CentOS 7.9 using inspec5.22.29 and cinc-auditor6.6.0
RHEL 9.3 using inspec5.22.36 and cinc-auditor6.6.0
Possible Fix
Support for multiple Control files is shown in InSpec's documentation "Chef InSpec" -> "Profiles" -> "About Profiles" -> "Profile structure" and reinforced by the fact that Controls are contained in a directory instead of a single file in the Profile root directory. Whether the Profile is used as a underlay or overlay should not restrict the structure of the Profile.
Background
In the test scenario the underlay defines basic Control metadata properties. The overlay takes advantage of InSpec's capability to modifyControl properties. The overlay adds or modifies properties, such as impact, and then defines the tests in the describe block.
As documented in the "Chef InSpec" -> "Profiles" -> "Dependencies" -> "Selectively include controls" section, the require_controls "command selectively include(s) certain controls from an included profile." The expected behavior is that each time that the require_controls command is executed that the defined Controls are added to a list of Controls to execute. Instead, multiple calls on the command seem to overwrite or corrupt the list of Controls and Tests to execute.
Bug
When Controls in an overlay Profile are created as multiple files, e.g. one Control per file, InSpec does not define the correct number of Controls nor the correct number of Tests.
Bottom Line Up Front (BLUF)
The same results occur on:
inspec5.22.29 andcinc-auditor6.6.0inspec5.22.36 andcinc-auditor6.6.0Possible Fix
Support for multiple Control files is shown in InSpec's documentation "Chef InSpec" -> "Profiles" -> "About Profiles" -> "Profile structure" and reinforced by the fact that Controls are contained in a directory instead of a single file in the Profile root directory. Whether the Profile is used as a underlay or overlay should not restrict the structure of the Profile.
Background
In the test scenario the underlay defines basic Control metadata properties. The overlay takes advantage of InSpec's capability to modify Control properties. The overlay adds or modifies properties, such as
impact, and then defines the tests in thedescribeblock.As documented in the "Chef InSpec" -> "Profiles" -> "Dependencies" -> "Selectively include controls" section, the
require_controls"command selectively include(s) certain controls from an included profile." The expected behavior is that each time that therequire_controlscommand is executed that the defined Controls are added to a list of Controls to execute. Instead, multiple calls on the command seem to overwrite or corrupt the list of Controls and Tests to execute.Bug Test Usage
Unzip the attached archive.
InSpec-Overlay-Bug_2023-12-11.zip
Execute
bash ./Test-All.shto run all four permutations of the test.Modify the
enginevariable in theTest-All.shscript to change between usinginspecandcinc-auditorfor the tests.The text was updated successfully, but these errors were encountered: