Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update readme with remote profile handling #89

Merged
merged 1 commit into from
May 25, 2016
Merged

update readme with remote profile handling #89

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 52 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,58 @@ If you need support with other testing frameworks, we recommend to place the tes
└── web_spec.rb
```

### Use remote InSpec profiles

In case you want to reuse tests across multiple cookbooks, they should become an extra artifact independent of a Chef cookbook, call [InSpec profiles](https://github.com/chef/inspec/blob/master/docs/profiles.rst). Those can be easiliy added to existing local tests as demonstrated in previous sections. To include remote profiles, adapt the `verifier` attributes in `.kitchen.yml`

```
suites:
- name: default
verifier:
inspec_tests:
- https://github.com/dev-sec/tests-ssh-hardening
```

`inspec_tests` accepts all values that `inspec exec profile` would expect. We support:

* local directory eg. `/path/to/profile`
* github url `https://github.com/dev-sec/tests-ssh-hardening`
* Chef Supermarket `supermarket://hardening/ssh-hardening` (list all available profiles with `inspec supermarket profiles`)
* Chef Compliance `compliance://base/ssh`

The following example illustrates the usage in a `.kitchen.yml`

```
suites:
- name: contains_inspec
run_list:
- recipe[apt]
- recipe[yum]
- recipe[ssh-hardening]
verifier:
inspec_tests:
- https://github.com/dev-sec/tests-ssh-hardening
- name: supermarket
run_list:
- recipe[apt]
- recipe[yum]
- recipe[ssh-hardening]
verifier:
inspec_tests:
- supermarket://hardening/ssh-hardening
# before you are able to use the compliance plugin, you need to run
# insecure is only required if you use self-signed certificates
# $ inspec compliance login https://compliance.test --user admin --insecure --token ''
- name: compliance
run_list:
- recipe[apt]
- recipe[yum]
- recipe[ssh-hardening]
verifier:
inspec_tests:
- compliance://base/ssh
```

## Development

After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
Expand Down