inspec / inspec

InSpec: Auditing and Testing Framework
http://inspec.io
Other
2.86k stars 682 forks source link

Add support for `default_transport` specified in `inspec.yml` #5141

Open skpaterson opened 4 years ago

skpaterson commented 4 years ago

For the consumption of cloud and other InSpec profiles it is required add a dependency to the relevant resource pack e.g.

depends:
  - name: inspec-aws
    url: https://github.com/inspec/inspec-aws/archive/master.tar.gz
supports:
  - platform: aws

This effectively polarises the underlying transport choice e.g. -t aws:// but we still surface that unnecessarily to the user when running InSpec.

One possible solution would be to add a field to the resource pack inspec.yml files to specify the default transport e.g.

default_transport: aws

This would allow downstream profiles to pick up the default transport setting and then optionally run inspec exec without the -t aws://.

Aha! Link: https://chef.aha.io/features/SH-2586

james-stocks commented 4 years ago

This would be lovely. May involve a fair amount of restructuring InSpec since the backend (e.g. aws://) is set up separately from the profiles being loaded. And we can't simply load the profiles before starting the backend because the profiles need validated against the backend to make sure they are supported.

We might not even need a new YAML field - it could be inferred from supports - if the profile supports one of the cloud platforms, it can only work with the backend for that cloud platform.

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. We value your input and contribution. Please leave a comment if this issue still affects you.