Provide an option to enable SSH agent forwarding when running inspec.
Describe the Need:
Our hosts are configured to use an SSH agent to provide sudo authentication; as such, to use kitchen-inspec (and use resources that require root), we need to be able to enable SSH agent forwarding for the inspec run so that the sudo calls succeed.
Current Alternative
Inspec itself supports doing this; since we use the kitchen Ruby API, we're using this workaround to monkeypatch kitchen-inspec:
# Monkey-patch to tell inspec to forward the ssh agent; there's not an exposed
# option for this (yet)
module Kitchen
#
module Verifier
#
class Inspec
alias old_runner_options_for_ssh runner_options_for_ssh
def runner_options_for_ssh(config_data)
opts = old_runner_options_for_ssh(config_data)
opts[:forward_agent] = true
opts
end
end
end
end
Describe the Enhancement:
Provide an option to enable SSH agent forwarding when running inspec.
Describe the Need:
Our hosts are configured to use an SSH agent to provide sudo authentication; as such, to use
kitchen-inspec(and use resources that require root), we need to be able to enable SSH agent forwarding for the inspec run so that thesudocalls succeed.Current Alternative
Inspec itself supports doing this; since we use the kitchen Ruby API, we're using this workaround to monkeypatch kitchen-inspec:
Can We Help You Implement This?:
This should be a fairly small change to https://github.com/inspec/kitchen-inspec/blob/4b6c7faab9f6cde3b384661299018301afba68d4/lib/kitchen/verifier/inspec.rb#L258-L286, although I haven't traced through the code to see if it should read from
kitchenorconfig.