search

mitre / inspec_tools

A command-line and ruby API of utilities, converters and tools for creating, converting and processing security baseline formats, results and data
https://inspec-tools.mitre.org/
Other
91 stars 30 forks source link

Ruby to docker #181

Closed jsa5593 closed 4 years ago

jsa5593 commented 4 years ago

The Dockerfile installs inspec_tools and can be run by running the container with specifying -v pwd:/share Build: docker build -t "container name" . Run: docker run -vpwd:/share -e CHEF_LICENSE=accept "container name" "command"

aaronlippold commented 4 years ago

@jsa5593 and @rbclark please review the code factor issues to see if we can resolve them

aaronlippold commented 4 years ago

Also, we need to add usage examples in the README. How would folks actually use this and a couple of examples?

rbclark commented 4 years ago

I've been thinking about this a bit more and we may need to build the gem inside of the Dockerfile in order to silence the CodeFactor warning. I tried to test this locally and was running into a weird error which ended up being https://github.com/mitre/inspec_tools/pull/182. Once that is merged it should be easily possible to build inside the container using gem build and then gem install the built gem.

aaronlippold commented 4 years ago

There are multiple ways we can except the Chef license. The easiest way is to set an environment variable in the container with Chef license accept. In the build process we could always invoke in spec and pass It accept which would create the needed files in the file system for the acceptance of the license. We could also just Generate the license acceptance manually as per the documentation when you Google accepting the Chef license. Which ever one keeps the container the smallest is probably the best path.

aaronlippold commented 4 years ago

https://docs.chef.io/chef_license_accept/

rbclark commented 4 years ago

There are multiple ways we can except the Chef license. The easiest way is to set an environment variable in the container with Chef license accept. In the build process we could always invoke in spec and pass It accept which would create the needed files in the file system for the acceptance of the license. We could also just Generate the license acceptance manually as per the documentation when you Google accepting the Chef license. Which ever one keeps the container the smallest is probably the best path.

It seemed to me that having the user do it made sense so that we aren't just silently accepting a license on their behalf. If we do want to silently accept it on their behalf we can always just run inspec --chef-license=accept as a build step.

aaronlippold commented 4 years ago

They are just following the directions so let’s just build it in.