Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Declare audit profile in recipes #257
I would like to have a way to have different teams declare what runs in the audit cookbook without bothering each other.
For example, let's say I have three teams: operations, application, and security.
Right now there isn't an easy way for these three teams to define that they want to run their profile without affecting the other teams.
This becomes even more problematic when considering that some teams want portions of their infrastructure to run different profiles.
So these groups need fine-grained control over when the profile is included.
To solve this problem I suggest adding a library method to the
I'm happy to add a PR for this if you agree with the approach.
@mhedgpeth one way to accomplish this is with some conditional statements based on inspecting the run_list of the node and/or other Ohai based attributes.
You can have a recipe drop off either a full blown Ohai node.json object on the filesystem for inspec to read like this or just a decomposed json file with only the elements necessary for making decisions (like the node's roles, or run_list).
Then, in your meta profile, you could make the decisions on which profiles/controls to include like this