Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Pass Chef node to InSpec as an attribute #271
Providing the Chef node object (attributes, environment, etc.) to InSpec as an attribute will allow the ability to write more flexible profiles and eliminate the need for users to write out JSON files during the converge phase only to get read in by the profile later.
referenced this pull request
Aug 29, 2017
Aug 29, 2017
@adamleff I believe that designing inspec profiles with a good interface of what it needs is the better way. I don't believe that providing the whole node attribute is the right way. Have chef tell inspec what it needs via the attribute feature. Make that as small as possible. That way you can run profiles without an implicit dependency on Chef.
@mhedgpeth your PR is similar to this but not exactly. Your PR allows for certain node attributes to be set (in the 'audit' tree) and then passed as-is. We've seen a number of use cases where people wanted more information, including other non-attribute information such as run_list, environment, etc. Those individuals were using Chef to write out node objects as JSON and then loading that data in later... and there are a whole suite of reasons why that's a bad practice. This simply provides a better pipe to plumb that data into the InSpec run.
InSpec can't tell Chef what is needs, therefore Chef selectively pass on data to InSpec for what a profile needs without an additional level of coordination. The implicit dependency is only there if the user elects for it to be there.
I agree that having a separation of concerns is better. This in no way ties InSpec to Chef or Chef to InSpec any more than writing out data files and reading them in later. The use of this additional data is optional and we're providing it in an effort to stop the bad practices of littering filesystems with node object JSON files and also meet the needs of many community members who have raised this as a feature request.