inspec exec with --json-config option having multiple node information

[shoneslab]

Description

Try to execute inspec exec or inspec detect with --json-config option with array of nodes. It works with single node information. Getting error like undefined method 'merge' for...

How to create a json with mutiple node informations. Or how to execute inspec against multiple nodes

InSpec and Platform Version

Using the inspec's docker image
docker run -it -rm -n ${pwd}:/share chef/inspec detect --json-config=nodes.json

Replication Case

docker run -it -rm -n ${pwd}:/share chef/inspec detect --json-config=nodes.json

nodes.json

[
{
 "backend": "ssh",
 "host": "xxx.xxx.xxx.xxx",
 "user": "myuser",
 "password": "xxxxx"
},
{
 "backend": "ssh",
 "host": "xxx.xxx.xxx.xxx",
 "user": "myuser",
 "password": "xxxxx"
}
]

Error:

/usr/local/bundle/gems/inspec-1.22.0/lib/inspec/base_cli.rb:104:in `opts': undefined method `merge' for #<Array:0x005564c9868bd8> (NoMethodError)
from /usr/local/bundle/gems/inspec-1.22.0/lib/inspec/cli.rb:168:in `detect'
from /usr/local/bundle/gems/thor-0.19.4/lib/thor/command.rb:27:in `run'
from /usr/local/bundle/gems/thor-0.19.4/lib/thor/invocation.rb:126:in `invoke_command'
from /usr/local/bundle/gems/thor-0.19.4/lib/thor.rb:369:in `dispatch'
from /usr/local/bundle/gems/thor-0.19.4/lib/thor/base.rb:444:in `start'
from /usr/local/bundle/gems/inspec-1.22.0/bin/inspec:12:in `<top (required)>'
from /usr/local/bundle/bin/inspec:22:in `load'

[adamleff]

@shoneslab thanks for your issue! I believe we chatted about the same thing in Slack yesterday. As we discussed, InSpec is designed to only scan one host. There are other solutions for scanning multiple hosts, such as Chef's own commercial offerings, but there are currently no plans to allow for scanning of multiple hosts via a single InSpec command.

I am going to flag this as a bug though. We should provide better error output if someone tries to feed us an array of hosts. Thank you for submitting this issue so we can make the user experience better.

[shoneslab]

Thanks. Regarding the commercial offering, are you referring to Habitat?

[adamleff]

Hi @shoneslab. Nope, Habitat is also an open-source project like InSpec.

I was referring to Chef Automate which provides the ability to receive compliance reports from your fleet (via audit cookbook, for example) and give you a fleet-wide view of your compliance status. That way your hosts can be running InSpec periodically throughout the day vs. you needing to scan them.

[shoneslab]

cool. Thanks. To try Chef automate, is it limited to nodes or for a duration or do we get any trial licence.

[adamleff]

@shoneslab it's limited to a specific duration, I believe 30 days.

If you find it doesn't meet your needs, or you want other options, be sure to look at the link to the audit cookbook I mentioned earlier. There are other ways, such as the json exporter, that you can use to have your nodes write out their InSpec findings to a JSON file and then you can scoop them up using a manner you're comfortable with, as well.

[shoneslab]

Thanks for the detail info. This was really helpful.