When Controls in an overlay Profile are created as multiple files, e.g. one Control per file, InSpec does not define the correct number of Controls nor the correct number of Tests.
| + Profile | Single File Overlay | Multiple File Overlay |
|---|---|---|
| Single File Underlay | Works | Not Working |
| Multiple File Underlay | Works | Not Working |
The same results occur on:
inspec 5.22.29 and cinc-auditor 6.6.0inspec 5.22.36 and cinc-auditor 6.6.0Support for multiple Control files is shown in InSpec's documentation "Chef InSpec" -> "Profiles" -> "About Profiles" -> "Profile structure" and reinforced by the fact that Controls are contained in a directory instead of a single file in the Profile root directory. Whether the Profile is used as a underlay or overlay should not restrict the structure of the Profile.
In the test scenario the underlay defines basic Control metadata
properties. The overlay takes advantage of InSpec's capability to
modify
Control properties. The overlay adds or modifies properties, such as
impact, and then defines the tests in the describe block.
As documented in the
"Chef InSpec" -> "Profiles" -> "Dependencies" -> "Selectively include controls"
section, the require_controls "command selectively include(s) certain
controls from an included profile." The expected behavior is that each
time that the require_controls command is executed that the defined
Controls are added to a list of Controls to execute. Instead,
multiple calls on the command seem to overwrite or corrupt the list of
Controls and Tests to execute.
Unzip the archive.
Execute bash ./Test-All.sh to run all four permutations of the test.
Modify the engine variable in the Test-All.sh script to change between using inspec and cinc-auditor for the tests.