Small bug in habitat inspec integration

[nellshamrell]

🎛 Description

🐛 bug report

Hello! I am playing with the Habitat InSpec integration. I found a minor bug when running an InSpec profile packaged with Habitat.

When I run my package like this:

$ sudo hab svc load nshamrell/inspec-profile-nginx-baseline

I get this error:

ubuntu@ip-172-31-26-95:~$ hab-sup(MR): Starting nshamrell/inspec-profile-nginx-baseline (nshamrell/inspec-profile-nginx-baseline/2.2.0/20181210222717)
inspec-profile-nginx-baseline.default(UCW): Watching user.toml
inspec-profile-nginx-baseline.default(HK): Modified hook content in /hab/svc/inspec-profile-nginx-baseline/hooks/run
inspec-profile-nginx-baseline.default(SR): Hooks recompiled
inspec-profile-nginx-baseline.default(SR): Initializing
inspec-profile-nginx-baseline.default(SV): Starting service as user=hab, group=hab
inspec-profile-nginx-baseline.default(O): Executing InSpec for nshamrell/inspec-profile-nginx-baseline/2.2.0/20181210222717
inspec-profile-nginx-baseline.default(O): /hab/svc/inspec-profile-nginx-baseline/run: line 20: /hab/svc/inspec-profile-nginx-baseline/var/inspec_results/inspec-profile-nginx-baseline.json: Permission denied

I took a look at the file in question, and it looks like it's owned by root

$ sudo ls -la /hab/svc/inspec-profile-nginx-baseline/var/inspec_results
total 8
drwxr-xr-x 2 root hab 4096 Dec 10 22:32 .
drwxrwx--- 4 root hab 4096 Dec 10 22:13 ..
-rw-r--r-- 1 root hab    0 Dec 10 22:18 inspec-profile-nginx-baseline.json

If I manually change ownership of that file to hab

sudo chown hab /hab/svc/inspec-profile-nginx-baseline/var/inspec_results/inspec-profile-nginx-baseline.json

Then the profile runs as expected.

🌍 InSpec and Platform Version

ubuntu@ip-172-31-26-95:~$ inspec --version
3.0.64

Running on an Ubuntu 18.04 VM in AWS.

🤔 Replication Case

Tell us what steps to take to replicate your problem. See How to create a Minimal, Complete, and Verifiable example
for information on how to create a good replication case.

On a workstation

$ git clone https://github.com/nellshamrell/nginx-baseline
$ inspec habitat profile create ./nginx-baseline
$ hab package upload ./nginx-baseline/<hart file>

On an Ubuntu 18.04 VM

Make sure these ports are exposed:

• 3000 (http)
• 22 (ssh)
• 9631 (tcp)
• 9638 (tcp)
• 9638 (udp)

$ curl https://raw.githubusercontent.com/habitat-sh/habitat/master/components/hab/install.sh | sudo bash
$ sudo groupadd hab
$ sudo useradd -g hab hab
$ sudo hab sup run &
$ sudo hab svc load nshamrell/inspec-profile-nginx-baseline &

💁 Possible Solutions

Either the plan should create that file as owned by hab, or the habitat plan generated should set the pkg_svc_user as root.

💻 Stacktrace

Please include the stacktrace output or link to a gist of it, if there is one.

[nellshamrell]

And it turns out I was seeing this because I was running it on a box that had run a previous version of the profile and that file was left over. It works fine on a fresh box!

Closing issue.