kitchen verify failed with permission denied to create /.inpec directory

[ezlee]

I am using a docker container on a Jenkins server to run KITCHEN-INSPEC against GCP instances created by terraform. The Jenkins workspace which contains all the source code/pipeline script will be mounted in the docker container, but when "kitchen verify" is running (create and converge are running without any issue), there is some permission issue:

-Composite Exception--
Class: Kitchen::ActionFailed
Message: Failed to complete #verify action: [`terraform output -json=true -state=/var/lib/jenkins/workspace/tomcat_master-WVOBJYHTLIIPM2AWH7UAEK7T6I5VREVYYQPTUYABIPLIGQ2HWMXA@2/.kitchen/kitchen-terraform/tomcat-rhel7/terraform.tfstate instance_ip` failed: "Permission denied @ dir_s_mkdir - /.inspec"] on tomcat-rhel7

I manullay generated the instance json file for inspec (.inspect file) to run against, now the error message was the same:

/var/lib/jenkins/workspace/tomcat_master-WVOBJYHTLIIPM2AWH7UAEK7T6I5VREVYYQPTUYABIPLIGQ2HWMXA@2 $ inspec json .inspec
/usr/local/lib/ruby/2.4.0/fileutils.rb:229:in `mkdir': Permission denied @ dir_s_mkdir - /.inspec (Errno::EACCES)
        from /usr/local/lib/ruby/2.4.0/fileutils.rb:229:in `fu_mkdir'
        from /usr/local/lib/ruby/2.4.0/fileutils.rb:207:in `block (2 levels) in mkdir_p'
        from /usr/local/lib/ruby/2.4.0/fileutils.rb:205:in `reverse_each'
        from /usr/local/lib/ruby/2.4.0/fileutils.rb:205:in `block in mkdir_p'
        from /usr/local/lib/ruby/2.4.0/fileutils.rb:191:in `each'
        from /usr/local/lib/ruby/2.4.0/fileutils.rb:191:in `mkdir_p'
        from /usr/local/bundle/gems/inspec-1.14.1/lib/inspec/dependencies/cache.rb:23:in `initialize'
        from /usr/local/bundle/gems/inspec-1.14.1/lib/inspec/profile.rb:73:in `new'
        from /usr/local/bundle/gems/inspec-1.14.1/lib/inspec/profile.rb:73:in `for_target'
        from /usr/local/bundle/gems/inspec-1.14.1/lib/inspec/cli.rb:40:in `json'
        from /usr/local/bundle/gems/thor-0.19.4/lib/thor/command.rb:27:in `run'
        from /usr/local/bundle/gems/thor-0.19.4/lib/thor/invocation.rb:126:in `invoke_command'
        from /usr/local/bundle/gems/thor-0.19.4/lib/thor.rb:369:in `dispatch'
        from /usr/local/bundle/gems/thor-0.19.4/lib/thor/base.rb:444:in `start'
        from /usr/local/bundle/gems/inspec-1.14.1/bin/inspec:12:in `<top (required)>'
        from /usr/local/bundle/bin/inspec:22:in `load'
        from /usr/local/bundle/bin/inspec:22:in `<main>'

[dansanabria]

@ezlee how did you workaround this issue?

[ifunky]

I have the exact problem, just trying a work around if you guys got this working which could save me some time?

Thanks

[ifunky]

If anyone else comes across this I found that inspec uses the HOME folder which in my situation with docker was running from "/" so in my make file I did the following:

	export HOME=$(shell pwd); \
	inspec exec tests/aws-security -t aws:// --reporter cli junit:testresults/aws_security.xml