Blog-Infrastructure_100x385

Extending InSpec Resources: Core Resource Inheritance

Progress Chef InSpec comes with over 100 built-in resources that allow compliance engineers to query everything from Windows Registry entries to firewall settings. These built-in resources, known as core resources, are incredibly flexible and wide-ranging in their abilities, but sometimes you need to go beyond what they can do to meet a special need in your Compliance-as-Code work.

For the advanced user, the InSpec custom resource DSL allows you to create your own custom resources, which can be easily utilised in a profile. These resources need to be defined in the libraries folder of your Profile.

Custom resources are written as a regular Ruby class, which inherits from Inspec.resource(1). The number (1) specifies the resource API version this resource  targets, not the InSpec version.

For example, to make a custom resource that inherits from the inspec.resource(1) ...


But what if you want to inherit the features/properties of the existing core resource into a custom resource? Is that possible?

Suppose you want to expose the Progress Chef Infra Node Attributes data, which is passed into the host as a JSON file. InSpec has a core resource, json, which fluently exposes the contents of JSON files. It would be natural to extend the json core resource to read the Node Attributes file, so you can use its property-reading features.


At first, if you try to inherit from Inspec.resource(1), that won’t work because you need to inherit from the core resource to get its features.  First, you need to require the core resource class at the beginning of your Custom resource class definition, give it a name, and inherit the class of the core resource that you want.

There are some other hidden surprises. Some of the metadata of the Resource DSL will need to be repeated in your subclass to make it work properly; you need to use configuration attributes to define your Custom resource name. So, you should use desc, example, supports as mentioned in the Resource DSL documentation.  Be especially sure to include the supports metadata, or the resource will not function.

With a NodeAttributes class created, you can now use this custom node resource in your profile:


And below is the output of running a profile using this custom resource:

 
Conclusion

As you saw in this small example, you can extend the power of InSpec by creating your own custom resources that draw on one or more built-in InSpec resources. By defining classes you can reuse and share, you can simplify and scale your compliance and security profiles.

Credit and Reference

https://github.com/inspec/inspec/pull/1355

https://github.com/inspec/inspec/issues/1300

https://github.com/inspec/inspec/issues/1613

https://github.com/inspec/inspec/issues/4323


Posted in:
Tags:

Vasundhara Jagdale

Vasundhara Jagdale is a Principal Software Engineer at Progress with the Chef InSpec team. Earlier, she worked as a contractor for Chef and worked on different products such as Compliance Content, Chef Infra, Knife plugins, and Azure Chef Extension. Before working as a Chef developer, Vasundhara worked on e-commerce applications built with Ruby on Rails. She is currently exploring the DevOps world and helping build quality into the Chef InSpec product using her Ruby skills. In her free time, she enjoys spending time with her kids, reading books, sketching, or recording her songs on the karaoke app.

Chefconf Blog Banner Bottom

Chefconf Blog Banner Sidebar
Survey Blog Banner Sidebar
image_334

FOLLOW @CHEF