Add way to define alternate test-path

[rndmh3ro]

Right now, the path kitchen-inspec searches for tests is hard-coded.(https://github.com/chef/kitchen-inspec/blob/master/lib/kitchen/verifier/inspec.rb#L72)
It takes the base path (e.g. test/integration/) and then appends the suite-name (default).

Now we have the problem that we want to share tests between different suites (dev-sec/ansible-ssh-hardening#61):
The tests are in test/integration/default/inspec/, but kitchen-inspec searches in test/integration/ansible-latest/inspec/.

Therefore I propose to let the user define the test search path, either as a relative variable to the base path (in this case default/ or as an absolute path (test/integration/default).

[chris-rock]

@rndmh3ro This is not restricted to kitchen-inspec and is expected behaviour in test-kitchen. Test directories are determined by test/integration/%suite-name%.

As highlighted in my response in dev-sec/ansible-ssh-hardening#61, I propose we use real InSpec profiles for the test suites and remote profiles in combination with kitchen-inspec.

suites:
  - name: default
    run_list:
      - recipe[ssh-hardening::default]
    verifier:
      inspec_tests:
        - https://github.com/hardening-io/tests-ssh-hardening/tree/2.0

[AnotherNerdHere]

Based on the info in https://github.com/chef/inspec/tree/master/examples/profile, being able to specify path names either local paths or local git repo (bitbucket/stash) would be helpful. We don't use github for our vcs.

[jcii]

My employer has enterprise github. I would like to have Inspec tests stored in separate audit cookbooks and pull them from github.mycompany.com ... kitchen-inspec only works if https://github.com/ is the beginning of the URL (from what I can discern...)

[chris-rock]

You can easily pass a path:

suites:
  - name: default
    run_list:
      - recipe[ssh-hardening::default]
    verifier:
      inspec_tests:
        - /path/to/profile

@jcii right now, InSpec only understands github url, but we could find a way to make that happen. The only piece that needs some adaption is: https://github.com/chef/inspec/blob/master/lib/fetchers/url.rb Therefore it is not a limitation of kitchen-inspec, but inspec.

[aidda]

@chris-rock I`m wondering to know is that possible to use bitbucket insted of github?

[chris-rock]

@aidda Yes we have bitbucket support, although it is not well documented yet. Please help us to make it better! You can see possible urls here: https://github.com/chef/inspec/blob/master/lib/fetchers/url.rb#L46-L63

[aidda]

@chris-rock I was checking this link yesterday ;) and add bitbucket url in kitchen-inspec. it was working perefctly. I`ll update the documents! thanks

[chris-rock]

Awesome. Thank you @aidda

[adamleff]

It appears this issue is resolved, and the generic url fetcher can be used to pull a .tar.gz file from an enterprise github if needed (just navigate to the "releases" section of the repo to find the exact URL you need).