Is there a way to include controls of a 'depends' profile based on a regex? And if not, is there a way to include all controls, and overwrite impact with fixed value on all controls?
Code should look something like this, where 'controlname' is the variable that is required to be determined somehow:
include_controls 'depends-profile' do
if controlname.match(/some regex/)
control *controlname*
impact 1.0
end
end
Goal is to prevent having to add all controls individually.
A bit digging delivered me this:
include_controls 'dependent-profile' do
list_of_controls = @conf['profile'].runner_context.rules.keys
list_of_controls.map { |path| path.gsub(@conf['profile'].profile_name+'/','') }
list_of_controls.each do |controlname|
if controlname.match(/some regex/)
control controlname do # include and overwrite impact
impact 0.1
end
end
if controlname.match(/some other regex/)
control controlname # just include
end
end
end
Any ideas how to accomplish this in a neat and future proof way?
question from:
https://stackoverflow.com/questions/65932231/inspec-include-controls-or-require-controls-based-on-regex 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
