Using variable_files var names in Inspec?

[MattMencel]

Is this possible? I have my driver in kitchen.yaml configured like this...

driver:
  name: terraform
  root_module_directory: test/fixtures/network
  command_timeout: 1200
  variables:
    resource_group_name: test-rg
    virtual_network_name: test_vnet
  variable_files:
    - test/fixtures/network/terraform.tfvars

For testing purposes, I've defined the resource_group_name as a variable and am sourcing other variables from the variable_files reference.

In my Inspec test file I have a control like this...

control 'network' do
  resource_group = attribute('input_resource_group_name')
  vnet = attribute('input_virtual_network_name')
  location = attribute('input_location')

  describe azurerm_virtual_network(resource_group: resource_group, name: vnet) do
    it               { should exist }
    its('location')  { should eq location }
    its('address_space') { should eq ['10.0.0.0/16'] }
  end
end

The input for resource_group and vnet works fine, but inputs from variables in the variable_files reference do not work. For example when location is in the variables file...

  ×  network: 'test_vnet' Virtual Network (1 failed)
     ✔  'test_vnet' Virtual Network is expected to exist
     ×  'test_vnet' Virtual Network location is expected to eq #<Inspec::Input::NO_VALUE_SET:0x00007fac28b13e98 @name="input_location">
     can't convert Inspec::Input::NO_VALUE_SET to Array (Inspec::Input::NO_VALUE_SET#to_ary gives Inspec::Input::NO_VALUE_SET)
     ✔  'test_vnet' Virtual Network address_space is expected to eq ["10.0.0.0/16"]

Is there a way to have this work?

[anniehedgpeth]

If you're using a yaml file as a lookup to serve as a variables file, for example:

# yaml file
resource_group_name: mygroupname
location: centralus

# tf file
locals {
  settings = yamldecode(file("path/to/file.yml"))
}

resource "azurerm_resource_group" "group" {
  name     = local.settings.resource_group_name
  location = local.settings.location
}

...then this is an easy win to call from InSpec in the form of an attributes file like this call from the kitchen.yml in the systems block:

attrs:
  - path/to/file.yml

But if you're just using a regular tfvars file, then it would be cool, if maybe during the kitchen create there was a way that Ruby could dynamically create that attributes yaml file (for InSpec consumption) with erb that was reading the tfvars file of the test suite.

The only problem is that you still have to declare those attributes in the InSpec test files like so:

resource_group_name = attribute('resource_group_name')
location = attribute('location')

Idk, might be cool, though.

[anniehedgpeth]

Also, @MattMencel , this kind of does what you need it to but you just don't want to explicitly copy it out again, right?:

verifier:
  name: terraform
  systems:
    - name: a system
      backend: local
      attrs_outputs:
        an_attribute_name: an_output_name

[edwardbartholomew]

@MattMencel Thank you for your interest in kitchen-terraform! I asked this question recently and currently there is only support for input variables inside kitchen.yml and not variables in variable_file. There is some discussion here: https://gitter.im/kitchen-terraform/Lobby?at=5df2504dc6ce6027ebab7478)

I think Annie has an interesting idea as a potential workaround.

[MattMencel]

Nice @anniehedgpeth! Using the yamldecode method with the attributes works great.