mirror of
https://github.com/inspec/inspec
synced 2024-12-24 03:53:15 +00:00
6034ece853
The goal of this change is to provide an isolated view of the available profiles when the user calls the include_controls or require_controls APIs. Namely, - A profile should only be able to reference profiles that are part of its transitive dependency tree. That is, if the dependency tree for a profile looks like the following: A |- B --> C | |- D --> E Then profile B should only be able to see profile C and fail if it tries to reference A, D, or E. - The same profile should be include-able at different versions from different parts of the tree without conflict. That is, if the dependency tree for a profile looks like the following: A |- B --> C@1.0 | |- D --> C@2.0 Then profile B should see the 1.0 version of C and profile D should see the 2.0 profile C with respect to the included controls. To achieve these goals we: - Ensure that we construct ProfileContext objects with respect to the correct dependencies in Inspec::DSL. - Provide a method of accessing all transitively defined rules on a ProfileContext without pushing all of the rules onto the same global namespace. This does not yet handle attributes or libraries. |
||
---|---|---|
.. | ||
inheritance | ||
profile_a | ||
profile_b | ||
profile_c | ||
profile_d |