In InSpec You Do not Need a resource to Test

Am using Chef's inspec to validate a server's configuration, and all the examples show you using a resource and testing against a specific set of tests for that resource.

But I am pulling in a YAML file, and want to validate some of the contents (not the YAML itself), so will do that with ruby and return a number of ruby variables I want to test.

The describe block (or here, describe/subject) can just refer to a variable and not an InSpec resource. Here we are checking dups should be an empty array:

control 'validate-nic' do
  impact 0.7
  title 'Validate nic variable structure'
  paths = nic.map{ |k,v| v.dig('path') }
  dups = paths.select{ |e| paths.count(e) > 1 }.uniq

  describe "Check for duplicate path names in nic" do
    subject { dups }
    it { should be_empty }
  end
end

And that works:

Success:
  ✔  validate nic variable structure: Validate nic variable structure
     ✔  Check for duplicate path names in nic should be empty

Failure:

  ×  validate-nic: Validate nic variable structure
     ×  Check for duplicate path names in nic should be empty
     expected `["nic-2-path-a"].empty?` to return true, got false

Puppet 6 - pulling a value from a hiera hash

My favourite data structure is a hash of hashes (of hashes ...)

In Puppet 6, the Hiera replacement lookup allows you access values by defining the key with dot notation. In previous versions you need to extract the whole hash into a manifests and then extract the data from there

Even better you can do that lookup within Hiera itself

profile::private_ssh_keys:   
  '/home/user/.ssh/id_rsa':
    mode: '0600'
    owner: 'user'
    group: 'groupname'
    content: "%{lookup('keybase::sshkeys.my@keyname.private_key')}\n"

Seem more in the Interpolation Functions documentation - https://puppet.com/docs/puppet/6/hiera_merging.html#interpolation_functions