Test Kitchen is a test harness to execute infrastructure code on one or more platforms in isolation.
Easily create, automate, verify, and destroy infrastructure using Test Kitchen in your automation engineering development process.
InSpec is compliance as code. Turn your compliance, security, and other policy requirements into automated tests.
This talk provides a brief introduction to the Test Kitchen lifecycle and explores using InSpec to validate the infrastructure created by Test Kitchen. There is also a brief exploration of using InSpec for validating compliance controls.
This talk was given at the Baltimore Devops Meetup in July, 2018 - https://www.meetup.com/BaltimoreDevOps/events/wcrxlpyxlblb/
Videos are embedded where there would normally be live demo examples.
Test Kitchen - https://kitchen.ci/
InSpec - https://www.inspec.io/
Code repositories used
- https://github.com/nathenharvey/intro-to-test-kitchen
- https://github.com/nathenharvey/testing-ansible-with-inspec
5. @nathenharvey
Zoom-in on Integration Testing
• Create infrastructure that matches production
• Run the automation
• Verify the results
• Destroy the infrastructure
11. @nathenharvey
Zoom-in on Integration Testing
Create infrastructure that matches production
• Run the automation
• Verify the results
• Destroy the infrastructure
15. @nathenharvey
Zoom-in on Integration Testing
Create infrastructure that matches production
Run the automation
• Verify the results
• Destroy the infrastructure
18. @nathenharvey
Sample InSpec Code
describe service('apache2') do
it { should be_running }
end
describe port(80) do
it { should be_listening }
end
describe http('http://localhost', enable_remote_worker: true) do
its('status') { should cmp 200 }
its('body') { should match /Welcome to / }
end
21. @nathenharvey
Verify the Results with InSpec
describe package('git') do
it { should be_installed }
end
describe command('git') do
it { should exist }
end
describe command('which git') do
its('exit_status') { should eq 0 }
end
22. @nathenharvey
Zoom-in on Integration Testing
Create infrastructure that matches production
Run the automation
Verify the results
• Destroy the infrastructure
24. @nathenharvey
Zoom-in on Integration Testing
Create infrastructure that matches production
Run the automation
Verify the results
Destroy the infrastructure
39. @nathenharvey
InSpec to Detect Policy Violations
• InSpec is great for integration testing
• But it can also be used for security or compliance checks
40. Automate Test Execution
describe ini('/etc/tac_plus/tac_plus.conf') do
its('key') { should_not be_nil }
end
404.3.5:
Communication
between network
devices and central
authentication systems
must be encrypted at
all times.
41. Map Documentation to Controls
control 'sox-404.3.5' do
title 'Network Device to Central Auth Encryption'
impact 1.0
desc "
All communication between network devices and
central auth must be encrypted. Our TACACS+ servers
encrypt all the time and the presence of a
pre-shared key proves it."
describe ini('/etc/tac_plus/tac_plus.conf') do
its('key') { should_not be_nil }
end
end
404.3.5:
Communication
between network
devices and central
authentication systems
must be encrypted at
all times.
42. Share Context
control 'sox-404.3.5' do
title 'Network Device to Central Auth Encryption'
impact 1.0
desc "
All communication between network devices and
central auth must be encrypted. Our TACACS+ servers
encrypt all the time and the presence of a
pre-shared key proves it."
describe ini('/etc/tac_plus/tac_plus.conf') do
its('key') { should_not be_nil }
end
end
404.3.5:
Communication
between network
devices and central
authentication systems
must be encrypted at
all times.
59. @nathenharvey
Get Started with Test Kitchen
• Install Chef Development Kit - https://downloads.chef.io/chefdk
Test Kitchen
InSpec
• Install Driver Requirements
Vagrant – VirtualBox & Vagrant
Docker – Docker
GCE – None, but best to Google Cloud SDK installed
EC2 – None, but you need an AWS account
60. @nathenharvey
Use, Share, Contribute!
• Test Kitchen
https://kitchen.ci/
https://github.com/test-kitchen
• InSpec
https://www.inspec.io/
https://github.com/chef/inspec
• Code from this presentation
https://github.com/nathenharvey/intro-to-test-kitchen
https://github.com/nathenharvey/testing-ansible-with-inspec
https://github.com/nathenharvey/testing-terraform
61. @nathenharvey
Join us on Slack
• http://community-slack.chef.io
• #general (for Chef stuff)
• #test-kitchen
• #inspec
The Chef community
believes that diversity is one
of our biggest strengths!
YOU are welcome here!
62. @nathenharvey
Local Technology Slacks
• Baltimore
https://baltimoretech-slack.herokuapp.com/
• Washington DC
http://www.dctechslack.com/
Join a local technology
slack, or two, to help
maintain connections across
the community!