My talk from DevOpsCon Berlin 2019 about the lessons I've learned from agile software development that can be applied to infrastructure as code including Terraform unit testing and CloudFormation linting.
11. @growerofawesome
Quality
Inspec controls
control 'mysql-password-management’ do
title 'Do not store your MySQL password in your ENV’
desc ‘
Storing credentials in your ENV may easily exposes
them to an attacker. Prevent this at all costs.
‘
describe command('env') do
its('stdout') { should_not match /^MYSQL_PWD=/ }
end
end
control 'apache-running’ do
title 'Apache2 should be configured and running’
describe service(apache.service) do
it { should be_enabled }
it { should be_running }
end
end
17. @growerofawesome
Quality Given I apply the |CV_2019_Web |route table
When I send | HTTP | traffic from my third-party
load test harness
Then I expect The load test harness to | FAIL |
And I expect an entry in the | TRAFFIC | log file
to indicate that the traffic was | DENIED |