Nathen Harvey, profile picture
Uploaded byNathen Harvey
PPTX, PDF997 views

Introduction to Test Kitchen and InSpec

The document provides an introduction to Test Kitchen, focusing on its role in infrastructure automation and testing through integration testing, using platforms like Ubuntu and CentOS. It explains the process of creating, verifying, and destroying infrastructure to ensure it matches production standards, with tools like InSpec for compliance testing. The document emphasizes the importance of feedback cycles, scaling confidence, and maintaining infrastructure integrity through automated testing workflows.

Embed presentation

Downloaded 13 times
@nathenharvey Introduction to Test Kitchen
@nathenharvey Hello! Nathen Harvey VP, Community Development Chef @nathenharvey
@nathenharvey Why Testing? • Move fast with a safety net • Decrease feedback cycles • Increase confidence • Prevent regressions • Scale
@nathenharvey Developing Infrastructure Automation • Write the automation • Static analysis • Unit testing • Integration testing • Commit to version control • Submit to pipeline
@nathenharvey Zoom-in on Integration Testing • Create infrastructure that matches production • Run the automation • Verify the results • Destroy the infrastructure
@nathenharvey Test Kitchen Test harness to execute infrastructure code on one or more platforms in isolation.
@nathenharvey Before we continue… $ kitchen verify -c 2
@nathenharvey The Test Kitchen platforms: - name: ubuntu-16.04 - name: centos-7 platforms
@nathenharvey The Test Kitchen platforms: - name: ubuntu-16.04 - name: centos-7 kitchen create platforms
@nathenharvey The Test Kitchen driver: name: gce platforms: - name: ubuntu-16.04 - name: centos-7 kitchen create driver platforms
@nathenharvey Zoom-in on Integration Testing Create infrastructure that matches production • Run the automation • Verify the results • Destroy the infrastructure
@nathenharvey The Test Kitchen driver: name: vagrant platforms: - name: ubuntu-16.04 - name: centos-7 kitchen create driver platforms kitchen converge
@nathenharvey The Test Kitchen driver: name: vagrant platforms: - name: ubuntu-16.04 - name: centos-7 provisioner: name: chef_zero kitchen create driver platforms kitchen converge provisioner
@nathenharvey Chef Recipe package 'git' do action :install end
@nathenharvey Zoom-in on Integration Testing Create infrastructure that matches production Run the automation • Verify the results • Destroy the infrastructure
@nathenharvey InSpec • Open-source framework • Infrastructure testing • Make assertions about state of resources in the infrastructure
@nathenharvey Sample InSpec Code describe service('apache2') do it { should be_running } end describe port(80) do it { should be_listening } end describe http('http://localhost', enable_remote_worker: true) do its('status') { should cmp 200 } its('body') { should match /Welcome to / } end
@nathenharvey The Test Kitchen driver: name: vagrant platforms: - name: ubuntu-16.04 - name: centos-7 provisioner: name: chef_zero kitchen create driver platforms kitchen converge provisioner kitchen verify
@nathenharvey The Test Kitchen driver: name: vagrant platforms: - name: ubuntu-16.04 - name: centos-7 provisioner: name: chef_zero verifier: name: inspec kitchen create driver platforms kitchen converge provisioner kitchen verify verifier
@nathenharvey Verify the Results with InSpec describe package('git') do it { should be_installed } end describe command('git') do it { should exist } end describe command('which git') do its('exit_status') { should eq 0 } end
@nathenharvey Zoom-in on Integration Testing Create infrastructure that matches production Run the automation Verify the results • Destroy the infrastructure
@nathenharvey The Test Kitchen driver: name: vagrant platforms: - name: ubuntu-16.04 - name: centos-7 provisioner: name: chef_zero verifier: name: inspec kitchen create driver platforms kitchen converge provisioner kitchen verify verifier kitchen destroy
@nathenharvey Zoom-in on Integration Testing Create infrastructure that matches production Run the automation Verify the results Destroy the infrastructure
@nathenharvey The Test Kitchen kitchen test kitchen create driver platforms kitchen converge provisioner kitchen verify verifier kitchen destroy
@nathenharvey The Test Kitchen kitchen destroy kitchen test kitchen create driver platforms kitchen converge provisioner kitchen verify verifier kitchen destroy
@nathenharvey The Test Kitchen kitchen destroy kitchen create kitchen test kitchen create driver platforms kitchen converge provisioner kitchen verify verifier kitchen destroy
@nathenharvey The Test Kitchen kitchen destroy kitchen create kitchen converge kitchen test kitchen create driver platforms kitchen converge provisioner kitchen verify verifier kitchen destroy
@nathenharvey The Test Kitchen kitchen destroy kitchen create kitchen converge kitchen verify kitchen test kitchen create driver platforms kitchen converge provisioner kitchen verify verifier kitchen destroy
@nathenharvey The Test Kitchen kitchen create driver platforms kitchen converge provisioner kitchen verify verifier kitchen destroy kitchen destroy kitchen create kitchen converge kitchen verify kitchen destroy kitchen test
@nathenharvey More Test Kitchen <3
@nathenharvey The Test Kitchen driver: name: kitchen create driver
@nathenharvey Remember this? $ kitchen verify -c 2 Let’s go check-in on it… $ kitchen list
@nathenharvey Kitchen List
@nathenharvey The Test Kitchen provisioner: name: kitchen converge provisioner
@nathenharvey The Test Kitchen verifier: name: kitchen verify verifier
@nathenharvey Compliance Testing
@nathenharvey
@nathenharvey InSpec to Detect Policy Violations • InSpec is great for integration testing • But it can also be used for security or compliance checks
Automate Test Execution describe ini('/etc/tac_plus/tac_plus.conf') do its('key') { should_not be_nil } end 404.3.5: Communication between network devices and central authentication systems must be encrypted at all times.
Map Documentation to Controls control 'sox-404.3.5' do title 'Network Device to Central Auth Encryption' impact 1.0 desc " All communication between network devices and central auth must be encrypted. Our TACACS+ servers encrypt all the time and the presence of a pre-shared key proves it." describe ini('/etc/tac_plus/tac_plus.conf') do its('key') { should_not be_nil } end end 404.3.5: Communication between network devices and central authentication systems must be encrypted at all times.
Share Context control 'sox-404.3.5' do title 'Network Device to Central Auth Encryption' impact 1.0 desc " All communication between network devices and central auth must be encrypted. Our TACACS+ servers encrypt all the time and the presence of a pre-shared key proves it." describe ini('/etc/tac_plus/tac_plus.conf') do its('key') { should_not be_nil } end end 404.3.5: Communication between network devices and central authentication systems must be encrypted at all times.
@nathenharvey dev-sec.io
@nathenharvey Add Linux Baseline to Test Kitchen suites: - name: default verifier: inspec_tests: - test/integration/default - https://github.com/dev-sec/linux-baseline
@nathenharvey So many failures • Stop when the build breaks • We need to get to green • What is the best way to get the build green?
@nathenharvey Wrap it up • Create a TODO list • One measure of technical debt • Get to green by commenting out tests?!
@nathenharvey Wrapper Profile name: my-linux-baseline title: InSpec Profile maintainer: The Authors copyright: The Authors copyright_email: you@example.com license: Apache-2.0 summary: An InSpec Compliance Profile version: 0.1.0 depends: - name: linux-baseline url: https://github.com/dev-sec/linux-baseline/archive/master.tar.gz
@nathenharvey Wrapper Profile include_controls 'linux-baseline' do skip_control 'os-05' skip_control 'package-08' skip_control 'sysctl-05' ... end
@nathenharvey Hardening Playbook
@nathenharvey - hosts: all become: true become_user: root become_method: sudo roles: - { role: apache } - { role: dev-sec.os-hardening } Add to the Playbook
@nathenharvey One Commit
@nathenharvey
@nathenharvey
@nathenharvey Use InSpec to Verify Terraform-created Infrastructure https://www.slideshare.net/nathenharvey/testing-terraform-102777946
@nathenharvey September 10 & 11
@nathenharvey
@nathenharvey
@nathenharvey Get Started with Test Kitchen • Install Chef Development Kit - https://downloads.chef.io/chefdk Test Kitchen InSpec • Install Driver Requirements Vagrant – VirtualBox & Vagrant Docker – Docker GCE – None, but best to Google Cloud SDK installed EC2 – None, but you need an AWS account
@nathenharvey Use, Share, Contribute! • Test Kitchen https://kitchen.ci/ https://github.com/test-kitchen • InSpec https://www.inspec.io/ https://github.com/chef/inspec • Code from this presentation https://github.com/nathenharvey/intro-to-test-kitchen https://github.com/nathenharvey/testing-ansible-with-inspec https://github.com/nathenharvey/testing-terraform
@nathenharvey Join us on Slack • http://community-slack.chef.io • #general (for Chef stuff) • #test-kitchen • #inspec The Chef community believes that diversity is one of our biggest strengths! YOU are welcome here!
@nathenharvey Local Technology Slacks • Baltimore https://baltimoretech-slack.herokuapp.com/ • Washington DC http://www.dctechslack.com/ Join a local technology slack, or two, to help maintain connections across the community!
@nathenharvey What questions can I answer for you? Nathen Harvey VP, Community Development Chef @nathenharvey

More Related Content

PPTX
Introduction to Test Kitchen
byNathen Harvey
 
PPTX
Effective Testing with Ansible and InSpec
byNathen Harvey
 
PPTX
Effective Testing with Ansible and InSpec
byNathen Harvey
 
PDF
Game of Codes: the Battle for CI
byAtlassian
 
PDF
Bay Area Chef Meetup February
byJessica DeVita
 
PPTX
Drupal Continuous Integration with Jenkins - The Basics
byJohn Smith
 
PDF
DevOp with Me!
byNathen Harvey
 
PDF
At Your Service: Using Jenkins in Operations
byMandi Walls
 
Introduction to Test Kitchen
byNathen Harvey
 
Effective Testing with Ansible and InSpec
byNathen Harvey
 
Effective Testing with Ansible and InSpec
byNathen Harvey
 
Game of Codes: the Battle for CI
byAtlassian
 
Bay Area Chef Meetup February
byJessica DeVita
 
Drupal Continuous Integration with Jenkins - The Basics
byJohn Smith
 
DevOp with Me!
byNathen Harvey
 
At Your Service: Using Jenkins in Operations
byMandi Walls
 

What's hot

PDF
Introduction to Infrastructure as Code & Automation / Introduction to Chef
byNathen Harvey
 
PDF
Prescriptive System Security with InSpec
byAll Things Open
 
PDF
Rise of the Machines - Automate your Development
bySven Peters
 
PDF
CI and CD Across the Enterprise with Jenkins (devops.com Nov 2014)
byCloudBees
 
PDF
London Hashicorp Meetup #8 - Testing Programmable Infrastructure By Matt Long
byOpenCredo
 
PPTX
Automated Deployments
byMartin Etmajer
 
PDF
Docker and Puppet for Continuous Integration
byGiacomo Vacca
 
PPTX
London Community Summit - Chef at SkyBet
byChef
 
PPTX
Automated Infrastructure Testing
byRanjib Dey
 
PPTX
How to Write Chef Cookbook
bydevopsjourney
 
PPTX
Automated Deployment Pipeline using Jenkins, Puppet, Mcollective and AWS
byBamdad Dashtban
 
PPTX
Testing for infra code using test-kitchen,docker,chef
bykamalikamj
 
PDF
Intermediate/Compliance training Guide
byChef
 
PDF
Testing programmable infrastructure
byMatt Long
 
PPTX
Compliance Automation with Inspec Part 4
byChef
 
PDF
Drone your Ansible
byDennis Rowe
 
PDF
Test Driven Development with Chef
bySimone Soldateschi
 
ODP
Jenkinsconf Presentation - Advance jenkins management with multiple projects.
byOhad Basan
 
ZIP
Drupal Deployment
byJeff Eaton
 
PDF
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and Maintenance
byCloudBees
 
Introduction to Infrastructure as Code & Automation / Introduction to Chef
byNathen Harvey
 
Prescriptive System Security with InSpec
byAll Things Open
 
Rise of the Machines - Automate your Development
bySven Peters
 
CI and CD Across the Enterprise with Jenkins (devops.com Nov 2014)
byCloudBees
 
London Hashicorp Meetup #8 - Testing Programmable Infrastructure By Matt Long
byOpenCredo
 
Automated Deployments
byMartin Etmajer
 
Docker and Puppet for Continuous Integration
byGiacomo Vacca
 
London Community Summit - Chef at SkyBet
byChef
 
Automated Infrastructure Testing
byRanjib Dey
 
How to Write Chef Cookbook
bydevopsjourney
 
Automated Deployment Pipeline using Jenkins, Puppet, Mcollective and AWS
byBamdad Dashtban
 
Testing for infra code using test-kitchen,docker,chef
bykamalikamj
 
Intermediate/Compliance training Guide
byChef
 
Testing programmable infrastructure
byMatt Long
 
Compliance Automation with Inspec Part 4
byChef
 
Drone your Ansible
byDennis Rowe
 
Test Driven Development with Chef
bySimone Soldateschi
 
Jenkinsconf Presentation - Advance jenkins management with multiple projects.
byOhad Basan
 
Drupal Deployment
byJeff Eaton
 
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and Maintenance
byCloudBees
 

Similar to Introduction to Test Kitchen and InSpec

PDF
Testable Infrastructure with Chef, Test Kitchen, and Docker
byMandi Walls
 
PPTX
Using Chef InSpec for Infrastructure Security
byMandi Walls
 
PDF
Using Test Kitchen for testing Chef cookbooks
byTimur Batyrshin
 
PDF
Ansible, integration testing, and you.
byBob Killen
 
PDF
Test Driven Infrastructure with Docker, Test Kitchen and Serverspec
byYury Tsarev
 
PDF
Compliance as Code
byMatt Ray
 
PDF
Terraform Testing with InSpec Demo
byAnnie Hedgpeth
 
PDF
Test Kitchen and Infrastructure as Code
byCybera Inc.
 
PDF
Atmosphere 2018: Yury Tsarev - TEST DRIVEN INFRASTRUCTURE FOR HIGHLY PERFORMI...
byPROIDEA
 
PDF
Chef for beginners module 5
byChef
 
PPTX
Prescriptive Security with InSpec - All Things Open 2019
byMandi Walls
 
PPTX
InSpec at DevOps ATL Meetup January 22, 2020
byMandi Walls
 
PPTX
InSpec For DevOpsDays Amsterdam 2017
byMandi Walls
 
PDF
Automating Compliance with InSpec - Chef Singapore Meetup
byMatt Ray
 
PDF
Philly security shell meetup
byNicole Johnson
 
PPTX
Adding Security to Your Workflow With InSpec - SCaLE17x
byMandi Walls
 
PPTX
DevSecCon London 2017: Inspec workshop by Mandi Walls
byDevSecCon
 
PPTX
InSpec Workshop DevSecCon 2017
byMandi Walls
 
PPTX
2019 Chef InSpec Jumpstart Part 1 of 2
byLarry Eichenbaum
 
PDF
2016 - Compliance as Code - InSpec
bydevopsdaysaustin
 
Testable Infrastructure with Chef, Test Kitchen, and Docker
byMandi Walls
 
Using Chef InSpec for Infrastructure Security
byMandi Walls
 
Using Test Kitchen for testing Chef cookbooks
byTimur Batyrshin
 
Ansible, integration testing, and you.
byBob Killen
 
Test Driven Infrastructure with Docker, Test Kitchen and Serverspec
byYury Tsarev
 
Compliance as Code
byMatt Ray
 
Terraform Testing with InSpec Demo
byAnnie Hedgpeth
 
Test Kitchen and Infrastructure as Code
byCybera Inc.
 
Atmosphere 2018: Yury Tsarev - TEST DRIVEN INFRASTRUCTURE FOR HIGHLY PERFORMI...
byPROIDEA
 
Chef for beginners module 5
byChef
 
Prescriptive Security with InSpec - All Things Open 2019
byMandi Walls
 
InSpec at DevOps ATL Meetup January 22, 2020
byMandi Walls
 
InSpec For DevOpsDays Amsterdam 2017
byMandi Walls
 
Automating Compliance with InSpec - Chef Singapore Meetup
byMatt Ray
 
Philly security shell meetup
byNicole Johnson
 
Adding Security to Your Workflow With InSpec - SCaLE17x
byMandi Walls
 
DevSecCon London 2017: Inspec workshop by Mandi Walls
byDevSecCon
 
InSpec Workshop DevSecCon 2017
byMandi Walls
 
2019 Chef InSpec Jumpstart Part 1 of 2
byLarry Eichenbaum
 
2016 - Compliance as Code - InSpec
bydevopsdaysaustin
 

More from Nathen Harvey

PPTX
Testing Terraform
byNathen Harvey
 
PDF
Using Error Budgets to Prioritize Work
byNathen Harvey
 
PDF
Accelerate Your DevOps Journey
byNathen Harvey
 
PDF
Walk This Way - An Introduction to DevOps
byNathen Harvey
 
PPTX
Compliance Automation with InSpec
byNathen Harvey
 
PDF
DevOps Days India Keynote
byNathen Harvey
 
PPTX
Mongo db at_customink
byNathen Harvey
 
PDF
Continuous Delivery - GDG Cloud Baltimore
byNathen Harvey
 
PDF
Step AFK: Practical Advice for Career Adavancement
byNathen Harvey
 
Testing Terraform
byNathen Harvey
 
Using Error Budgets to Prioritize Work
byNathen Harvey
 
Accelerate Your DevOps Journey
byNathen Harvey
 
Walk This Way - An Introduction to DevOps
byNathen Harvey
 
Compliance Automation with InSpec
byNathen Harvey
 
DevOps Days India Keynote
byNathen Harvey
 
Mongo db at_customink
byNathen Harvey
 
Continuous Delivery - GDG Cloud Baltimore
byNathen Harvey
 
Step AFK: Practical Advice for Career Adavancement
byNathen Harvey
 

Recently uploaded

PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PPTX
The Landscape of Computer Software Development Companies
byYash Singh
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
PPTX
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
December Patch Tuesday
byIvanti
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
The year in review - MarvelClient in 2025
bypanagenda
 
The Landscape of Computer Software Development Companies
byYash Singh
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 

Introduction to Test Kitchen and InSpec