kitchen-inspec icon indicating copy to clipboard operation
kitchen-inspec copied to clipboard

Published 20 hours ago verified publisher icon inspec

Does kitchen-inspec support AWS targets?

Open cameronattard opened this issue 6 years ago • 8 comments

Hi,

I've got some inspec suites that exclusively test AWS resources. Using inspec alone, I can successfully execute them using inspec exec tests -t aws://.

I'm now trying to use test-kitchen to provision a CloudFormation stack (using kitchen-cloudformation, and then run these tests against the provisioned resources.

Is there any way to configure kitchen-inspec to run against the aws:// target? It seems to expect an SSH target, and I'm getting the following error: Failed to complete #verify action: [Client error, can't connect to 'ssh' backend: You must provide a value for "host".]

Thanks.

cameronattard avatar Mar 23 '18 03:03 cameronattard

Same need in our project. Is there any chance that kitchen-inspec will support that in the near future?

philipsahli avatar Mar 28 '18 19:03 philipsahli

Same here, though for Azure...would be very useful to have.

murraypete avatar Apr 06 '18 07:04 murraypete

This is very good feedback! Thank you for reporting. It would be helpful to get a sample kitchen setup from you for azure and aws, so that we can use this for testing.

chris-rock avatar Apr 06 '18 12:04 chris-rock

I would love to get this setup as well. Right now in Jenkins we have to call inspec directly since "kitchen verify" cannot support aws targets.

bcarpio avatar May 16 '18 15:05 bcarpio

I'm trying to do this same thing with kitchen-terraform on GCP and I'm unable to do so. It would make sense (from my somewhat limited use of inspec) if we were able to specify the default target within inspec.yml rather than confining this option only to the command line.

@chris-rock - my .kitchen.yml looks like the following:

---
driver:
  name: terraform
  root_module_directory: examples/zk-test-fixture

provisioner:
  name: terraform

platforms:
- name: gcp

verifier:
  name: terraform
  # inspec_options: "-t gcp://" # no way to force this currently

suites:
  -
    name: default
    verifier:
      groups:
        -
          name: default
          controls:
            - zookeeper

@cameronattard - not sure if this is helpful for you but when using terraform, awspec works in the way you're after. Example: https://github.com/terraform-aws-modules/terraform-aws-alb/blob/master/test/integration/default/test_alb.rb

brandonjbjelland avatar Jul 03 '18 18:07 brandonjbjelland

This requires @kekaichinose to weigh in.

zenspider avatar Oct 08 '19 23:10 zenspider

Is there any update on this? It would be great to use the gcp type in kitchen-terraform as well.

onetwopunch avatar Jan 03 '20 19:01 onetwopunch

For anyone looking for an answer to this my current solution is bewlow. Using kitchen-terraform & kitchen-inspec

It feels like setting platforms to AWS should invoke the correct verifier, in this case aws

# kitchen.yml
---
driver:
  name: terraform
provisioner:
  name: terraform
verifier:
  name: terraform
  systems:
    - name: default
      backend: aws

platforms:
  - name: aws

suites:
    - name: default

# Gemfile
source 'https://rubygems.org/'

gem 'kitchen-terraform'
gem 'kitchen-inspec'
gem 'test-kitchen'

damacus avatar Apr 28 '20 11:04 damacus