kitchen-inspec
kitchen-inspec copied to clipboard
inspec
Support Testing Cloud Resources
It would be nice to test cloud resources in addition to system resources in effort to support CNI (Cloud Native Infrastructure) patterns. Currently, there is no mechanism to do this, other than a shell verifier with a data directory or another indirect method.
For complete integration testing, it will be necessary to test DNS entries, cloud load balancers, cloud databases, and other infrastructure in conjunction with systems that are configured.
As an example, this would be a sample YAML snippet for Test Kitchen to support testing on GCP.
suites:
- name: default
verifier:
inspec_tests:
- name: gcp
path: test/gcp/control/cluster.rb
transport: gcp://
attributes:
project_name: crypto-catfish-192703
cluster_zone: us-east1-b
cluster_name: guestbook
depends:
name: gcp-resources
url: https://github.com/inspec/inspec-gcp/archive/master.tar.gz
Is there any movement on this? I just need to be able to supply an inSpec 'target' to the verifier via Kitchen, which I can do easily via command line!
I think this is already supported (at least by kitchen-terraform), unless I'm misunderstanding the request?
https://github.com/newcontext-oss/kitchen-terraform/issues/286 has a bit more detail.
for example, we do something like this
provisioner:
name: terraform
platforms:
- name: local
verifier:
name: terraform
systems:
- name: remote-gcp
backend: gcp
reporter:
- progress
controls:
- foo
- bar
there are also some things that GCP's drivers don't support, and for those, we sometimes inspect the plan itself
- name: local-outputs
backend: local
reporter:
- progress
controls:
- foo
- bar
