InSpec Profile support in kitchen-inspec

[chris-rock]

Ability load compliance profiles from a remote storage.

Essentially implements test-kitchen/test-kitchen#434 for inspec

[iiro]

+1

[chris-rock]

related #46

[chris-rock]

This is solved with #51

suites:
  - name: profile
    run_list:
      - recipe[os_prepare]
    inspec_tests:
      - https://github.com/nathenharvey/tmp_compliance_profile

[iiro]

Hi,

this feature... I should be able to do this:

verifier:
  name: inspec

and this:

  - name: policy_web_apache2
    provisioner:
      policyfile: policies/web_apache2.rb
    inspec_tests:
      - https://github.com/nathenharvey/tmp_compliance_profile
    driver:
      tags:
        Name: "<%= ENV['USER'] %>'s (<%= ENV['SSH_USER'] %>) Test-Kitchen - policy web_apache2"

?

The output is:

# kitchen verify apache -l debug
-----> Starting Kitchen (v1.6.0)
-----> Using policyfile mode for chef-client
-----> Using policyfile mode for chef-client
-----> Verifying <policy-web-apache2-ubuntu-1404>...
       Search `/Users/iiro/checkouts/personal/chef-snippets/test-kitchen/test/integration/policy_web_apache2` for tests
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: Failed to complete #verify action: [Could not resolve /Users/iiro/checkouts/personal/chef-snippets/test-kitchen/test/integration/policy_web_apache2 to valid input.]
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration

D      ------Exception-------
D      Class: Kitchen::ActionFailed
D      Message: Failed to complete #verify action: [Could not resolve /Users/iiro/checkouts/personal/chef-snippets/test-kitchen/test/integration/policy_web_apache2 to valid input.]
D      ---Nested Exception---
D      Class: RuntimeError
D      Message: Could not resolve /Users/iiro/checkouts/personal/chef-snippets/test-kitchen/test/integration/policy_web_apache2 to valid input.
D      ------Backtrace-------
D      /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/inspec-0.14.2/lib/inspec/runner.rb:66:in `add_target'
D      /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/kitchen-inspec-0.12.3/lib/kitchen/verifier/inspec.rb:70:in `block in call'
D      /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/kitchen-inspec-0.12.3/lib/kitchen/verifier/inspec.rb:70:in `each'
D      /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/kitchen-inspec-0.12.3/lib/kitchen/verifier/inspec.rb:70:in `call'
D      /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/test-kitchen-1.6.0/lib/kitchen/instance.rb:423:in `block in verify_action'
D      /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/test-kitchen-1.6.0/lib/kitchen/instance.rb:513:in `call'
D      /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/test-kitchen-1.6.0/lib/kitchen/instance.rb:513:in `synchronize_or_call'
D      /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/test-kitchen-1.6.0/lib/kitchen/instance.rb:478:in `block in action'
D      /opt/chefdk/embedded/lib/ruby/2.1.0/benchmark.rb:279:in `measure'
D      /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/test-kitchen-1.6.0/lib/kitchen/instance.rb:477:in `action'
D      /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/test-kitchen-1.6.0/lib/kitchen/instance.rb:415:in `verify_action'
D      /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/test-kitchen-1.6.0/lib/kitchen/instance.rb:348:in `block in transition_to'
D      /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/test-kitchen-1.6.0/lib/kitchen/instance.rb:347:in `each'
D      /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/test-kitchen-1.6.0/lib/kitchen/instance.rb:347:in `transition_to'
D      /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/test-kitchen-1.6.0/lib/kitchen/instance.rb:160:in `verify'
D      /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/test-kitchen-1.6.0/lib/kitchen/command.rb:176:in `public_send'
D      /Users/iiro/.chefdk/gem/ruby/2.1.0/gems/test-kitchen-1.6.0/lib/kitchen/command.rb:176:in `block (2 levels) in run_action'
D      ----------------------
zlib(finalizer): the stream was freed prematurely.

The kitchen-inspec version is 0.12.3.

[chris-rock]

@iiro This was solved in master, but not released yet. 0.12.4 should do the trick. Please let us know if this works.

[iiro]

Superb! @chris-rock works beautifully - and this was the syntax:

suites:
  - name: policy_web_apache2
    provisioner:
      policyfile: policies/web_apache2.rb
    verifier:
      inspec_tests:
        - https://github.com/nathenharvey/tmp_compliance_profile

One question though: the output looks like this:

 ippes-mbp ~/checkouts/personal/chef-snippets/test-kitchen  git:(master) 2M# kitchen verify apache
-----> Starting Kitchen (v1.6.0)
-----> Using policyfile mode for chef-client
-----> Using policyfile mode for chef-client
-----> Verifying <policy-web-apache2-ubuntu-1404>...
       Search `/Users/iiro/checkouts/personal/chef-snippets/test-kitchen/test/integration/policy_web_apache2` for tests
..

Finished in 0.13829 seconds (files took 4.71 seconds to load)
2 examples, 0 failures

       Finished verifying <policy-web-apache2-ubuntu-1404> (0m4.51s).
-----> Kitchen is finished. (0m6.03s)

Is it by design that the output does include only that - or should there be something in addition too (e.g. output from each test separately)?