InSpec is an open-source testing framework to verify your infrastructure satisfies the design requirements.
In this article, we will learn to install and use InSpec with Chef.
Install InSpec
- Navigate to https://downloads.chef.io/inspec, and download the installer for the operating system of your workstation,
- Execute the downloaded installer.
Allow InSpec to verify Red Hat Enterprise Linux instances
InSpec needs “sudo” access to execute the tests, but Red Hat Enterprise Linux prevents that access. Execute the following code on every instance when it runs in Test Kitchen:
if (node.chef_environment == "_default")
# Running in Test Kitchen
# Ensure sudo is installed
package 'Install sudo' do
package_name 'sudo'
action :install
end
file '/etc/sudoers' do
mode 0440
owner 'root'
group 'root'
action :create
end
delete_lines 'remove hash-comments from /some/file' do
path '/etc/sudoers'
pattern '^.*requiretty'
end
end
Start to use InSpec
To use InSpec as the default integration testing tool in Chef Test Kitchen
- Open the .kitchen.yml file of the cookbook,
- Delete the following lines from the platform section if exist:
busser:
sudo: true
- Add the following lines to the file between provisioner: and platforms:
verifier:
name: inspec
- Place the test files into the default location of the InSpec integration test. The “verify” command executes all files in the directory.
test
|--smoke
|--default
|--MY_RECIPE_NAME1_test.rb
|--MY_RECIPE_NAME2_test.rb
- To execute the test file with the verify command, add these lines to every suite. This will execute all test files in the default folder.
verifier:
inspec_tests:
- test/smoke/default
- To execute only one test file, specify the file name:
verifier:
inspec_tests:
- test/smoke/default/MY_RECIPE_test.rb
- To execute the test file of another suite, use relative path, you can use tests from other cookbooks (../ANOTHER_COOKBOOK/test/recipes/ANOTHER_SUITE_NAME).
verifier:
inspec_tests:
- ../ANOTHER_COOKBOOK/test/smoke/default
- Create an integration test for your recipe. Create a new file in the test/recipes/THE_SUITE_NAME folder. The name does not matter, if you are planning to create only one test file for the suite, name the file after the suite: default_test.rb,
- The following is a simple example of an InSpec integration test:
# # encoding: utf-8
# Inspec test for recipe my_cookbook::default
# The Inspec reference, with examples and extensive documentation, can be
# found at https://docs.chef.io/inspec_reference.html
unless os.windows?
describe user('root') do
it { should exist }
skip 'This is an example test, replace with your own test.'
end
end
describe port(80) do
it { should_not be_listening }
skip 'This is an example test, replace with your own test.'
end
As you can see, the syntax of InSpec is (intentionally) very similar to ServerSpec, that it replaces. It is very easy to convert existing ServerSpec integration tests to InSpec compliance tests.
Differences between ServerSpec and InSpec
ServerSpec “process”
Does not work on a Windows host.
On Linux the syntax changed from
describe process('PROCESS_NAME') do
it { should be_running }
end
to
describe processes('PROCESS_NAME') do
its('states') { should eq ['R<'] }
end
registry_key
The :dword comparison uses the decimal value with no quotes instead of the hex value with quotes
changed from
describe registry_key('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full') do
it { should have_property_value('Release', :dword, '70805') } # 460805 decimal
end
to
describe registry_key('HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full') do
it { should have_property_value('Release', :dword, 460805) } # For dword use the decimal value, no quotes
end
For more information
For more information on the Kitchen InSpec verifier visit https://github.com/chef/kitchen-inspec