Windows infrastructure testing using InSpec – Part I

While joining Chef a while ago I have learned a lot about testing your infrastructure code. One of the most important lessons was TDD (Test Driven Development) that loosely means: “write tests first”. At Chef we have something called InSpec to describe tests in a simple way while developing infrastructure and application deployment code (like recipes/cookbooks).

This is a first blog post of a series about testing an application deployment (Atom Editor) on Windows using different things:

First of all you have to install Virtualbox, Vagrant and ChefDK on your machine, like described in their documentation. All of them are available for Windows, Linux and MacOS. If you want to run your tests against a Windows box you also have to add one to your Vagrant environment like described here. Now you will be able to generate cookbooks and run them using Test-Kitchen.

For this tutorial it makes sense to work in a cookbooks directory (if you use chef server) or just create a new directory like “~/workspace”. Within this folder you can now create a new cookbook using the ChefDK command:

chef generate cookbook atom

You can verify that everything is created using:

tree atom

You can see that there is a skeleton for your cookbook and a folder called “test”. As a default this is generated using Serverspec as testing language. As Chef we bought InSpec which is the successor of Serverspec (link) . So you now have to create a new folder in test/integration/default called inspec to achieve a new structure like test/integration/default/inspec (please note that you can also put everything into default). You can also validate you new structure using the “tree” command again.

Now that you have everything in place we can start writing a test for your Atom Editor deployment. The most important thing to know is how Atom is installed and what you want to test on. In this case we´ll check for:

  • path of the executable
  • execution of the application

But how can you find the right InSpec resources to test on? Here we go: InSpec resources

In our use case you´ll need: package, file, registry_key and command but there are much more available like audit_policy, csv, command, directory, group, interface,oneget (package manager), os, os_env, package, windows_feature, service, security_policy, registry_key, port, powershell, pip, vbscript, wmi.

Now you should start to edit a file called test/integration/default/inspec/atom.rb and start with the first test:

describe file('C:\\Users\\vagrant\\AppData\\Local\\atom\\app-1.7.3\\atom.exe') do
 it { should exist }
end

As you can see the file resource checks for the installation path of the atom.exe. This is to ensure that Atom is installed at the right location. As you can see this is based on the users path (vagrant). Next you should check for a successful start of the application:

describe command('C:\\Users\\vagrant\\AppData\\Local\\atom\\app-1.7.3\\atom.exe') do
  its(:exit_status) { should eq 0 }
end

The next step is to define how your test environment should look like. These parameters are defined in the .kitchen.yml file in your main cookbook folder. You have to enable InSpec as verifier and add your Windows box that you´ve imported before. Please note that you have to uncomment the other instances (Ubuntu, CentOs).

---
driver:
  name: vagrant

provisioner:
  name: chef_zero

# Uncomment the following verifier to leverage Inspec instead of Busser (the
# default verifier)
verifier:
 name: inspec

platforms:
  - name: windows-2012r2
  #- name: ubuntu-14.04
  #- name: centos-7.1

suites:
  - name: default
    run_list:
      - recipe[atom::default]
    attributes:

Now you´re ready to start your Kitchen instance using:

kitchen create

After this instance is up and running (you can check that using “kitchen list”) you can apply your check on this machine:

kitchen verify

What leads to two different failures (of course, cause we never installed Atom!)

inspec verify

Now let´s write the recipe to install Atom on your Windows box. First you have to edit the recipe in recipes/default.rb and add the following code snippet:

package 'Atom' do
  source 'https://atom.io/download/windows'
  remote_file_attributes(
    path: File.join(Chef::Config[:file_cache_path], 'AtomSetup.exe')
  )
   installer_type :custom
   options '/silent'
 end

This installs the Atom Editor on your virtual machine when applied with:

kitchen converge

kitchen converge

Now, there should be Atom installed and you can run the verification (test) again:

kitchen verify

This should now result in two successful examples:

kitchen verify

Let´s summarize what you did, you wrote a test that ensures that your application is installed and executable. You applied your test and developed a recipe to install your application and lastly you validated your result with a new test run.
Finally you can run the whole routine: Machine creation, Recipe application, Test execution and Machine destruction again using:

kitchen test

You´ve now finished the first part of using InSpec with test-kitchen and Chef!

 

One Comment

Gerrie Holtzhausen 11/11/2020 Reply

Hi, I noticed the link in the section – describe here as below does not work.

” If you want to run your tests against a Windows box you also have to add one to your Vagrant environment like described here. Now you will be able to generate cookbooks and run them using Test-Kitchen.”

Is it possibly to only execute kitchen verify against an existing windows server and not making use of Vagrant?
Nad basically setting it up to execute as a Jenkins build/job?

Leave a Reply