While you already have seen how Test-Kitchen works with InSpec in Part I there is much more if you have a deeper look into InSpec and Chef Compliance. This second part will handle so called controls and some of the features you´ll have using Chef Compliance as well.

If we remind the test we wrote last time:

it´s possible to enhance them with a control description like this:

With these attributes you are now able to check the consistency of the controls using:

Now there should be a result like:

inspec check

As you can see your 2 controls should be fine, but there are a few Errors/Warnings as your controls are not part of a profile. In order to have a so called profile it makes sense to create a new folder in your recipe: “atom/test/integration/default/inspec/controls” and move the atom.rb file into the controls folder:

Then you have to create a new file that contains the profile information:

where you add the following informations:

Now save it and you´re ready to check the profile again using the InSpec command and the new folder structure:

As result there should be everything fine now.

inspec check

Now you can check if your test verification runs with a profile as well using your test-kitchen environment:

Now that you have a profile you are ready to use this profile also in Chef Compliance to have a management, scheduled report and frontend solution.

To start with Chef Compliance you have to download the Compliance Server and install it. Please note that there is no need to use Chef Server at this time as we only want to check our profile compliance and don´t do fixing. As an alternative you can also use my Vagrant script to have a full demo environment in your network. There´s a Wiki that describes the full installation and configuration. Sometimes you have to add a line to your .kitchen.yml file to have public network access and an address to add to Chef Compliance:

As soon as you have you Compliance server in place you can upload your profile using the following inspec commands:

PRO TIP: Please note that –token needs the full token not the refreshToken (can be found under “About” on you Chef Compliance webpage user picture on the top right) and –insecure disables SSL verification.

Now your InSpec profile should be available on your Chef Compliance server:

inspec upload

This can be validated in the Chef Compliance front-end as well, where you can see the names, description and the rules:

Compliance Profile

The third part of this series will handle how you can add a node to Chef Compliance and test your profile against this node. Then you will learn how to use the “audit cookbook” and re-imediate the atom cookbook if the check fails.