Test Driven Infrastructure on GCP
Testing Google Cloud using InSpec
Many by now have heard of Test Driven Development, where tests are written first, and then the code. Some may even know Infrastructure As Code, where we can craft our entire infrastructure using code.
Combining these two we have Test Driven Infrastructure, where we can write tests that inspect and test our very infrastructure, and we are free to chose whatever method to get to our desired state, manually using a web console, or popular cloud trendy provisioning tools, like Cloudformation (AWS only), Ansible, or Terraform.
InSpec has recently added to test cloud resources in Azure, AWS, and GCP. In this article I explore creating a Kubernetes cluster on Google Cloud and testing this with InSpec.
First we’ll tart with a simple test…
Installing The Tools
For this tutorial you will need to fetch the following tools:
- Google Cloud SDK: https://cloud.google.com/sdk/
- Terraform: https://www.terraform.io/
- Inspec 2.0: https://www.inspec.io/
You’ll have to create a Google Cloud account and authorize your system to use the Google Cloud tools:
Mac OS X (now macOS) users using Homebrew can grab all of these by creating a small brew bundle:
cat <<-"EOF" > Brewfile
tap 'chef/chef'
cask 'inspec'
cask 'google-cloud-sdk'
brew 'terraform'
EOFbrew bundle --verbose
To make sure google-cloud-sdk and inspec tools are working, we can try the following:
inspec detect -t gcp://== Platform DetailsName: gcp
Families: cloud, api
Release: google-cloud-v
Creating the Tests
Now we need to create a small code structure for our tests for a future cluster we’ll call guestbook:
inspec init profile guestbook-profile
touch attributes.yml
mv guestbook-profile/default.rb \
guestbook-profile/cluster_test.rbThis should create a structure like this:
.
├── attributes.yml
└── guestbook-profile
├── README.md
├── controls
│ └── cluster_test.rb
├── inspec.lock
├── inspec.yml
└── librariesAssuming that you have configured access to GCP with Google Cloud SDK, we can initialize an attributes file used for this test with the following command:
cat <<-"EOF" > attributes.yml
project_name: $(gcloud config list --format 'value(core.project)')
cluster_region: us-east1
cluster_name: guestbook
EOFWe also want to configure this profile to use GCP:
cat <<-"EOF" > guestbook-profile/inspec.yml
name: guestbook-profile
title: InSpec Profile
maintainer: MuadDib
copyright: MuadDib
copyright_email: khaderach@spice.arrakis
license: MIT
summary: InSpec GCP Cluster Demo
version: 0.1.0depends:
- name: gcp-resources
url: https://github.com/inspec/inspec-gcp/archive/master.tar.gz
supports:
- platform: gcp
EOF
Now that we have our environment created, it is time to craft a small test for our cluster by editing cluster_test.rb:
Now we can test this:
inspec exec guestbook-profile -t gcp:// --attrs attributes.ymlThis will of course fail, as we have yet to set up our cluster:
Profile: InSpec Profile (guestbook-profile)
Version: 0.1.0
Target: gcp://764086051850-6gn4p6qla6lp506wb8ikvt83di341hur.apps.googleusercontent.com× gcp-1: Check Guestbook Cluster
× Cluster guestbook
The resource "projects/arrakis-dune" was not found.Profile: Google Cloud Platform Resource Pack (inspec-gcp)
Version: 0.2.0
Target: gcp://764086051850-6gn4p6qla6lp506wb8ikvt83di341hur.apps.googleusercontent.comNo tests executed.Profile Summary: 0 successful controls, 1 control failure, 0 controls skipped
Test Summary: 0 successful, 1 failure, 0 skipped
Creating the Cluster
Now let’s create a cluster using Terraform. We can do this with terraform. Create a file called cluster.tf with this content:
We will need to initialize some environment variables to use in creating this cluster:
export TF_VAR_project="$(gcloud config list\
--format 'value(core.project)'
)"
export TF_VAR_region="us-east1"
export TF_VAR_user="admin"
export TF_VAR_password="m8XBWrg2zt8R8JoH"We’ll need to initialize the Terraform environment, which means downloading the plug-in for google cloud:
terraform initNow we can run these commands to look at what we will create and then to create the cluster:
terraform plan # inspect changes that will be made
terraform apply # apply these changes to create cloud resourcesVoilà! We have our cluster.
Running the tests
Now we can run our tests:
inspec exec guestbook-profile -t gcp:// --attrs attributes.ymlThis will have results like this:
Profile: InSpec Profile (guestbook-profile)
Version: 0.1.0
Target: gcp://764086051850-6gn4p6qla6lp506wb8ikvt83di341hur.apps.googleusercontent.com✔ gcp-1: Check Guestbook Cluster
✔ Cluster guestbook should exist
✔ Cluster guestbook name should eq "guestbook"
✔ Cluster guestbook status should eq "RUNNING"
✔ Cluster guestbook master_auth.username should eq "admin"
✔ Cluster guestbook network should eq "default"
✔ Cluster guestbook subnetwork should eq "default"
✔ Cluster guestbook initial_node_count should eq 3Profile: Google Cloud Platform Resource Pack (inspec-gcp)
Version: 0.2.0
Target: gcp://764086051850-6gn4p6qla6lp506wb8ikvt83di341hur.apps.googleusercontent.comNo tests executed.Profile Summary: 1 successful control, 0 control failures, 0 controls skipped
Test Summary: 7 successful, 0 failures, 0 skipped
And there we have it, we have tests to verify our GCP resource, whether we use Terraform, GCloud SDK, Ansible, or some other method.
References
Google Resouce Pack
Source code and Blog.
- InSpec GCP (Google Cloud Platform) Resource Pack by Christoph Hartmann.
- Google Cloud Platform support for InSpec by Christoph Hartmann. (blog). 2018.
Test Driven Infrastructure Articles
Early articles during Iron Age. Recent current articles for Cloud Age yet to be created.
- Day 13 — Test Driven Infrastructure with Vagrant, Puppet and Guard by Patrick Deboois. December 13, 2011.
- Test-driven infrastructure: Continually testing scripted environments, by Paul Duvall. November 6, 2012.
- Test-Driven Infrastructure Development, Puppet Camp Barcelona. 2013 by Tomas Doran, March 14, 2013.
- Test-Driven Infrastructure (TDI), by Justin Kulesz. October 28, 2014.
- Overview of Test Driven Infrastructure with Chef, by Joshua Timberman. April 21, 2015.
- Test driven infrastructure (slide deck), by Filippo Liverani. December 10, 2015.
