by Thierry de Pauw on
#cfgmgmtcamp
Developer Advocate at Chef
Software testing is an investigation conducted to provide stakeholders with information about the quality of the software product or service under test, Cem Kaner
The reason Chef Inspect is well adapted for software testing is it is designed to be much more human-readable.
Purposes of software testing:
Example Chef InSpec tests:
```
describe file('') do
it { should exist }
its('mode') { should cmp 0644 }
end
describe apache_conf do
its('Listen') { should cmp 8080}
end
describe port(8080) do
it { should be_listening }
end
```
Compliance
the fact of obeying a particular law or rule, or of acting according to an agreement. -- Cambridge Dictionary
control 'sshd-8' do
impact 0.6 #particular level of risk
title ''
desc ''
desc ''
Requires Chef InSpec >=2.3.4
tag 'ssh', 'sshd'
tag cce: 'CCE-27072-8'
# reference to a rule of why this test should be present
ref 'NSA-RH6-STIG - Section 3.5.2.1', url: 'https://www.nsa.gov/ia/...'
describe
...
end
end
ability to create custom resources
example: run tests against a JSON file
```
class ExampleConfig < Inspec.resource(1)
name 'example_config'
def initialize()
@path = '/tmp/example/config.yml'
@file = Inspec.exists(@path)
end
def exists?
end
end
describe exampleconfif do
it {shouldexist}
its('version') { ... }
end
```
Dow Jones, July 2017: 2.2 Million Records of PII - Misconfigured S3 Bucket
Accenture, October 2017 - 40.000 passwors, encryption & API keys - Misconfigured S3 bucket
Imperva, October 2018 - Customer data - Misconfigured RDS held AWS API key
```
describe awss3bucket('testbucket') do
it { shouldnot be_public }
end
describe aswsecuritygroup(group_name: '') do
it { should allow ...}
end
```
inspec-vault: if you use Vault for secrets
train plugins: all the connections that are supported
- aws
- digitalocean
- ...