Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to use resources provided by this library when invoked via test kitchen and kitchen-terraform #37

Closed
brandonjbjelland opened this issue Jun 29, 2018 · 6 comments

Comments

@brandonjbjelland
Copy link

Hey there, maintainers. Thanks for putting this project together, I'm excited to get started.

In trying to get going I'm running into a stumbling block on basically step 0. In my set up, I have kitchen-terraform instantiating a test fixture and I'd like inspec to do the verification. Everything seems to work until I put resources from this library in place.

control "application" do
  # this works just fine, gathering a static output from output.tf in my test fixtures
  # it shows at least that inspec is running the tests and everything is wired up properly
  describe 'outputs' do
    it 'has been properly hoisted' do
      expect(foo_id).to match /bar/
    end
  # The following dummy test seems to fail no matter how I try to require the libraries. unsure how to use the resources
  describe google_compute_instance(project: 'project-foo',  zone: 'us-west1-a', name: 'myhost') do
     it 'is true' do
       expect(true) == true
     end
   end
  end

The above returns the following:

Control Source Code Error /my_dir/test/integration/default/controls/application_spec.rb:9
     undefined method `google_compute_instance' for #<#<Class:0x00007fd66f7a4c00>:0x00007fd66f7af0d8>

What am I missing?

Thank you in advance. I know this is a simple/stupid user error.

@brandonjbjelland
Copy link
Author

brandonjbjelland commented Jun 29, 2018

I think this is some progress but not success. inspec.yml lives somewhere completely different in my configuration (one dir below the tests) than where inspec init places it so the inspec-gcp dependency has been added. This is what I get now:

  ×  zookeeper: outputs (1 failed)
     ✔  outputs has been properly hoisted
     ×  Control Source Code Error /my_dir/test/integration/default/controls/application_spec.rb:9
     undefined method `gcp_compute_client' for #<Train::Transports::Local::Connection:0x00007f855272de98>


Profile: Google Cloud Platform Resource Pack (inspec-gcp)
Version: 0.4.0
Target:  local://

     No tests executed.

Seems like the wrong transport is being used (local://)...

From your docs:

Check that the GCP transport is being specified as below:

$ inspec exec . -t gcp://

This tells the underlying transport layer (train) to use GCP.

If I invoke that command from the base dir of my tests, gcp:// becomes the schema. But integrating terraform outputs through kitchen terraform is kind of essential. Since it's test kitchen running the inspec command, how to force it to use gcp:// instead of local://. Can you give an example?

@skpaterson
Copy link

Hi @brandoconnor looks like you're doing everything right! I suspect what's happening here is an older version of InSpec is creeping in. Long story short, first thing to try is adding the following in the inspec.yml file being executed:

inspec_version: '>= 2.2.10'

If theinspec.yml being executed doesn't have that set we can end up with a version of InSpec (specifically train) that doesn't include the GCP transport. For information, this is the related issue: inspec/inspec#3066 - the inspec-gcp settings file specifies the correct minimal version but this currently gets ignored.

Let me know if that helps! If this was the problem I'll add a section to the FAQ describing the above.

@brandonjbjelland
Copy link
Author

Hmmm still no luck unfortunately. It appears I already had the suggested line in my inspec.yml configuration. I've bumped my Gemfile and inspec.yml to use the same version of inspec (inspec_version: '>= 2.2.27') but it looks like local:// is still the prevailing schema during kitchen verify execution. Any other ideas? Perhaps there's a section of my kitchen.yml that needs modification? Any examples of successful kitchen configurations would be mighty helpful.

@brandonjbjelland
Copy link
Author

I've got confirmation that adding -t gcp:// to the inspec command when run manually from the base test directory produces the correct target and passing tests. The only thing left is to force invocation by kitchen to also use this flag, which I'm still working through.

If it's possible to configure this flag through inspec.yml that'd be the best of all solutions but I haven't found as much. I think I need to configure kitchen-terraform to add this argument to the inspec command, but in pouring over that code, I haven't seen a way yet.

@brandonjbjelland brandonjbjelland changed the title unable to use resources provided by this library Unable to use resources provided by this library when invoked with test kitchen and kitchen-terraform Jul 3, 2018
@brandonjbjelland brandonjbjelland changed the title Unable to use resources provided by this library when invoked with test kitchen and kitchen-terraform Unable to use resources provided by this library when invoked via test kitchen and kitchen-terraform Jul 3, 2018
@skpaterson
Copy link

Apologies for the confusion, I see the problem now. After some digging I came across this: inspec/kitchen-inspec#179
Unfortunately it looks like the situation is the same for Azure, AWS and GCP. Without a change it looks like the only option is to run inspec directly instead of via test kitchen. Given there's a clear use-case for this working, l'll see whether anything can be done this side.

@brandonjbjelland
Copy link
Author

Good find. Yea I've been able to use awspec for this in past but not through inspec resources so it makes sense that using these inspec resource packs are the common denominator. I'll follow that thread for more updates and see what I can't glean from the Kitchen Terraform folks. Thanks again! I think this puts the issue on other projects so I'll close it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants