Skip to main content

Environment Setup

Aaron LippoldAbout 2 min

Required Software

  • RVM, or another Ruby Management Tool
  • Ruby v3 or higher
  • Git
  • VS Code or another IDE
  • Docker (if you want to test hardened and non-hardened containers)
  • AWS CLI
  • AWS Account

Required Accounts

  1. AWS Console Accountopen in new window
  2. Platform One Accountopen in new window (used for container testing)
  3. P1 Harbor Tokenopen in new window (used for container testing)

Test Suite Environment Variables

  1. Environment Variables used by Test Kitchen
  • INSPEC_CONTROL: Specifies which single control to run in the bundle exec kitchen verify phase, useful for testing and debugging a single requirement.
    • default: none
  • KITCHEN_LOCAL_YAML: Specifies the target testing environment you want to use to run and validate the profile.
    • default: none
  • VANILLA_CONTAINER_IMAGE: Specifies the Docker container image you consider 'not hardened' (used by kitchen.container.yml).
    • default: registry.access.redhat.com/ubi8/ubi:8.9-1028
  • HARDENED_CONTAINER_IMAGE: Specifies the Docker container image you consider 'hardened' (used by kitchen.container.yml).
    • default: registry1.dso.mil/ironbank/redhat/ubi/ubi8
  1. AWS Environment

You can either use standard AWS Profiles to configure your environment or use the standard AWS Environment variables to run the test suite. See: AWS CLI Installation & Configurationopen in new window

  • Use the AWS_PROFILE environment variable and AWS Credential Profiles to simplify testing on multiple AWS environments or segments. This will allow you to easily manage multiple sets of AWS secrets and access keys with adjustments to a single variable. (See: AWS CLI and Profile Setupopen in new window)

Setting Up Your Environment

  1. Set up your Ruby Version Management system.
  2. Install Ruby 3.1 or higher.
  3. Configure OpenSSL, organization certificates, etc., for your environment and tooling.
  4. Set up your AWS CLI.
  5. Clone the repository.
  6. Obtain your Harbor CLI Secretopen in new window.
  7. After logging in, click on your User Profile "About" to get the token.
  8. Log in to the P1 Docker Registry.
  9. Use the command docker login -u {PI USER NAME} -p '{HARBOR CLI SECRET}' registry1.dso.mil.
  10. Run bundle install in your isolated Ruby environment.

Post-Setup Checks

  • Verify your newly installed Ruby environment by running ruby --version.
  • Confirm that InSpec was installed by running bundle exec inspec --version.
  • Check that Test Kitchen was installed by running bundle exec kitchen version.
  • Verify that your aws-cli is correctly configured by running aws s3 ls (or your preferred test command for AWS CLI).
  • Confirm your bundle installation by running bundle exec inspec --version.
  • Verify you can pull from RepoOne by running docker pull https://repo1.dso.mil/dsop/redhat/ubi/ubi8.
  • Celebrate 🎉️ if everything went well.
Apache-2.0 | Copyright © 2022 - The MITRE Corporation
Copyright © 2024 Aaron Lippold