Environment Setup
January 5, 2024About 2 min
Required Software
- RVM, or another Ruby Management Tool
- Ruby v3 or higher
- Git
- VS Code or another IDE
- Docker (if you want to test hardened and non-hardened containers)
- AWS CLI
- AWS Account
Required Accounts
- AWS Console Account
- Platform One Account (used for container testing)
- P1 Harbor Token (used for container testing)
Test Suite Environment Variables
- Environment Variables used by Test Kitchen
INSPEC_CONTROL
: Specifies which single control to run in thebundle exec kitchen verify
phase, useful for testing and debugging a single requirement.- default:
none
- default:
KITCHEN_LOCAL_YAML
: Specifies the target testing environment you want to use to run and validate the profile.- default:
none
- default:
VANILLA_CONTAINER_IMAGE
: Specifies the Docker container image you consider 'not hardened' (used bykitchen.container.yml
).- default:
registry.access.redhat.com/ubi8/ubi:8.9-1028
- default:
HARDENED_CONTAINER_IMAGE
: Specifies the Docker container image you consider 'hardened' (used bykitchen.container.yml
).- default:
registry1.dso.mil/ironbank/redhat/ubi/ubi8
- default:
- AWS Environment
You can either use standard AWS Profiles to configure your environment or use the standard AWS Environment variables to run the test suite. See: AWS CLI Installation & Configuration
- Use the
AWS_PROFILE
environment variable and AWS Credential Profiles to simplify testing on multiple AWS environments or segments. This will allow you to easily manage multiple sets of AWS secrets and access keys with adjustments to a single variable. (See: AWS CLI and Profile Setup)
Setting Up Your Environment
- Set up your Ruby Version Management system.
- Install Ruby 3.1 or higher.
- Configure OpenSSL, organization certificates, etc., for your environment and tooling.
- Set up your AWS CLI.
- Clone the repository.
- Obtain your Harbor CLI Secret.
- After logging in, click on your User Profile "About" to get the token.
- Log in to the P1 Docker Registry.
- Use the command
docker login -u {PI USER NAME} -p '{HARBOR CLI SECRET}' registry1.dso.mil
. - Run
bundle install
in your isolated Ruby environment.
Post-Setup Checks
- Verify your newly installed Ruby environment by running
ruby --version
. - Confirm that InSpec was installed by running
bundle exec inspec --version
. - Check that Test Kitchen was installed by running
bundle exec kitchen version
. - Verify that your
aws-cli
is correctly configured by runningaws s3 ls
(or your preferred test command for AWS CLI). - Confirm your bundle installation by running
bundle exec inspec --version
. - Verify you can pull from RepoOne by running
docker pull https://repo1.dso.mil/dsop/redhat/ubi/ubi8
. - Celebrate 🎉️ if everything went well.