18. Test Kitchen - Verify
Test Kitchen Verify Stage
The verify stage is when we are able to use Test Kitchen to validate that our InSpec profile was written properly.
The verify stage uses the kitchen-inspec verifier from Test Kitchen to run the InSpec profile against the test targets.
For this stage, the InSpec profile receives a set of tailored input YAML files. These files adjust the testing for each target, ensuring accurate validation against the expected state and minimizing incorrect results.
They are located at the root of the project and are named something like kitchen.inputs.yml.
There are also specific threshold files for each target environment platform (EC2, container, and Vagrant) in both the vanilla and hardened suites.
These establish the expected or allowed thresholds for vanilla and hardened configurations. Sometimes, we also have specific thresholds for hardened container or DISA EC2 vanilla configurations to allow for different hardening configurations that may be part of the test suite.
Key Points to Remember
- Input Files: Customize tests for each target environment.
- Threshold Files: Define acceptable limits for different configurations.
- Platform-Specific Settings: Ensure accurate validation across various platforms.
Practical Tips
- Always review and update input files to match the target environment.
- Verify threshold settings to ensure they align with your security requirements.
- Regularly test across different platforms to catch environment-specific issues.
- Use the
kitchen verifycommand to run the tests and validate the configurations. - Limit the control verify is running by using the
INSPEC_CONTROLenvironment variable.