Getting Started

This is a quick guide to getting started with Kitchen-Terraform. It provides instructions for installing dependencies, creating a new Terraform module, and writing InSpec tests.

1. Install Dependencies 2. Create Project 3. Create & Apply Terraform code 4. Create & Run Inspec Tests

General Methods:

Install Terraform: https://www.terraform.io/downloads.html
Install Ruby: https://www.ruby-lang.org/en/documentation/installation/

Platform Methods

Mac OS (homebrew):

brew install terraform
brew install ruby

Useful Dependency Managers

tfenv
rbenv

Create module and folder structure by running these commands:

mkdir -p my_terraform_module
cd my_terraform_module

mkdir -p test/integration/kt_suite/controls \
         test/fixtures/tf_module/

Create the

Gemfile

to install our dependencies.

source "https://rubygems.org/" do
  gem "kitchen-terraform", "~> 7.0"
end

Install Kitchen-Terraform and other rubygems, install bundler if not installed yet.

gem install bundler
bundle install

Create the Test Kitchen configuration file,

.kitchen.yml

and configure the kitchen-terraform plugins to associate the fixture Terraform module with the InSpec profile.

---
driver:
  name: terraform
  parallelism: 4

provisioner:
  name: terraform

transport:
  name: terraform
  root_module_directory: test/fixtures/tf_module

verifier:
  name: terraform
  systems:
    - name: basic
      backend: local
      controls:
        - file_check

platforms:
  - name: terraform

suites:
  - name: kt_suite

Please refer back to this file as we continue to move on, take special note of the root_module_directory (test/fixtures/tf_module), control name under verifier (file_check), and the suite name (kt_suite). Each of these correspond to a folder structure and Inspec control test.

Create this file

main.tf

and add the block of code into it.

resource "null_resource" "create_file" {
  provisioner "local-exec" {
    command = "echo 'this is my first test' > foobar"
  }
}

Create Terraform fixture code that will call the null_resource from above. This helps simulate calling the Terraform code as a module.

Create this file

test/fixtures/tf_module/main.tf

and add the block of code into it.

module "kt_test" {
  source = "../../.."
}

Apply the fixture Terraform module configuration with Test Kitchen.

bundle exec kitchen converge

With the Terraform code created, it's now time to create the Inspec control tests. Please see the Inspec documentation to learn more about profiles and controls.

Create a default profile

test/integration/kt_suite/inspec.yml

---
name: default

Create Inspec control test file

test/integration/kt_suite/controls/basic.rb

# frozen_string_literal: true

control "file_check" do
  describe file('./test/fixtures/tf_module/foobar') do
    it { should exist }
  end
end

Run Inspec control tests with Test-Kitchen.

bundle exec kitchen verify

Kitchen-Terraform with the help of Test-Kitchen and Inspec have validated the results of running the Terraform code! Please take a peek at our documentation and tutorials for additional information.