Does kitchen-inspec support AWS targets?

[cameronattard]

Hi,

I've got some inspec suites that exclusively test AWS resources. Using inspec alone, I can successfully execute them using inspec exec tests -t aws://.

I'm now trying to use test-kitchen to provision a CloudFormation stack (using kitchen-cloudformation, and then run these tests against the provisioned resources.

Is there any way to configure kitchen-inspec to run against the aws:// target? It seems to expect an SSH target, and I'm getting the following error: Failed to complete #verify action: [Client error, can't connect to 'ssh' backend: You must provide a value for "host".]

Thanks.

[philipsahli]

Same need in our project. Is there any chance that kitchen-inspec will support that in the near future?

[murraypete]

Same here, though for Azure...would be very useful to have.

[chris-rock]

This is very good feedback! Thank you for reporting. It would be helpful to get a sample kitchen setup from you for azure and aws, so that we can use this for testing.

[bcarpio]

I would love to get this setup as well. Right now in Jenkins we have to call inspec directly since "kitchen verify" cannot support aws targets.

[brandonjbjelland]

I'm trying to do this same thing with kitchen-terraform on GCP and I'm unable to do so. It would make sense (from my somewhat limited use of inspec) if we were able to specify the default target within inspec.yml rather than confining this option only to the command line.

@chris-rock - my .kitchen.yml looks like the following:

---
driver:
  name: terraform
  root_module_directory: examples/zk-test-fixture

provisioner:
  name: terraform

platforms:
- name: gcp

verifier:
  name: terraform
  # inspec_options: "-t gcp://" # no way to force this currently

suites:
  -
    name: default
    verifier:
      groups:
        -
          name: default
          controls:
            - zookeeper

@cameronattard - not sure if this is helpful for you but when using terraform, awspec works in the way you're after. Example: https://github.com/terraform-aws-modules/terraform-aws-alb/blob/master/test/integration/default/test_alb.rb

[zenspider]

This requires @kekaichinose to weigh in.

[onetwopunch]

Is there any update on this? It would be great to use the gcp type in kitchen-terraform as well.

[damacus]

For anyone looking for an answer to this my current solution is bewlow. Using kitchen-terraform & kitchen-inspec

It feels like setting platforms to AWS should invoke the correct verifier, in this case aws

# kitchen.yml
---
driver:
  name: terraform
provisioner:
  name: terraform
verifier:
  name: terraform
  systems:
    - name: default
      backend: aws

platforms:
  - name: aws

suites:
    - name: default

# Gemfile
source 'https://rubygems.org/'

gem 'kitchen-terraform'
gem 'kitchen-inspec'
gem 'test-kitchen'