1

I am using Kitchen terraform to deploy/test a environment on GCP.

I am struggling to get the kitchen/inspec part to use the terraform output values, so i can use them in my tests.

This is what I have

My inspec.yml

name: default
depends:
  - name: inspec-gcp
    url: https://github.com/inspec/inspec-gcp/archive/master.tar.gz
supports:
  - platform: gcp
attributes:
- name: gcloud_project
  required: true
  description: gcp project
  type: string

My Kitchen Yaml

driver:
  name: terraform
  root_module_directory: test/fixtures/tf_module

provisioner:
  name: terraform

verifier:
  name: terraform
  format: documentation
  systems:
    - name: default
      backend: gcp
      controls:
        - instance

platforms:
  - name: terraform

suites:
  - name: kt_suite

My Unit test

gcloud_project = attribute('gcloud_project', 
  { description: "The name of the project where resources are deployed." })

  control "instance" do
    describe google_compute_instance(project: "#{gcloud_project}",  zone: 'us-central1-c', name: 'test') do
        its('status') { should eq 'RUNNING' }
      its('machine_type') { should match 'n1-standard-1' }
    end
  end

my output.tf

output "gcloud_project" {
  description = "The name of the GCP project to deploy against. We need this output to pass the value to tests."
  value       = "${var.project}"
}

The error I am getting is

  ×  instance: /mnt/c/Users/Github/terra-test-project/test/integration/kt_suite/controls/default.rb:4
     ×  Control Source Code Error /mnt/c/Users/Github/terra-test-project/test/integration/kt_suite/controls/default.rb:4
     bad URI(is not URI?): "https://compute.googleapis.com/compute/v1/projects/Input 'gcloud_project' does not have a value. Skipping test./zones/us-central1-c/instances/test"

Everything works if i directly declare the project name in the control loop, however obviously dont want to have to do this.

How can i get kitchen/inspec to use the terraform outputs?

TheOne745665
  • 417
  • 2
  • 6
  • 13

2 Answers2

0

Looks like this may just be due to a typo. You've listed gcp_project under attributes in your inspec.yml but gcloud_project everywhere else.

Yann Stoneman
  • 953
  • 11
  • 35
  • Hey, thanks for noticing that. I've now changed it, but still the same issue. terraform doesnt seem to be passing the variables to kitchen, I'm wondering if i am missing a step or something – TheOne745665 Oct 28 '20 at 10:43
  • Not sure, but I noticed that it looks like you don't need to output the project name from Terraform, because it looks like support was added in 2018 for accessing a Terraform input variable in the inspec.yml. See https://github.com/newcontext-oss/kitchen-terraform/issues/205 and https://www.rubydoc.info/gems/kitchen-terraform/Kitchen/Verifier/Terraform – Yann Stoneman Oct 28 '20 at 13:15
  • Managed to get a new error trying this - >>>>>> Verifying the 'default' system failed: Resolving the system attributes from outputs failed due to the absence of the 'gcloud_project' key from the Terraform outputs in the Kitchen instance state. This error indicates that the available Terraform outputs need to be updated with `kitchen converge` or that the wrong key was provided. does anyone know any examples of this actually working. I've put the output in output.tf in the root terraform and in the main.tf for the test/fixtures/tf_module aswell. not sure where else to put it – TheOne745665 Nov 02 '20 at 10:09
0

Not sure if this is fixed, but I am using something like below and it works pretty well. I assume that it could be the way you are using google_project attribute.

Unit Test

dataset_name   = input('dataset_name')
account_name = input('account_name')
project_id = input('project_id')

control "gcp" do
  title "Google Cloud configuration"

  describe google_service_account(
    name: account_name,
    project: project_id
  ) do
    it { should exist }
  end
  describe google_bigquery_dataset(
    name: dataset_name,
    project: project_id
  ) do
    it { should exist }
  end
end

inspec.yml

name: big_query
depends:
  - name: inspec-gcp
    git: https://github.com/inspec/inspec-gcp.git
    tag: v1.8.0
supports:
  - platform: gcp
inputs:
  - name: dataset_name
    required: true
    type: string
  - name: account_name
    required: true
    type: string
  - name : project_id
    required: true
    type: string
Dharman
  • 30,962
  • 25
  • 85
  • 135
Amit
  • 21
  • 4