Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Infrastructure Code Testing in CICD Pipelines

Chuck Meyer
January 23, 2019

Infrastructure Code Testing in CICD Pipelines

If this is ”infrastructure as code” why are we still testing by continually deploying and fixing failures?

In this talk we will explore ways to layer static analysis, integration, and perhaps even unit tests for infrastructure code into our CI/CD pipelines.

Chuck Meyer

January 23, 2019
Tweet

More Decks by Chuck Meyer

Other Decks in Technology

Transcript

  1. Agenda 1. Who I am 2. Infrastructure as code 3.

    Automating infrastructure 4. Layering in testing 5. Putting it all together 2 / 15
  2. Who I am Chuck Meyer [email protected] Sr Developer Advocate, AWS

    CloudFormation 5 years at AWS Infrastructure as Code and DevOps Security Automation / DevSecOps 20+ Years in Technology Recent Ohio boomerang @chuckm 3 / 15
  3. Infrastructure as Code Declarative or imperative statements describing hardware, software

    and services and their relationships. Resource: MyWebServer Class: Server Type: ExtraBig Ports: - 443 4 / 15
  4. Infrastructure as Code Declarative or imperative statements describing hardware, software

    and services and their relationships. Resource: MyWebServer Class: Server Type: ExtraBig Ports: - 443 (or maybe) server_names = [ 'Red', 'Blue', 'Green'] for name in server_names: launch_server(name, 'web') 4 / 15
  5. Infrastructure as Code Flavors Declarative Chef/Puppet/Ansible/Salt Terraform CloudFormation (AWS) Azure

    Resource Manager (ARM) Cloud Deployment Manager (GCP) Imperative Pulumi Cloud Development Kit (AWS) 5 / 15
  6. Infrastructure as Code Flavors Declarative Chef/Puppet/Ansible/Salt Terraform CloudFormation (AWS) Azure

    Resource Manager (ARM) Cloud Deployment Manager (GCP) Imperative Pulumi Cloud Development Kit (AWS) (we can probably fight about this) 5 / 15
  7. Automating Infrastructure Infrastructure is code, so deploy it like code

    Source control Orchestration Permissioning Deployment and Promotion 6 / 15
  8. Automating Infrastructure Infrastructure is code, so deploy it like code

    Source control Orchestration Permissioning Deployment and Promotion (So basically, CI/CD) 6 / 15
  9. Layering in Testing Infrastructure is code, so test it like

    code Validation/Linting Unit Tests Integration Tests 7 / 15
  10. Validation Is my code syntactically viable? Built in validators terraform

    validate aws cloudformation validate-template Linters FoodCritic (Chef) cfn­lint (CloudFormation) terraform­validator 8 / 15
  11. Unit Testing Validate the behavior of individual components But you

    can't mock infrastructure... Decompose into multiple files and test either statically or in a live account. ChefSpec (static) cfn_nag (static) Terratest (live) 11 / 15
  12. Integration Testing Validate the behavior of the complete infrastructure Deploy

    the full infrastructure and test it end­to­end. (Preferably in a controlled test account) TestKitchen (Chef) TaskCat (CloudFormation) Kitchen­Terraform 12 / 15
  13. What to test? Resource misconfiguration (Will it deploy?) Software defined

    network (Unexpected ingress or egress?) Permissions (Too many wildcards) Encryption Dependencies (Is everything else there?) Lifecycle (Are you going to delete my database?) 13 / 15