bring aka What’s in it for me? • Can TDD be really used for Infrastructure as Code practice? • Can I re-use existing skills or learn a ton of new stuff? • Who’s this guy speaking? Questions
for a project. • Current technology stack and tooling: • Goal: improve infra code quality using TDD practice and introduce new tools • Preferences: ◦ cross-platform ◦ free or freemium Scenario
test cases before software is fully developed and tracking all software development by repeatedly testing the software against all test cases. This is as opposed to software being developed first and test cases created later. Test-driven development (TDD) Add a test Run all tests (should fail) Write the simplest code to pass tests All tests should pass Refactor code as needed Re-run tests
be compliant with target environment’s policies follow cloud provider’s best practices like WAF provision required resources (functional requirements) We want our infra code to …
rules Custom rules Bicep linter No Yes No Bicep testing framework Yes No Yes Pester Yes No Yes PSRule for Azure No Yes Yes ARM-TTK No Yes No KICS, Snyk No Yes No PSRule for Azure + EPAC Generate rule collection from existing Azure Policies BenchPress Yes No Yes
security misconfiguration and best practices ◦ Microsoft Security DevOps (Preview) ▪ CLI and GitHub action ▪ support for SARIF, integration with GHAS ▪ uses Template Analyzer in the background Honorable mentions
What’s in it for me? Can TDD be really used for Infrastructure as Code practice? Can I re-use existing skills or learn a ton of new stuff? Who’s this guy speaking? Questions