I have a few questions in regards to the testing approach for Chef cookbooks.
In my opinion, I think my ultimate goal of having a unit test for Chef cookbook is to test and validate the cookbook before syncing that to the Chef server via Azure DevOps (CI/CD) pipeline. Since I’m having some ChefSpec tests right now, would it be the best approach to integrate ChefSpec tests into the pipeline by adding a PowerShell step to run all the tests before publishing the cookbook in the pipeline?
- Should I consider something else like InSpec (since there is a dedicated step in the pipeline for InSpec)?
- But generally what is the biggest differences between ChefSpec and InSpec in term of unit testing for Chef cookbook?
At the moment, I’m running
‘’’chef exec rspec’’’
To run all the tests located under spec folder inside my cookbook
inspec is run toward a target machine to verify its state, see it as running after chef to check service are running, listening on proper ports, root access through ssh is disable etc.
If you go to run it in a CI pipeline, you'll probably use test-kitchen to spawn a test box, converging your cookbook and run inspec to verify it.
chef exec rspec is the proper way to run chefspec tests and this step should ensure your cookbook compile and works before being pushed to test machines, you don't want a ruby syntax error breaking all nodes from converging if you push something wrong.
So do you mean that if I want to use InSpec, I will need incorporate that with test-kitchen in the CI pipeline? and it also does detect the drift of the target server as you mentioned above because I thought there is a drift detection feature in Chef server that lets you do it?
Just wondering should it be alright if I ONLY run ChefSpec step in the pipeline via powershell command and not using InSpec and test-kitchen? Since I am still a bit confused about not really sure what are the use cases for using InSpec and test-kitchen.
I have recently investigated and written a Chef cookbook from scratch using Chef Solo mode, but will surely consider implement Chef server later.