Custom credential for Kitchen Converge and Verify stage


#1

I'm looking for a flexible way to provide custom user used during Kitchen Converge and Verify. The reason for that matter is that there are some security hardening configurations in recipes which remove permissions to all non-root users while keeping root as-is. Is there a way to specify in kitchen.yml the user I'd like to use for the all recipes. Not all resources supporting user property like bash resource.


#2

Have you tried this https://github.com/test-kitchen/test-kitchen/issues/210 ?


#3

Hi @joris . Firstly, I'd like to know which kind of account that Kitchen test uses to run the Converge and Verify stage. Is that the account which is used for kitchen login . Secondly, is there a way which I could just only modify .kitchen.yml or workaround to use my custom user for the test.

Your recommendation would be greatly appreciated.


#4

Kitchen uses the same user, the one the transport uses, for all phases. There is no way to switch users between phases.


#5

It means if there is a recipe which restricts user permission, we are supposed to exclude kitchen user out of that restriction right?


#6

Yes or not test that particular thing as part of the cookbook integration test - typically this can take place later in the pipeline in staging environments with functional tests.