Reputation: 61
How do I access Chef data_bags in InSpec
I am writing InSpec tests for some new Chef recipes I am working on. I would like to utilise the data_bags used by the cookbooks to iterate through the data bag items. I can't figure out how to access them in my InSpec tests! The recipes are using the search, data_bag and data_bag_item methods. But these methods don't appear to be available in my InSpec test. I suspect these are Chef DSL specific methods? The source for the data_bags is under source control so I have access to the json for them on my local file system.
How do I access these data_bags in Chef_zero using InSpec syntax?
I found a couple of examples online but I don't see how the data_bags are actually loaded by chef_zero so that they can be used in the tests e.g. https://github.com/charlesjohnson/fundamentals-with-tests/blob/master/chef-repo/cookbooks/users/test/integration/default/serverspec/default_spec.rb and https://github.com/chef/chef/blob/master/kitchen-tests/test/integration/webapp/default_spec.rb
I am using a Windows server 2012R2 box on a Vagrant test-kitchen. This is an example of an data bag items from one of the data bags:
{
"User": "mcummins",
"FullName": "Martin Cummins",
"id": "mcummins"
}
This particular data bag lists Windows Active Directory users added to the administrators group.
I have set the data_bag_path in my .kitchen.yml (I set it in suites and provisioner) but I haven't got to a point where I can see which one is correct:
---
driver:
name: vagrant
customize:
natdnshostresolver1: "on"
provisioner:
name: chef_zero
data_bags_path: ../../../data_bags
# client_rb:
# audit_mode: :audit_only
verifier:
name: inspec
platforms:
- name: mwrock/Windows2012R2
transport:
name: winrm
suites:
- name: default
data_bags_path: ../../../data_bags
run_list:
- recipe[SPMWindowsBuilder::default]
verifier:
inspec_tests:
- test/integration
attributes:
Upvotes: 6
Views: 1752
Answers (2)
Reputation: 10122
there are many ways to execute inspec -- local, SSH, WinRM, or Dockerit -- and isn't clear from the question how do you execute inspec.
assuming that:
- you execute
inspeclocally on a node connected to the chef server (install inspec on the node itself and then invoke it) - the node holds the client configuration (assuming it is located in
/etc/chef/client.rb, client key and the encrypted data bag secret key the inspec embedded ruby has the
chefrubygem installed. here is a hint:$ /opt/inspec/embedded/bin/gem install chef
then you can use inspec to read the data bag content by using ruby.
require 'chef'
Chef::Config.from_file '/etc/chef/client.rb'
data_bag = Chef::DataBagItem.load 'data_bag_name'
item = data_bag['item']
Upvotes: 0
Reputation: 54249
This is not possible. InSpec runs totally separately from Chef and has nothing to do with Chef internally. You would have to write the bag items as files from the Chef side and then read them in via your InSpec code, which would be tricky, something like this perhaps (untested):
item = JSON.parse(command('cat /tmp/item.json').stdout)
Upvotes: 0
Related Questions
- Testing chef data bags
- how to create a data bag as part of chef script
- How to create chef data bags from ruby application
- Access a Chef data bag from an attributes file
- How to read an encrypted data bag in a chef recipe?
- Is it possible to set data bag values from inside a Chef recipe?
- Chef Data_bag usage via Ruby Recipe error?
- How to get value of encrypted data bag secret within Test Kitchen
- Access chef data bag in recipe
- Chef data bag creation from a recipe