Backstage Pass to ChefConf Online Chef InSpec Week

Hopefully you know that Chef InSpec is not only an excellent solution for your infrastructure security and compliance needs, but you can also use it to test your infrastructure as code. If you’re looking for some learned advice from experienced InSpec practitioners, we have some great sessions for you!

Register for ChefConf Online at chefconf.io, and sign up to see the sessions getting made at chefconf.io/session-recordings. We’ll be prepping sessions throughout May for inclusion in the ChefConf Online platform for June 2, so join in and get a special preview!

Tuesday May 12, 8am PDT / 11am EDT

Join Arthur Maltson from Capital One for Test Driven Infrastructure:

Test Driven Development is a popular concept in Software Development, leading to higher quality code that’s easier to maintain. Automated testing is normally a foreign concept in the Operations/DevOps world, but as you ssh into your servers to make that quick fix or run your updated script (fingers crossed), you might be wondering if there’s a better way. A way that gives you the confidence in your script and lets you test those scripts in isolation. There is a better way! Test Driven Infrastructure (TDI) is now possible. I know, it sounds crazy.

At this session you’ll learn the how, and more importantly the why, of TDI. You’ll see how Chef can be tested with Test Kitchen and Chef InSpec. You’ll also learn how to improve your feedback cycle with Docker, and using the Docker approach on a CI server. There’s even a live demo!

Finally, the Ops world collides with the Dev world in true DevOps testing bliss.

Wednesday May 13, 12pm PDT / 3pm EDT

Do you want to see the compliance? Kyle Harper from Cerner presents Show Me the Compliance:

Are you challenged to demonstrate security compliance with strict security controls? Are your systems unexpectedly failing security audits due to your inability to routinely assess your posture? By auditing compliance through agile software delivery, one can reduce the toil of demonstrating an aggressive security posture at scale. InSpec, a compliance as code tool, enables organizations to quickly and frequently produce compliance artifacts while providing a framework for iterative continuous improvement.  

In this talk, we will share our journey and challenges encountered leveraging compliance as code to validate system compliance in a federal space. We will share first-hand experience and lessons learned with successfully meeting these challenges. Whether you are a software developer, security professional, or in operations, all can benefit from these concepts.

  • Interpret Security Technical Implementation Guides (STIGs) into well-defined InSpec.
  • Collaborate on InSpec controls to unite and articulate your organization’s desired security posture.
  • Learn methods to inject more contextual information into your InSpec results.
  • Prepare auditors for this new philosophical approach.
  • Create orchestration pipelines to execute InSpec at mass scale.
  • Learn techniques for converting InSpec results into auditor required specific formats.

Learn from the shared experiences of an engineering manager responsible for the creation of Inspec profiles leveraged to audit systems with stringent federal security requirements.

Thursday May 14, 10:30am PDT / 1:30pm EDT

Lance Albertson from OSU’s Open Source Lab presents Multi-Node Testing with Kitchen, Terraform, and Chef InSpec:

Multi-node testing with Kitchen has long been a requested feature, however it’s outside of the scope of Kitchen. Multi-node testing is useful for testing complex services such as replicated database servers, Ceph clusters and OpenStack to name a few. At the OSUOSL, we developed a method for doing this using a combination of Kitchen, Terraform, InSpec and OpenStack (however any public cloud supported by Terraform will also work).

Some examples of how this is useful:

  • Test to ensure your replicated database servers can fail over properly
  • Test an upgrade between versions of Ceph or Openstack where doing this in an “All-in-One” might have differences with multiple nodes interacting
  • Ensure all components can communicate properly with firewalls

This session will cover the following topics:

  • Why this is important and the problem we’re trying to solve
  • Discuss what tools we used
  • How you can replicate this for your environment
  • Recorded demo using a real-world example. 

Thursday May 14, 2pm PDT / 5pm EDT

Awesome Community Chef Annie Hedgpeth joins us for Moving Security and Sanity Left by Testing Terraform with Chef InSpec:

For those that have longed for a simpler test-driven approach to Terraform development, come and see how I’ve made my team’s lives easier by using Test Kitchen for Terraform and how I can validate my deployments with InSpec. This will be a beginner’s guide, but all skillsets are welcome to contribute to the conversation!

We’ll discuss the different use cases for Terraform testing, such as:

  • Test Driven Development (TDD)
  • Integration Testing and CI/CD
  • Compliance, shifting security left
  • Production provisioning validation

As we know, good testing doesn’t just solve CI/CD problems; it solves culture problems. I will seek to convince you of why you need to invest in a good Terraform testing strategy early and how you might have bought into a myth that makes you think you have velocity when you don’t (are you running in wet cement). 

And if you’re late to the game and have existing infrastructure with no tests, that’s okay, too. Let’s talk about how you can reduce stress by adding in some testing now. It’s not too late.

It takes an IT village to do DevOps, so let’s talk about moving security and sanity left with InSpec and Terraform. So many use cases, and so little time. You’ll leave this talk ready to implement at least one of them.

Register for ChefConf Online!

Don’t worry if you can’t make one of these sessions, all the recordings will be available for free on our video on demand platform after our keynotes on June 2! Don’t miss out on ChefConf Online this year! Register to participate in the pre-recordings at chefconf.io/session-recordings and for the full event, including the live stream on June 2, fun events, chat, and Q&A at chefconf.io. We miss you and want to see you there!

Posted in:

Mandi Walls

Mandi is Technical Community Manager for Chef. She can be found online @LNXCHK.