Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unexpected errors on re-run in test kitchen #11

Open
NickRycar opened this issue Apr 24, 2017 · 0 comments
Open

Unexpected errors on re-run in test kitchen #11

NickRycar opened this issue Apr 24, 2017 · 0 comments

Comments

@NickRycar
Copy link

That's a fun issue title! Let's elaborate some.

When running out of test kitchen in any version later than 1.1.1 (tested and confirmed failure pinned to 1.2.0), there is different behavior when re-running on an already created instance. The first run will always produce the expected result. Attempting to re-run verify on an instantiated instance (whether or not converge has been run again), it will error out when iterating over listening ports like so:

>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: 1 actions failed.
>>>>>>     Failed to complete #verify action: [comparison of NilClass with 3306 failed] on default-ubuntu-1404 >>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration

That all said, if you destroy the instance, and then re-run through verify, it will behave as expected and pass/fail based on currently set cihpers.

The cookbook this has been experienced with can be found here: https://github.com/chef-cft/bjc/tree/master/cookbooks/bjc-ecommerce

Kitchen defaults use a locally stashed version of the code that is confirmed working as expected, but outdated. To produce above error, the verifier should be pointed directly to github like so:

    verifier:
      inspec_tests:
        - name: ssl-baseline
          url: https://github.com/dev-sec/ssl-baseline/archive/master.zip

It's a demonstration cookbook with some baked-in SSL insecurities used to evaluate and remediate. Generally speaking, the workflow is: kitchen verify (expecting failures) -> uncomment appropriate lines in the ssl configuration template -> kitchen converge -> kitchen verify (generates above failure). Running kitchen test, or kitchen destroy + kitchen verify, will produce the expected results instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant