$30 off During Our Annual Pro Sale. View Details »

Testing with YAML

BABAROT
February 25, 2019

Testing with YAML

YAML のテストについて Policy as Code の考え方を取り入れて Sentinel のようにテストするツールを作った

BABAROT

February 25, 2019
Tweet

More Decks by BABAROT

Other Decks in Technology

Transcript

  1. YAMLΛςετ͢Δ @b4b4r07 (Feb 25, 2019) / mercari.go #6 %YAML 1.2

    --- YAML: YAML Ain't Markup Language What It Is: YAML is a human friendly data serialization standard for all programming languages. YAML Resources: YAML 1.2 (3rd Edition): http://yaml.org/spec/1.2/spec.html YAML 1.1 (2nd Edition): http://yaml.org/spec/1.1/ YAML 1.0 (1st Edition): http://yaml.org/spec/1.0/ YAML Issues Page: https://github.com/yaml/yaml/issues ...
  2. BABAROT / @b4b4r07 Mercari, Inc.
 SRE, Microservices Platform Blog /

    tellme.tokyo
  3. Kubernetes YAML ΍
 Terraform ͸ॻ͖·͔͢ʁ Question:

  4. Infrastructure as Code ͷਁಁ ˎҎԼʮIaCʯͱه͢

  5. IaC ͷਁಁ •Terraform ΍ Kubernetes ͷීٴͰঢ়ଶɾఆٛΛίʔυʹ͢Δ͜ͱ͕
 ଟ͘ͳͬͨ •ΠϯϑϥྖҬҎ֎ʹ͓͍ͯ΋ɺιϑτ΢ΣΞͷঢ়ଶ΍ͦͷઃఆΛ
 JSON ΍

    YAML ͱ͍ͬͨݴޠͰ࣋ͭ͜ͱ͕ଟ͘ͳͬͨ https://trends.google.co.jp/trends/explore?date=today%205-y&q=infrastructure%20as%20code
  6. • Πϯϑϥͷঢ়ଶΛઃఆϑΝΠϧͰॻ͘ • ιϑτ΢ΣΞ։ൃͷख๏ΛԠ༻Ͱ͖Δ • ϨϏϡʔ • ςετ • etc

    apiVersion: v1 kind: Pod metadata: name: nginx-pod spec: containers: - name: nginx-container image: nginx ports: - containerPort: 80 IaC ͱ͸ Kubernetes Pod ͷ YAML
  7. • Πϯϑϥͷঢ়ଶΛઃఆϑΝΠϧͰॻ͘ • ιϑτ΢ΣΞ։ൃͷख๏ΛԠ༻Ͱ͖Δ • ϨϏϡʔ • ςετ • etc

    apiVersion: v1 kind: Pod metadata: name: nginx-pod spec: containers: - name: nginx-container image: nginx ports: - containerPort: 80 Kubernetes Pod ͷ YAML IaC ͱ͸
  8. YAML Λςετ͢Δ

  9. None
  10. Policy as Code •HashiCorp ͕ఏএͨ͠ߟ͑ํ •ઃఆϑΝΠϧʹ͓͚Δ “͜͏͋Δ΂͖” ΛϙϦγʔͱͯ͠ه͢ •੍໿߲໨ (deploy

    region, etc) •ϨϏϡʔ߲໨ (like style guide) Why Policy as Code? - HashiCorp Blog Code Policy Infrastructure IaC Policy as Code
  11. Policy as Code Policy as Code - Sentinel by HashiCorp

    •HashiCorp Sentinel ʂ •HashiCorp ੡඼Ͱ࢖͏͜ͱ͕Ͱ͖Δ
 πʔϧ / ࿈ܞ͕Ͱ͖Δ •ྫ͑͹ Terraform ͷઃఆɺ •Ͳ͜ͷ Region ʹσϓϩΠ͢Δ͔ •Instance ͸࠷௿Կ୆֬อ͞ΕΔ͔ •ͳͲΛϙϦγʔͱͯ͠ίʔυԽͰ͖Δ •ͦΕΛνΣοΫͰ͖Δ
  12. Policy as Code Policy as Code - Sentinel by HashiCorp

    •HashiCorp Sentinel ʂ •HashiCorp ੡඼Ͱ࢖͏͜ͱ͕Ͱ͖Δ
 πʔϧ / ࿈ܞ͕Ͱ͖Δ •ྫ͑͹ Terraform ͷઃఆɺ •Ͳ͜ͷ Region ʹσϓϩΠ͢Δ͔ •Instance ͸࠷௿Կ୆֬อ͞ΕΔ͔ •ͳͲΛϙϦγʔͱͯ͠ίʔυԽͰ͖Δ •ͦΕΛνΣοΫͰ͖Δ Kubernetes YAML Ͱ΋΍Γ͍ͨ
  13. None
  14. Stein

  15. • ઃఆϑΝΠϧͷϙϦγʔΛίʔυԽͰ͖Δ • JSON, YAML, HCL • Policy as Code

    Λ࣮ફ͢Δ Linter • Terraform ͷΑ͏ʹ HCL Ͱϧʔϧ࡞੒Ͱ͖Δ • ๛෋ͳ Interpolations • υΩϡϝϯτ Stein Stein Documentations
  16. apiVersion: v1 kind: Pod metadata: name: nginx-pod namespace: x-echo-jp-dev spec:

    containers: - name: nginx-container image: nginx ports: - containerPort: 80
  17. apiVersion: v1 kind: Pod metadata: name: nginx-pod namespace: x-echo-jp-dev spec:

    containers: - name: nginx-container image: nginx ports: - containerPort: 80 লུͰ͖Δ ͚Ͳͤͨ͘͞ͳ͍ ྫ͑͹
  18. rule "namespace_specification" { description = "Check namespace name is not

    empty” conditions = [ "${jsonpath("metadata.namespace") != ""}", ] report { level = "ERROR" message = "Namespace is not specified" } }
  19. rule "namespace_specification" { description = "Check namespace name is not

    empty” conditions = [ "${jsonpath("metadata.namespace") != ""}", ] report { level = "ERROR" message = "Namespace is not specified" } } ϧʔϧͷఆٛ
  20. rule "namespace_specification" { description = "Check namespace name is not

    empty” conditions = [ "${jsonpath("metadata.namespace") != ""}", ] report { level = "ERROR" message = "Namespace is not specified" } } ϧʔϧ͕੒ޭ͢Δ͔ࣦഊ͢Δ͔ͷ৚݅
  21. rule "namespace_specification" { description = "Check namespace name is not

    empty” conditions = [ "${jsonpath("metadata.namespace") != ""}", ] report { level = "ERROR" message = "Namespace is not specified" } } ϧʔϧ͕ࣦഊͨ͠Β͜ͷϑΥʔϚοτʹैͬͯ Τϥʔ͕Ϩϙʔτ͞ΕΔ (ऴྃίʔυ1)
  22. $ stein apply x-echo-jp/development/Pod/test.yaml [ERROR] rule.namespace_specification Namespace is not specified

    ===================== 7 error(s), 2 warn(s) •Stein Λ࢖͏͜ͱͰɺSentinel ͷΑ͏ʹ Policy as Code Λ࣮ફͰ͖Δ •Sentinel ͸ HashiCorp ੡඼ʹɺStein ͸೚ҙͷઃఆϑΝΠϧʹ •੍໿߲໨ͷݕূ΍ϨϏϡʔ؍఺ͷࢦఠΛػցతʹͰ͖Δ •ʮ஫ҙਂ͘ݟͳ͚Ε͹͍͚ͳ͍ʯʮຖճࢦఠ͢ΔʯͳͲ͸
 ػցతʹνΣοΫͯ͠ϙϦγʔΛϧʔϧԽ͢Δ΂͖
  23. GoͰ࡞ͬͨܦҢ

  24. ϒϩάʹॻ͍ͨ •hashicorp/hcl2 Λ࢖ͬͯಠࣗ DSL Λఆٛ͢Δ | tellme.tokyo •Kubernetes ͳͲͷ YAML

    ΛಠࣗͷϧʔϧΛ΋ͱʹςετ͢Δ | tellme.tokyo
  25. Thank you