History of Infrastructure as a Code testing 2020/4/24 Infra Study Meetup #1 

8IP
*
BN w ໦ଜ
༐ଠ
w 2VJQQFSελσΟαϓϦ&/(-*4)
43&
w (JUIVC
w IUUQTHJUIVCDPNZVUBDIBPT
w ޷͖ͳ΋ͷ
w (PMBOH $POUBJOFS .VTJD #PPLT ໙ྨ
w ࠷ۙVUFSOͱ͍͏πʔϧͷDPMMBCPSBUPSʹͳͬͨͷͰɺੋඇ࢖ͬ ͍ͯͩ͘͞ɻ 

"HFOEB w *OGSBTUSVDUVSF
BT
B
$PEFͷςετ
w ςετπʔϧΛ೥୅ॱʹฒ΂ͯߟ͑Δ
w ·ͱΊ 

Infrastructure as a Codeͷςετ ߴਫ४ςετ
.VMUJ
UJFS
TFSWJDFͷEFQMPZͱUFTU தਫ४ςετ
4FSWFS
3PMFͷCVJMEͱςετ ௿ਫ४ςετ
ఆٛϑΝΠϧͷ༗ޮੑͷςετ 

πʔϧΛ೥୅ॱʹฒ΂ͯߟ͑Δ • ೥͸Githubͷinitial commitͷ೔࣌Λऔಘͯ͠൑அɻ • πʔϧʹؔͯ͠͸ࣗ෼͕஌͍ͬͯͨ΋ͷɺௐ΂ͯΈ ͨ΋ͷΛൈਮɻ • ͜Μͳͷ΋͋ΔΑʂͬͯͷ͕͋ͬͨΒɺޙͰڭ͑ͯ ͍ͩ͘͞ >< 

2011೥ʹग़ͨπʔϧ • bats (shell) • https://github.com/sstephenson/bats • chefspec(Ruby) • https://github.com/chefspec/chefspec • rspec-puppets(Ruby) • https://github.com/rodjek/rspec-puppet 

2012೥ʹग़ͨπʔϧ • test-kitchen (Ruby) • https://github.com/test-kitchen/test-kitchen 

2011-12೥ͷಛ௃ • chefspec,rspec-puppetsͳͲͷߏ੒؅ཧͷઃఆ஋ͷΈͷ༗ޮ ੑtest͢Δπʔϧ͕ଟ͍ɻ(௿ਫ४ςετ) • chef͸2008೥ɺpuppet͸2005೥ • bats͸shellͷϑϨʔϜϫʔΫͰ൚༻ੑ͸ߴ͍͕ɺ௚઀ίϚϯ υΛଧͭͷͰந৅౓͸௿͍ • test-kitchen͸vagrantͳͲͰVMΛ্ཱͪ͛ͯςετग़དྷΔ͕ chefʹಛԽ͍ͯ͠Δɻ 

2013೥ʹग़ͨπʔϧ • Serverspec(Ruby) • https://github.com/mizzy/Serverspec 

2015೥ʹग़ͨπʔϧ ͦͷ̍ • testinfra(Python) • https://github.com/philpep/testinfra • awspec (Ruby) • https://github.com/k1LoW/awspec • Dockerspec(Ruby) • https://github.com/zuazo/dockerspec • goss(Golang) • https://github.com/aelsabbahy/goss 

2015೥ʹग़ͨπʔϧ ͦͷ2 • infrataster(Ruby) • https://github.com/ryotarai/infrataster • molecule(Python) • https://github.com/ansible-community/molecule • Open Policy Agent(Golang) • https://github.com/open-policy-agent/opa 

2013-15೥ͷಛ௃ • ServerspecͷϦϦʔε͕2013೥ɻ2015೥͋ͨΓʹServerspecͷӨڹΛड͚ɺ Provisioning testingͱݺ͹ΕΔதਫ४ςετ͕ग़དྷΔπʔϧ͕૿͑࢝ΊΔɻ • IaaS͕େ෼ҰൠԽ࢝͠Ίͯ͘Δͷ΋͜ͷࠒ • awspec,infratasterͳͲɺprovisioning͚ͩͰ͸ͳ͘ɺμΠφϛοΫΠϯϑϥετϥΫ νϟϓϥοτϑΥʔϜ ͳͲͰ࡞੒ͨ͠resourceͦͷ΋ͷΛtest͢Δπʔϧ͕Ͱ࢝ΊΔɻ • OPAͷininitial commit͕͜ͷ࣌ظͳͷ͸ҙ֎ͩͬͨɻ • kubernetes΋͜ͷ࣌ظʹग़͍ͯΔ(2014೥) • ECS΋͜ͷ࣌ظ(2015೥) 

2016೥ʹग़ͨπʔϧ • container-structure-test(Golang) • https://github.com/GoogleContainerTools/container- structure-test • InSpec(Ruby) • https://github.com/inspec/inspec • Terratest(Golang) • https://github.com/gruntwork-io/terratest 

2016೥ͷಛ௃ • ͜ͷࠒͰProvisioning testingͷର৅͕Server͔ΒContainer΁ͷྲྀΕ Λײ͡Δ(container-strucure-test) • GolangͷίʔυͰE2E test͕ग़དྷΔTerratest͕ग़͍ͯΔɻ • InSpec͕ChefͷOSSͰ࡞ΒΕ͍ͯΔɻServerspecͱಉ༷ʹ Provisioning testingʹ࢖͑Δ͕ɺCompliance as codeͱॻ͍ͯ͋Δ Α͏ʹSecurityʹΑΓಛԽ͍ͯ͠Δɻ • Infrastructure as Codeͷൃച͕June 2016 

2017೥ʹग़ͨπʔϧ • kubeval(Golang) • https://github.com/instrumenta/kubeval • AWS CDK(TypeScript) • https://github.com/aws/aws-cdk • sentinel • https://www.terraform.io/docs/cloud/sentinel/index.html • sonobuoy(Golang) • https://github.com/vmware-tanzu/sonobuoy 

2018೥ʹग़ͨπʔϧ • cue(Golang) • https://github.com/cuelang/cue 

2019೥ʹग़ͨπʔϧ • conftest(Golang) • https://github.com/instrumenta/conftest 

2017-19೥ͷಛ௃ • kubeval,sentinel,cue,conftestͳͲɺઃఆϑΝΠϧͷpolicy validationΛ͢Δπʔϧ͕໨ཱͭΑ͏ʹͳ͍ͬͯΔɻ • sonobuoyͷΑ͏ͳk8sͷclusterͷ؀ڥ࡞Δߴਫ४ςετ πʔϧ͕ग़͖ͯͨɻ • AWS CDKͷinitial͕2017೥ɻGA͕2019೥ • ςετπʔϧͰ͸ແ͍͚Ͳɺςετ΋಺แ͞Ε͍ͯΔͷ Ͱ঺հ͍ͯ͠·͢ɻ 

2020೥ʹग़ͨπʔϧ • ݟ͔ͭΒͳ͔ͬͨ 

·ͱΊ ͦͷ1 • ࠷ॳظͷIaCͷtestingπʔϧͰ͸௿ਫ४ςετͷπʔϧ͕ଟ ͔ͬͨ(chefspec,rspec-puppets) • Serverspecͷొ৔ҠߦɺIaaS͕ҰൠԽ͍ͯ͘͠ͳ͔Ͱαʔ όʔͷߏ੒Λςετ͢ΔProvisioning testingతͳ΋ͷ͕૿͑ ͍ͯͬͨɻ • awspec΍TerratestͳͲͷΑ͏ͳμΠφϛοΫΠϯϑϥετϥ ΫνϟʔΛςετ͢Δπʔϧ΋͋Δ͕ɺ͋·Γྲྀߦ͍ͬͯͳ ͍ɻ 

·ͱΊ ͦͷ2 • DockerΛ࢝Ίͱ͢ΔContainer͕ྲྀߦΓ࢝Ί͔ͯΒɺ Provisioning testingπʔϧ͸গ͠ԼՐؾຯʹ • Terraform,Kubernetes౳ͷΠϯϑϥετϥΫνϟఆٛ πʔϧ ͕ڧ͘ͳΓɺconftest΍cue౳ͷએݴతهड़Λ༻ ͍ΔઃఆϑΝΠϧͷvalidation͕ग़དྷΔπʔϧ͕ྲྀߦΓ ࢝Ί͍ͯΔɻ • ࣍ʹྲྀߦΔςετ͸ʁ 

͋Γ͕ͱ͏͍͟͝·ͨ͠ 

ࢀߟࢿྉ • Infrastructure as Code(2016೥) • Serverspecɿએݴతهड़Ͱαʔόͷઃఆঢ়ଶΛςετՄೳͳ ൚༻ੑͷߴ͍ςετϑϨʔϜϫʔΫ • mizzy͞Μ͋Γ͕ͱ͏͍͟͝·͢ʂ • ֤ʑͷπʔϧͷrepository