Successful start of IaC – automated testing tools

The Business Value of Infrastructure as Code

As DevOps grows, it helps to know how it works. One of the big things in DevOps is “infrastructure as code” aka IaC. This means that you treat your infrastructure the exact same as you would treat your application code. So you’ll check it into version control, write tests for it, and make sure that it doesn’t diverge from what you have across multiple environments. Infrastructure deployments with IaC are repeatable and prevent runtime issues caused by configuration drift or missing dependencies. However, human error, particularly as long as manual processes are still around, cannot be removed. But it’s still possible to avoid critical issues upon deployment and prevent security leaks of sensitive data inside of IaC.

In DevoVision we always recommend to our customers prepare CI to build for IaC, regardless of technology stack usage in the project. The classic CI process looks like: build, test, publish artifacts. The same as in application development, IaC should have similar steps. IaC scan tooling can be easily integrated into the CI system and made recommendations before deploying code even to the development environment.

Terraform

Terraform validate command – it is a good practice to always run terraform validate against your terraform files before pushing them to your version control system. Also, this level of validation should be a part of CI pipeline.

Out of the box: integrate one of 3rd party open source scanning tools. The following tools provide static analysis for Terraform files:

Example of the integrated steps to Azure DevOps with Checkov scanning tool:

## Checkov Test Run
- bash: |
    docker run --rm -t -v $(System.DefaultWorkingDirectory):/terraform bridgecrew/checkov --directory /terraform --skip-check CKV_AZURE_35,CKV_AZURE_13 -o junitxml > $(System.DefaultWorkingDirectory)/junit.xml
    sed -i '$d' $(System.DefaultWorkingDirectory)/junit.xml
    sed -i '$d' $(System.DefaultWorkingDirectory)/junit.xml
    displayName: 'Checkov Static Code Analysis'
    continueOnError: true 

## Publish Test results in Azure DevOps 
- task: PublishTestResults@2
    displayName: 'Publish Checkov Test Results'
    condition: succeededOrFailed()
    inputs:
    testResultsFormat: 'JUnit'
    testResultsFiles: 'junit.xml'
    searchFolder: '$(System.DefaultWorkingDirectory)'
    mergeTestREsults: false 
    failTaskOnFailedTests: true 
    publishRunAttachments: true

Test results:

ARM

The ARM Template Tool Kit is a static code analyzer for ARM templates created by Microsoft. It’s an open-source PowerShell library that you can use to validate your templates against a series of test cases. These test cases are generic and designed to validate that your templates are following best practice.

## Run ARM TTK Test
- task: RunARMTTKTests@1
  displayName: "Run ARM Template Unit Tests"
  inputs:
    templatelocation: $(System.DefaultWorkingDirectory)\arm
    resultLocation: '$(System.DefaultWorkingDirectory)\results'
    skipTests: 'IDs Should Be Derived From ResourceIDs,Location Should Not Be Hardcoded,apiVersions Should Be Recent,Parameters Must Be Referenced,DeploymentTemplate Must Not Contain Hardcoded Uri,Outputs Must Not Contain Secrets,DependsOn Best Practices,ResourceIds should not contain'

## Publish Test results in Azure DevOps
- task: PublishTestResults@2
  displayName: "Publish Test Results"
  inputs:
    testResultsFormat: 'NUnit'
    testResultsFiles: '$(System.DefaultWorkingDirectory)\results\*-armttk.xml'
  condition: always()

Test results:

What benefit do you think Infrastructure as Code will bring to your Business?

Use the Contacts Form section and let us know your thoughts.

As more companies are looking to move to the cloud, there exists a great opportunity to adopt IaC. This approach allows for a consistent and clear look at what is being created, where, and most importantly, why. If you’re using IaC, then you’ll have an advantage in getting your infrastructure and applications out there.

Resources:

  1. https://docs.microsoft.com/en-us/azure/developer/terraform/best-practices-integration-testing
  2. https://github.com/sam-cogan/arm-ttk-extension

DevOps transformation

Just what is DevOps?

DevOps is a mindset, a culture, and a set of technical practices. It provides communication, integration, automation and close cooperation among all the people needed to plan, develop, test, deploy, release and maintain the solution.

DevOps brings business, development and operations stakeholders together to streamline IT delivery. DevOps focuses on engineering culture and automation practices for development and operations. DevOps is a combination of new ways of collaboration paired with advanced possibilities of automation reducing manual efforts and accelerating the software delivery process.  

Common product development challenges that drive the adoption of DevOps

  • Monolithic products – 9%
  • Inconsistent environments – 19%
  • Long release cycles – 19%
  • Poor code quality – 19%
  • Reduce production incidents – 10%
  • Inefficient development processes – 19%
  • Migrate from legacy tools – 5%

(re) Imagine what if you could…

DevOps Transformation

DevOps enables delivery agility, increased software quality and improve cross-team collaboration

Agile: build the right thing:

  • Prioritize on business value
  • Iterate to learn
  • Cross functional teams

DevOps: build the thing right:

  • Automate software delivery
  • Engineering excellence practices
  • Improve and automate operations
DevOps transformation

Both Agile and DevOps are as much about changing culture and changing organizational behavior as they are about new skills acquisition and technology & tools. For this reason, it’s the combination of tooling, training, coaching and transformation (with a heavy emphasis on organizational change management) that will be needed to break down the walls between the different pockets in the organization and to change the culture to a more cross-functional and highly collaborative way of working. This will enable an end-to-end value delivery ecosystem that involves the entire enterprise.

Culture change

Every business will become a software business, build applications, use advanced analytics and provide SaaS services.” – Satya Nadella, CEO of Microsoft. 

Action steps to be done

People:

  • Cross-train on technologies and applications to better leverage bandwidth;
  • Develop consistent improvement mindset for ruthless automation;
  • Move IT interactions closer to the business.

Processes:

  • Automate where applicable;
  • Lean process requirements;
  • Shift from first-in first-out to value based on work prioritization.

Tools

  • Integrate all work intake systems into a central work management tool;
  • Develop a pipeline automation framework to speed up routine tasks.

Want to get more? Reach out DevoVision team to start DevOps journey!