Molecule is the official testing framework for Ansible roles. IBM Cloud DevSecOps provides toolchains that align with the requirements of the Financial Services Industry.
Follow this link to deploy a secure application with DevSecOps best practices.
In this blog post, I am going to discuss how to set up molecule tests and execute them as part of both the Pull Request (PR) and Continuous Integration (CI) pipeline.
Provision a bare metal server using IBM Cloud. If you already have existing infrastructure, you can use that too, you’ll just need to ensure there’s access to this machine from IBM Cloud. You can set up a user with minimal privileges on this machine to run the tests. The credentials for this user will be used to drive the tests.
Since the toolchains come with an integrated Tekton pipeline to automate continuous build, test and deployment of applications, you can script a simple shell script to be executed from inside a container. The following script should serve as an example. The driver for molecule is set as vagrant and the provider is VirtualBox.
The secure parameters are read from the environment variables configured in the pipeline:
Because the script gets executed inside a container, all the transactions that transpire are ephemeral.
You can automate the entire molecule testing phases as follows:
You can also write an optional script to clean up the vagrant machines:
In this blog post, we went over the process of setting up a repeatable process to test the molecule tests that can validate the Ansible playbooks for a given role. The pipelines get executed anytime a pull request is opened against a specific branch and when the code is merged into the base branch.
Learn more about IBM Cloud DevSecOps.