How do I test things in test kitchen that are only externally accessible?

Question

I have a recipe that uses the file resource to grant an active directory group access to a local folder.

I don't have access to AD from my Chef workstation where I am running test kitchen.

I want to be able to converge the kitchen vm (not just spec tests).

So I was planning to use environments

• Store the group name in an attribute which would be an env attribute
• The prod env has the AD group set in the attribute
• The test env has some local group in the attribute
• Specify the test env in .kitchen.yml

Is this an appropriate use of environments? Is there another Chef mechanism for this purpose?

Answer 1

For this kind of case what I would do is using the cookbook attributes for the default (testing) case.

Then as per attribute precedence documentation environment attributes will replace the cookbook attributes (at the same level) so in real world case you'll set the AD group in environment.

This allow a per environment group to be used.

Caution: any change to the environment will impact all nodes, you'll have to write a wrapper cookbook with an upper level (usually override) if you want to change it for only a subset of an environment's nodes.