It's a dirty secret that few test their CFEngine policies, and fewer still test them well. Now EFL has two bundles for testing that produce TAP output.
I've been using a talking about Serverspec lately. Let me tell you about the surprises I found.
I've added a new bundle to the 3.5 branch of EFL. This bundle efl_test_count allows you to count the classes matching a regular expression and test if that count matches your expected count. Consider the efl_service bundle, it promises that services are configured and running. My SSH parameters for this bundle include a template file for configuration. I promise that /etc/ssh/sshd_config is built from the sshd_config.tmp, a template.
After 2 productive days at Devopsdays Toronto I've been thinking more about how to test CFEngine policy. Not just prototype, but production tests too. The ideal situation is that a machine tests your would-be production policy and then deploys it fully if the test suite passes. This is completely automatic. How do we get there?