Exploring testing for Terraform. Using the dq-terraform-demo code as a starting point to test. Focusing on the acceptance criteria of the mock application and the AWS status check criteria.
Based on the findings below, we pursued the route of parsing Terrafom script ouputted by the plan command into Python. The repo for this tool can be found here: tf-testrunner.
Unit Testing Frameworks:
- Parse HCL script and use RSpec, with SimpleCov to check code coverage
- Parse JSON script (Terraform supports reading JSON) and then test
- Terraform Validate
Provider dependent unit testing tools are very scarce, but Terraform Validate is regularly updated.
Unit Testing using Terraform:
terraform plan -out <filename>.terraformterraform apply <filename>.terraform
The Terraform subcommand plan -out <filename>.terraform displays and saves to a separate file the changes that will occur on running terraform apply without executing those changes.
If you use the two separate commands, Terraform will first show you what changes it will make without executing those actual changes. The second command, will ensure that only the changes you saw on screen and saved to file are applied. If you would just use terraform apply, more changes could have been added, because the remote infrastructure can change or the files could have been edited.
Integration Testing Frameworks:
Negatives: slow feedback loops, potentially costly having to mirror entire infrastructure in a sandbox. Without a code coverage supporting framework currently available, will have to be fastidious!
Acceptance/compliance Testing Frameworks: