Introduction
Thank you for clicking through to my article. I've been a DevOps Engineer for 2 years in dev-team of 7 engineers.
My name is MINSEOK, LEE, but I use Unchaptered as an alias on the interenet. So, you can call me anythings "MINSEOK, LEE" or "Unchaptered" to ask something.
Topics
This article has these topics
The reason why we're trying to test terraform.
How can we test terraform.
Other useful alternatives
Conlusion
Why we're trying to test terraform?
In Terraform Journey In Startup and Production-level Guide to Terraform, I mentioned terraform module block.
In terraform, module block means some kind of blueprint.
In most programming languages, a blueprint is implemented as a interface or classes.
You can also think of a blueprint as a "group" of data, activities. that are used repeatedly and relaibly.
As shown above, a module block can be thought of a blueprint that specifies a sequence of actions, data lookup, infra resource provisioning.
These system based on modules can cause the error as a side effect between modules.
Here are examples A and B to help you understand.
In example A, if you modify Module A, you would test Module A and C. But, in example C, if you modify Module A, you would test Module A, B and C.
If module system become more complex, side effect should be more powerful. For this reason, production level needs test code.
How can we test terraform.
Gooling to find best practices and references. And I found How to Test Terraform Code – Strategies & Tools, written by Jack Roper in May, 2023
Inside terraform, they also provide a number of test syntax or features. However, test syntax will be strongly coupled to the business logic. This disadvantages reduce productivity or flexibility.
Therefore, I wanted to write the test code separately from the business logic(.tf files). As that perspective, gruntwork-io/terratest is more powerful tools to test terraform.
This tool was attractive because it could test terraform, docker, kubernetes.
Other useful alternatives
The "test" I mentioned above section are more like functional tests.
However in many cases, you may need to do things like code style checks, security compliance audits, and more.
TFLint : This is a popular open-source tool that checks for syntax errors, best practices, and code style consistency. Once installed, simply run it using the command:
Checkov : This is an open-source static analysis tool for Terraform that checks for security and compliance issues in your Terraform code. Install it using the python package manager pip and run it using the command below:
Terrascan : This open-source tool performs static code analysis to identify security vulnerabilities and compliance violations in Terraform code. Example output is shown below for a publically accessible storage account
driftctl : You can also make use of driftctl which is a free open-source tool that can report on infrastructure drift.
Conclusion
I beleive that functional testing is the most important. So I test terraform using terratest. With terratest, unit/integration/e2e tests are all possible.
The only problem is that terratest's default language is golang.
I started the learning-for-golang project to quickly learn golang for writing test code. And then, I used terraform to the example project in Production-level Guide to Terraform article mentioned above.
I've been using terratest for about 3 weeks now, and I find it very useful.
At the same time, I feel it's a very experimental library - there are errors in some of the key methods.
It doesn't pass bad terraform code through, but it fails good terraform codes.
I found the offending methods and created a GitHub Issue, [Terratest] terraform.InitAndValidate and ~.InitAndValidateE method occure Error.
Sooner or later, I'll need to release the issues to the official repository or fix it myself.
