Testing Infrastructure as Code with Terraform?

Testing infrastructure as code (IaC) involves verifying the functionality and behavior of the code used to manage and provision infrastructure in a cloud environment. IaC allows organizations to automate the provisioning and management of their infrastructure, which can improve efficiency, reduce errors, and enable faster deployment of applications and services.

Testing IaC involves using a combination of manual and automated testing techniques to verify the correctness, reliability, and maintainability of the code. This can include -

  1. Syntax testing
  2. Configuration testing
  3. Provisioning testing
  4. Deployment testing
  5. Conclusion

1. Syntax testing of Terraform code using tflint

tflint is a command-line tool that can be used to check Terraform code for syntax errors, best practices violations, and other issues. To use tflint, you need to install the tool on your local machine or on a continuous integration (CI) server.

How to install tflint?

  1. For Linux use the following bash script for installation.
1# Install tflint on linux
2
3 curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
  1. For macOS use Homebrew
1# Install tflint on macOS
2
3 brew install tflint
  1. For Windows use Chocolatey
1# Install tflint on Windows  
2
3choco install tflint

How to test your terraform code using tflint?

Here is an example of how you might use the tflint command to check your Terraform configuration:

1
2# Initialze the tflint
3tflint init 
4
5# Run the tflint
6tflint

This would check your terraform project for issues using the default rules and configuration settings of tflint. If tflint finds any issues, it will print them to the terminal, along with information about the location and severity of the problem.

Here is an example screenshot of tflint which I ran on my project -

tflit init and tflint command to check terraform code syntax

tflint is a powerful tool for checking Terraform code for issues and ensuring that it follows best practices. By using tflint as part of your development workflow, you can improve the quality of your Terraform code and reduce the risks associated with deploying and managing infrastructure in the cloud.


2. Configuration testing of Terraform Code

Configuration testing of Terraform code involves verifying that the code is correctly configured to provision and manage the desired infrastructure. Here is an example of how you might perform configuration testing of a Terraform configuration file:

  1. Initial Code review - First, review the Terraform code to verify that it is well-structured and follows best practices. This can include checking the code for syntax errors, verifying the use of variables and outputs, and ensuring that the code is well-documented.

  2. terraform plan - Next, run the terraform plan command to generate a plan of the infrastructure that will be created by the Terraform code. This will show you the resources that will be created, modified, or destroyed, along with their configuration settings.

    Run Terraform plan

  3. Review Output - Review the output of the terraform plan command to verify that it matches your expectations. This can include checking the values of variables, the names of resources, and the connections between different components of the infrastructure.

    Review terraform plan Output

  4. Check Issues - If you find any issues with the configuration of the Terraform code, you can make changes to the code and repeat the terraform plan command to see the updated plan.

    Review terraform plan Output for errors

  5. terraform apply - Once you are satisfied with the configuration of the Terraform code, you can run the terraform apply command to apply the changes and provision the infrastructure.

    Run terraform apply
    Review terraform apply output

This process can help you ensure that the Terraform code is correctly configured to provision and manage the desired infrastructure. By performing configuration testing, you can identify and fix any issues with the code before it is applied, which can help prevent errors and improve the reliability of your infrastructure.


3. Provisioning testing - Save terraform plan output to a file

A dry run is a test that simulates the execution of Terraform code without actually making any changes to the infrastructure. Dry runs can be useful for verifying the behavior of the code and for testing the effects of different input values without risking changes to your infrastructure.

Here is an example of how you might perform a dry run using Terraform:

  1. First, run the terraform plan command with the -out option, which allows you to save the plan to a file. For example, you might use the following command to save the plan to a file named tf.out:
1# Command 1 - Save the terraform plan output into the file tf.plan(but the generated output file will not be readable)
2
3terraform plan -out tf.plan
4
5# Command 2 - Make the output readable 
6
7terraform show -no-color tf.plan > tfplan.txt 

Terraform plan output in generated files

Terraform plan output file content

  1. After the dry run is complete, you can review the output to see the effects of the plan. This can include checking the values of outputs, the state of resources, and the changes that would have been made to your infrastructure.

  2. If you are satisfied with the results of the dry run, you can run the terraform apply command with -auto-approve options to actually apply the changes to your infrastructure.


4. Deployment testing

Deployment testing of Terraform code involves testing the deployment of applications and services onto the infrastructure provisioned by the Terraform code. Here are the steps on how you might perform deployment testing of the resources which are provisioned by the Terraform:

  1. First, run the terraform apply command to provision the infrastructure using the Terraform code. This will create the necessary resources, such as virtual machines, networks, and storage, on which you can deploy your application.

  2. After the infrastructure has been provisioned, use the appropriate tools and techniques to deploy your application onto the infrastructure. This can include using tools such as ansible, chef, or puppet to automate the deployment process, or manually copying the application files to the appropriate locations on the infrastructure.

  3. Once the application has been deployed, test it to verify that it is functioning as expected. This can include running functional and performance tests on the application, checking its availability and accessibility, and verifying that it is responding to requests as expected.

  4. If you find any issues with the deployment of the application, you can make changes to the Terraform code and repeat the terraform apply and deployment steps to try again.

  5. Once you are satisfied with the deployment of the application, you can continue to use the Terraform code to manage and maintain the infrastructure, including scaling the infrastructure and applying updates and patches as needed.

Deployment testing is an important step in the process of using Terraform to manage and deploy applications and services. By performing deployment testing, you can verify that the application is deployed successfully and is functioning as expected on the infrastructure provisioned by the Terraform code. This can help ensure that your applications are reliable and available, and can help reduce the risks associated with deploying and managing infrastructure in the cloud.


5. Conclusion

Testing IaC is an important part of the development process, as it helps ensure that the code is fit for purpose and reduces the risks associated with deploying and managing infrastructure in the cloud. By implementing effective testing strategies, organizations can improve the quality of their IaC code and gain confidence in the stability and reliability of their infrastructure.

Posts in this Series