Unit testing terraform modules?

[Jason Antman]

Greetings!

I've been using terraform for a couple of years now, but I'm just thinking about writing a public module for the Registry. One thing that's been a significant problem with reusable modules internally at my company is adequately testing them, and I can only imagine that would be much more difficult with public modules. The only way we can sufficiently test internal modules is if we're actually *using* every variable and condition, and run plans against every permutation, and review them. That's certainly not feasible for a more complicated module.

I've been looking through what I could find on Google, GitHub issues on the terraform repo, this list, etc. and I can't find any indication that a unit test framework or project exists for terraform modules (modules, not terraform itself or providers). I was wondering if this is really the case, and if so, whether someone is working on such a thing?

Right now, it seems that the few people who are doing automated testing (CI) of terraform modules are either actually creating the infrastructure and using something like kitchen-terraform/inspec/serverspec/etc., or are running plans and then evaluating them somehow (perhaps using tools to convert the plan file to another format). Neither of these seem suitable to me for real unit test CI of modules themselves; anything that does an actual apply is dangerous and perhaps cost-prohibitive. Even just running plans requires valid credentials for the providers involved, and is also likely to suffer repetition issues if data sources are used.

What I'm ideally looking for is something like rspec-puppet, chefspec, or Ansible's built-in unit tests. Essentially, just something that lets me test the content of my configuration after interpolations, conditionals, counts, and ideally with static data source information provided.

I was wondering if anyone's working on such a thing, and if not, if anyone knows how difficult it would be (given that this is presumably digging deep into the internals of Terraform, and would almost certainly need to be implemented in Go and terraform-version-specific)?

Thanks,

Jason Antman

[Brandon O'Connor]

Hey Jason,

kitchen-terraform is about as close as it gets right now. I maintain the ALB module which is covered by tests and runs them through Travis CI, if you're looking for an example. AWSpec has been my rspec flavor of choice but inspec has also been gathering AWS resources as of recent releases.

AFAIK, there's no chefspec-like equivalent in this space just yet. I know there are libraries for running faux/mock AWS services local to your machine... perhaps there's a way to point terraform to use that instead of the real endpoints and run test against those local services... Ready to shave a yak? Testing on real public cloud infra doesn't have to be dangerous or even costly - test fixtures are live for a matter of minutes and can be completely isolated from production or other environments. It's good enough for now but I do wish for the same project you're asking about.

- Brandon O'Connor