Skip to content
/ kitchen-terraform Public

A functional testing tool and framework for testing Terraform

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rearc/kitchen-terraform

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
examples
examples
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
Gemfile
Gemfile
 
 
README.md
README.md
 
 

Repository files navigation

Kitchen Terraform

This project is a tool for working with kitchen-terraform, which is a plugin for test kitchen. It provides a container for running kitchen and examples of various tests. By using this tool we can validate our IaC before we actually consume it, this is very valuable for building trust in our tools.

Resources

  • Test Kitchen: Integration test automation
  • Inspec: IaC integration test framework, uses a DSL similar to rspec
  • Kitchen Terraform: Plugin for Test Kitchen to able testing of Terraform, allows for the automated apply and destruction of terraform modules, it further supports passing the output of the terraform module to the test suite
  • AWS Inspec Resources: The list of resources and their attributes you can use to write tests
  • Inspec Profile: Defines at an inspec test suite, for example the "platform" that the tests apply to, or any depencies the tests may require
  • Test Kitchen Configuration File (kitchen.yml): The configuration file for automating Inspec tests, as well as execuating IaC

Examples

All the examples assume you have built the kitchen-terraform container image with a tag of test. You could replicate the setup on your workstation as well, but why?

All examples come with a script which allows you to run the example with minimal effort. Please read the script to see which envrionment variables you need to set.

The AWS Example assumes that you are using the Rearc Engineering Playground

  • AWS, builds a VPC. The VPC is pretty basic and uses the VPC module from the Terraform Registry. It will build a VPC in three Availability Zones and create three subnets. It's a rather simple setup and closely matches the simple VPC example from the registry module.

    This example does require two AWS users; one with the ability to make VPCs, Subnets, and NAT Gateways. And another with read only permissions to validate those resources. The run.sh script enables passing the credentials as environment variables.

    For passing the credentials of the user capable of creating network resources you'll need to the set TF_AWS_ACCESS_KEY_ID, TF_AWS_SECRET_ACCESS_KEY, and TF_AWS_SESSION_TOKEN environment variables.

    For passing the credentials of the read only user you'll need to set; INSPEC_AWS_ACCESS_KEY_ID, and INSPEC_AWS_SECRET_ACCESS_KEY.

  • Docker, build a docker image and instantiates it. The container is configured to serve an SSH server and allow for 'remote connections'. In order to build the container the kitchen-terraform container will need have the host's docker socket mounted inside it, this is known as docker on docker or docker in docker.

    The test will automate connecting to the instantiated container over SSH and checks to ensure that the host OS reports as being Ubuntu.

About

A functional testing tool and framework for testing Terraform

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages