kitchen-terraform 5.1.0 → 5.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a58ded2457dfe5e355c87402ae28ff582e35a6f340c479ddb4b3cd600f985f60
-  data.tar.gz: a0e69bff3d5a102c0f8d4ab3e0e5d3e0878f587b348c7d9518798219cf37b3d0
+  metadata.gz: 83839e8130c2a9767f6fd28f5fc7f382ccdc6af319b00e1d282b6bb1f8e089f2
+  data.tar.gz: 39d379b085ec51381c80cdf7cc243fdc56cba9f10844e04c012eea6f6d18cf94
 SHA512:
-  metadata.gz: 2d5d327821d0e725339e8e9d9bc8c14a72f836058014b30454df7f20e800ddb5cc93b1d941f93342168c41e7b40001cc8837c161141eadb5ffae4630883c72cf
-  data.tar.gz: 06c069a31faaec0a39103f1ecde8aa58400a69bba1b06173b8125a21ca402486873b781c7a907c663d1c8f0c5ea610ec0204d949284a13ebca618e37d16aa97f
+  metadata.gz: f800c55453edf301d0f9227d674922ad5f7df5c1b04e704f838ac88128cf02198ac7ade685e51b078b14f936ba057d25ec48d91737eaf3a8063ebd6e0c9311a7
+  data.tar.gz: 6403f2e106f88463cf2edc6a4d4dc2ee5aba68b3c7c62fd5e2b01797b654f041859548b79d9d2538c66bd2ccded02a9ec083a23b919c4882f1d842e4ff278d06

data/README.md

@@ -1,6 +1,6 @@
 # ![Kitchen-Terraform Logo][kitchen-terraform-logo] Kitchen-Terraform
 
-> Kitchen-Terraform enables verification of Terraform state.
+> Kitchen-Terraform enables verification of infrastructure systems provisioned with Terraform.
 
 [![Gem version][gem-version-shield]][kitchen-terraform-gem]
 [![Gem downloads version][gem-downloads-version-shield]][kitchen-terraform-gem]
@@ -15,10 +15,10 @@
 
 [![Gitter chat][gitter-shield]][gitter]
 
-Kitchen-Terraform provides a set of [Test Kitchen][test-kitchen] plugins
-which enable a system to use Test Kitchen to converge a
-[Terraform][terraform] configuration and verify the resulting Terraform
-state with [InSpec][inspec] controls.
+Kitchen-Terraform provides a set of [Kitchen][kitchen] plugins
+which enable the use of Kitchen to converge a [Terraform][terraform]
+configuration and verify the resulting infrastructure systems with
+[InSpec][inspec] controls.
 
 As Kitchen-Terraform integrates several distinctive technologies in a
 nontrivial manner, reviewing the documentation of each of the
@@ -36,7 +36,7 @@ Installation instructions can be found in the
 [Terraform: Install Terraform][terraform-install] article.
 
 Kitchen-Terraform supports versions of Terraform in the interval of
-`>= 0.11.4, < 0.13.0`.
+`>= 0.11.4, < 0.14.0`.
 
 [tfenv] can be used to manage versions of Terraform on the system.
 
@@ -50,7 +50,7 @@ Installation instructions can be found in the
 
 Kitchen-Terraform aims to support all versions of Ruby that are in
 ["normal" or "security" maintenance][ruby-branches], which is currently
-the interval of `>= 2.4, < 2.7`.
+the interval of `>= 2.4, < 2.8`.
 
 [rbenv] can be used to manage versions of Ruby on the system.
 
@@ -75,10 +75,7 @@ the semantic versioning of the Ruby gem.
 
 ```ruby
 source "https://rubygems.org/" do
-  gem(
-    "kitchen-terraform",
-    "~> 4.0"
-  )
+  gem "kitchen-terraform", "~> 5.5"
 end
 ```
 
@@ -105,7 +102,7 @@ example.
 > Installing Kitchen-Terraform with RubyGems
 
 ```sh
-gem install kitchen-terraform --version 4.0.0
+gem install kitchen-terraform --version 5.5.0
 ```
 
 This approach is not recommended as it requires more effort to install
@@ -115,13 +112,23 @@ conflicts.
 More information can be found in the
 [RubyGems: Installing Gems][rubygems-installing-gems] article.
 
+#### Extra Dependencies
+
+The RbNaCl gem may need to be [installed][rbnacl-installation] in order
+to use Ed25519-type SSH keys to connect to systems with the SSH backend.
+This gem implicitly depends on the system package libsodium, and its
+presence when libsodium is not installed causes unexpected errors when
+loading InSpec transport plugins like GCP, so it is not included by
+default to reduce the burden on users whom do not require support for
+Ed25519-type SSH keys.
+
 ## Usage
 
 ### Configuration
 
 Kitchen-Terraform provides three Test Kitchen plugins which must be
 configured in a
-[Test Kitchen configuration file][test-kitchen-configuration-file] in
+[Kitchen configuration file][kitchen-configuration-file] in
 order to successfully test Terraform configuration.
 
 The [Terraform driver][terraform-driver] manages the state of the
@@ -136,166 +143,27 @@ Terraform state.
 More information can be found in the
 [Ruby gem documentation][ruby-gem-documentation].
 
-### Example
-
-This example demonstrates how to test a simple Terraform configuration
-which utilizes the [Docker provider][docker-provider].
-
-The test system is assumed to be running Ubuntu 17.04.
-
-Terraform, Ruby, and Bundler are assumed to have been installed on the
-test system as described in the [Installation](#installation) section.
-
-The [Docker Community Edition][docker-community-edition] is assumed to
-have been installed on the test system.
-
-The working directory on the test system is assumed to contain a
-hierarchy of files comprising the following blocks.
-
-> Directory hierarchy
-
-```
-.
-├── .kitchen.yml
-├── Gemfile
-├── main.tf
-├── outputs.tf
-└── test
-    └── integration
-        └── example
-            ├── controls
-            │   ├── operating_system.rb
-            └── inspec.yml
-```
-
-> Gemfile
-
-```ruby
-source "https://rubygems.org/"
-
-gem 'kitchen-terraform'
-```
-
-> ./.kitchen.yml (Test Kitchen configuration)
-
-```yaml
-driver:
-  name: terraform
-
-provisioner:
-  name: terraform
-
-verifier:
-  name: terraform
-  systems:
-    - name: container
-      backend: ssh
-      hosts_output: container_hostname
-      password: root
-      port: 2222
-      user: root
-
-platforms:
-  - name: ubuntu
-
-suites:
-  - name: example
-```
-
-> ./main.tf
-
-```hcl
-provider "docker" {
-  host    = "unix://localhost/var/run/docker.sock"
-}
+### Caveats
 
-data "docker_registry_image" "ubuntu" {
-  name = "rastasheep/ubuntu-sshd:latest"
-}
+Versions of Terraform in the 0.11 series may cause `kitchen test` to
+fail if the initial destroy targets an empty Terraform state. A
+workaround for this problem is to use
+`kitchen verify && kitchen destroy` instead of `kitchen test`. More
+details about the problem are available in
+[issue #271](issue-271).
 
-resource "docker_image" "ubuntu" {
-  name          = "${data.docker_registry_image.ubuntu.name}"
-  pull_triggers = ["${data.docker_registry_image.ubuntu.sha256_digest}"]
-}
+### Tutorials and Examples
 
-resource "docker_container" "ubuntu" {
-  image    = "${docker_image.ubuntu.name}"
-  must_run = true
-  name     = "ubuntu_container"
-
-  ports {
-    external = 2222
-    internal = 22
-  }
-}
-```
-
-> ./outputs.tf
-
-```hcl
-output "container_hostname" {
-  description = "The hostname of the container."
-  value       = "127.0.0.1"
-}
-```
-
-> ./test/integration/example/inspec.yml
-
-```yaml
-name: example
-```
-
-> ./test/integration/example/controls/operating_system.rb
-
-```ruby
-# frozen_string_literal: true
-
-control "operating_system" do
-  describe "the operating system" do
-    subject do
-      command("cat /etc/os-release").stdout
-    end
-
-    it "is Ubuntu" do
-      is_expected.to match /Ubuntu/
-    end
-  end
-end
-```
-
-Running the following command would initialize the working directory for
-Terraform, create a Docker container by applying the configuration file,
-and verify that the container is running Ubuntu.
-
-> Verifying with Kitchen-Terraform
-
-```sh
-$ bundle install
-$ bundle exec kitchen test
------> Starting Kitchen...
-...
-$$$$$$ Running command `terraform init...`
-...
-$$$$$$ Running command `terraform apply...`
-...
-       docker_container.ubuntu: Creation complete after 1s...
-
-       Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
-...
-       Finished converging <example-ubuntu>...
-...
------> Verifying <example-ubuntu>...
-       Verifying host 'localhost' of system 'container'
-...
-  ✔  operating_system: the operating system is Ubuntu
-...
-Profile Summary: 1 successful control, 0 control failures, 0 controls skipped
-...
-```
-
-More information can be found on the
+Several tutorials are available on the
 [Kitchen-Terraform Tutorials][kitchen-terraform-tutorials] page.
 
+The integration tests for Kitchen-Terraform can also be viewed as
+examples of how it works. The
+[integration test Kitchen configuration file][int-kitchen-config]
+and the [integration test directory][test-directory] provide several
+functional examples which exercise various features of
+Kitchen-Terraform.
+
 ## Contributing
 
 Kitchen-Terraform thrives on community contributions.
@@ -313,7 +181,8 @@ Information about changes to Kitchen-Terraform can be found in the
 
 ## Maintainers
 
-Kitchen-Terraform is maintained by New Context.
+Kitchen-Terraform is maintained by [community contributors][contributors]
+and New Context.
 
 <img
   alt="New Context logo"
@@ -366,17 +235,22 @@ Kitchen-Terraform is distributed under the [Apache License][license].
 [code-coverage-shield]: https://img.shields.io/codeclimate/coverage/newcontext-oss/kitchen-terraform.svg
 [code-coverage]: https://codeclimate.com/github/newcontext-oss/kitchen-terraform/
 [contributing-document]: https://github.com/newcontext-oss/kitchen-terraform/blob/master/CONTRIBUTING.md
+[contributors]: https://github.com/newcontext-oss/kitchen-terraform/graphs/contributors
 [docker]: https://www.docker.com/
 [docker-community-edition]: https://store.docker.com/editions/community/docker-ce-server-ubuntu
 [docker-provider]: https://www.terraform.io/docs/providers/docker/index.html
 [gem-downloads-total-shield]: https://img.shields.io/gem/dt/kitchen-terraform.svg
 [gem-downloads-version-shield]: https://img.shields.io/gem/dtv/kitchen-terraform.svg
 [gem-version-shield]: https://img.shields.io/gem/v/kitchen-terraform.svg
-[hakiri-shield]: https://hakiri.io/github/newcontext-oss/kitchen-terraform/master.svg
-[hakiri]: https://hakiri.io/github/newcontext-oss/kitchen-terraform/
 [gitter-shield]: https://img.shields.io/gitter/room/kitchen-terraform/Lobby.svg
 [gitter]: https://gitter.im/kitchen-terraform/Lobby
+[hakiri-shield]: https://hakiri.io/github/newcontext-oss/kitchen-terraform/master.svg
+[hakiri]: https://hakiri.io/github/newcontext-oss/kitchen-terraform/
 [inspec]: https://www.inspec.io/
+[int-kitchen-config]: https://github.com/newcontext-oss/kitchen-terraform/blob/master/kitchen.yml
+[issue-271]: https://github.com/newcontext-oss/kitchen-terraform/issues/271
+[kitchen]: http://kitchen.ci/index.html
+[kitchen-configuration-file]: https://docs.chef.io/config_yml_kitchen.html
 [kitchen-terraform-gem]: https://rubygems.org/gems/kitchen-terraform
 [kitchen-terraform-logo]: https://raw.githubusercontent.com/newcontext-oss/kitchen-terraform/master/assets/logo.png
 [kitchen-terraform-tutorials]: https://newcontext-oss.github.io/kitchen-terraform/tutorials/
@@ -388,6 +262,7 @@ Kitchen-Terraform is distributed under the [Apache License][license].
 [new-context-twitter]: https://twitter.com/newcontext
 [new-context]: https://newcontext.com/
 [rbenv]: https://github.com/rbenv/rbenv
+[rbnacl-installation]: https://github.com/crypto-rb/rbnacl/tree/v4.0.2#installation
 [ruby-branches]: https://www.ruby-lang.org/en/downloads/branches/
 [ruby-gem-documentation]: http://www.rubydoc.info/github/newcontext-oss/kitchen-terraform/
 [ruby-gems-what-is]: http://guides.rubygems.org/ruby-gems-what-is/index.html
@@ -402,8 +277,8 @@ Kitchen-Terraform is distributed under the [Apache License][license].
 [terraform-provisioner]: http://www.rubydoc.info/github/newcontext-oss/kitchen-terraform/Kitchen/Provisioner/Terraform
 [terraform-verifier]: http://www.rubydoc.info/github/newcontext-oss/kitchen-terraform/Kitchen/Verifier/Terraform
 [terraform]: https://www.terraform.io/
-[test-kitchen-configuration-file]: https://docs.chef.io/config_yml_kitchen.html
-[test-kitchen]: http://kitchen.ci/index.html
+[test-directory]: https://github.com/newcontext-oss/kitchen-terraform/tree/master/test
 [tfenv]: https://github.com/kamatama41/tfenv
 [travis-build-status-shield]: https://img.shields.io/travis/com/newcontext-oss/kitchen-terraform.svg
 [travis-build-status]: https://travis-ci.com/newcontext-oss/kitchen-terraform
+

data/lib/kitchen/driver/terraform.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# Copyright 2016 New Context Services, Inc.
+# Copyright 2016-2019 New Context, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,14 +15,13 @@
 # limitations under the License.
 
 require "kitchen"
-require "kitchen/terraform/command/output"
-require "kitchen/terraform/command/version"
+require "kitchen/terraform/raise/action_failed"
 require "kitchen/terraform/config_attribute/backend_configurations"
 require "kitchen/terraform/config_attribute/client"
 require "kitchen/terraform/config_attribute/color"
 require "kitchen/terraform/config_attribute/command_timeout"
-require "kitchen/terraform/config_attribute/lock"
 require "kitchen/terraform/config_attribute/lock_timeout"
+require "kitchen/terraform/config_attribute/lock"
 require "kitchen/terraform/config_attribute/parallelism"
 require "kitchen/terraform/config_attribute/plugin_directory"
 require "kitchen/terraform/config_attribute/root_module_directory"
@@ -30,521 +29,204 @@ require "kitchen/terraform/config_attribute/variable_files"
 require "kitchen/terraform/config_attribute/variables"
 require "kitchen/terraform/config_attribute/verify_version"
 require "kitchen/terraform/configurable"
-require "kitchen/terraform/debug_logger"
-require "kitchen/terraform/shell_out"
-require "kitchen/terraform/verify_version"
+require "kitchen/terraform/driver/create"
+require "kitchen/terraform/driver/destroy"
+require "kitchen/terraform/version_verifier"
+require "rubygems"
 require "shellwords"
 
 # This namespace is defined by Kitchen.
 #
-# @see http://www.rubydoc.info/gems/test-kitchen/Kitchen/Driver
-module ::Kitchen::Driver
-end
-
-# The driver is the bridge between Test Kitchen and Terraform. It manages the
-# {https://www.terraform.io/docs/state/index.html state} of the Terraform root module by shelling out and running
-# Terraform commands.
-#
-# === Commands
-#
-# The following command-line commands are provided by the driver.
-#
-# ==== kitchen create
-#
-# A Test Kitchen instance is created through the following steps.
-#
-# ===== Initializing the Terraform Working Directory
-#
-#   terraform init \
-#     -input=false \
-#     -lock=<lock> \
-#     -lock-timeout=<lock_timeout>s \
-#     [-no-color] \
-#     -upgrade \
-#     -force-copy \
-#     -backend=true \
-#     [-backend-config=<backend_configurations.first> ...] \
-#     -get=true \
-#     -get-plugins=true \
-#     [-plugin-dir=<plugin_directory>] \
-#     -verify-plugins=true \
-#     <root_module_directory>
-#
-# ===== Creating a Test Terraform Workspace
-#
-#   terraform workspace <new|select> kitchen-terraform-<instance>
-#
-# ==== kitchen destroy
-#
-# A Test Kitchen instance is destroyed through the following steps.
-#
-# ===== Initializing the Terraform Working Directory
-#
-#   terraform init \
-#     -input=false \
-#     -lock=<lock> \
-#     -lock-timeout=<lock_timeout>s \
-#     [-no-color] \
-#     -force-copy \
-#     -backend=true \
-#     [-backend-config=<backend_configurations.first>...] \
-#     -get=true \
-#     -get-plugins=true \
-#     [-plugin-dir=<plugin_directory>] \
-#     -verify-plugins=true \
-#     <root_module_directory>
-#
-# ===== Selecting the Test Terraform Workspace
-#
-#   terraform workspace <select|new> kitchen-terraform-<instance>
-#
-# ===== Destroying the Terraform State
-#
-#   terraform destroy \
-#     -auto-approve \
-#     -lock=<lock> \
-#     -lock-timeout=<lock_timeout>s \
-#     -input=false \
-#     [-no-color] \
-#     -parallelism=<parallelism> \
-#     -refresh=true \
-#     [-var=<variables.first>...] \
-#     [-var-file=<variable_files.first>...] \
-#     <root_module_directory>
-#
-# ===== Selecting the Default Terraform Workspace
-#
-#   terraform workspace select default
-#
-# ===== Deleting the Test Terraform Workspace
-#
-#   terraform workspace delete kitchen-terraform-<instance>
-#
-# === Shelling Out
-#
-# {include:Kitchen::Terraform::ShellOut}
-#
-# === Configuration Attributes
-#
-# The configuration attributes of the driver control the behaviour of the Terraform commands that are run. Within the
-# {http://kitchen.ci/docs/getting-started/kitchen-yml Test Kitchen configuration file}, these attributes must be
-# declared in the +driver+ mapping along with the plugin name.
-#
-#   driver:
-#     name: terraform
-#     a_configuration_attribute: some value
-#
-# ==== backend_configurations
-#
-# {include:Kitchen::Terraform::ConfigAttribute::BackendConfigurations}
-#
-# ==== client
-#
-# {include:Kitchen::Terraform::ConfigAttribute::Client}
-#
-# ==== color
-#
-# {include:Kitchen::Terraform::ConfigAttribute::Color}
-#
-# ==== command_timeout
-#
-# {include:Kitchen::Terraform::ConfigAttribute::CommandTimeout}
-#
-# ==== lock
-#
-# {include:Kitchen::Terraform::ConfigAttribute::Lock}
-#
-# ==== lock_timeout
-#
-# {include:Kitchen::Terraform::ConfigAttribute::LockTimeout}
-#
-# ==== parallelism
-#
-# {include:Kitchen::Terraform::ConfigAttribute::Parallelism}
-#
-# ==== plugin_directory
-#
-# {include:Kitchen::Terraform::ConfigAttribute::PluginDirectory}
-#
-# ==== root_module_directory
-#
-# {include:Kitchen::Terraform::ConfigAttribute::RootModuleDirectory}
-#
-# ==== variable_files
-#
-# {include:Kitchen::Terraform::ConfigAttribute::VariableFiles}
-#
-# ==== variables
-#
-# {include:Kitchen::Terraform::ConfigAttribute::Variables}
-#
-# ==== verify_version
-#
-# {include:Kitchen::Terraform::ConfigAttribute::VerifyVersion}
-#
-# @example Describe the create command
-#   kitchen help create
-# @example Create a Test Kitchen instance
-#   kitchen create default-ubuntu
-# @example Describe the destroy command
-#   kitchen help destroy
-# @example Destroy a Test Kitchen instance
-#   kitchen destroy default-ubuntu
-# @version 2
-class ::Kitchen::Driver::Terraform < ::Kitchen::Driver::Base
-  kitchen_driver_api_version 2
-
-  no_parallel_for(
-    :create,
-    :converge,
-    :setup,
-    :destroy
-  )
-
-  include ::Kitchen::Terraform::ConfigAttribute::BackendConfigurations
-
-  include ::Kitchen::Terraform::ConfigAttribute::Client
-
-  include ::Kitchen::Terraform::ConfigAttribute::Color
-
-  include ::Kitchen::Terraform::ConfigAttribute::CommandTimeout
-
-  include ::Kitchen::Terraform::ConfigAttribute::Lock
-
-  include ::Kitchen::Terraform::ConfigAttribute::LockTimeout
-
-  include ::Kitchen::Terraform::ConfigAttribute::Parallelism
-
-  include ::Kitchen::Terraform::ConfigAttribute::PluginDirectory
-
-  include ::Kitchen::Terraform::ConfigAttribute::RootModuleDirectory
-
-  include ::Kitchen::Terraform::ConfigAttribute::VariableFiles
-
-  include ::Kitchen::Terraform::ConfigAttribute::Variables
-
-  include ::Kitchen::Terraform::ConfigAttribute::VerifyVersion
-
-  include ::Kitchen::Terraform::Configurable
-
-  # Applies changes to the state by selecting the test workspace, updating the dependency modules, validating the root
-  # module, and applying the state changes.
-  #
-  # @raise [::Kitchen::ActionFailed] if the result of the action is a failure.
-  # @return [void]
-  def apply(&block)
-    verify_version
-    run_workspace_select_instance
-    apply_run
-  rescue ::Kitchen::Terraform::Error => error
-    raise ::Kitchen::ActionFailed, error.message
-  end
-
-  # Creates a Test Kitchen instance by initializing the working directory and creating a test workspace.
-  #
-  # @param _state [::Hash] the mutable instance and driver state.
-  # @raise [::Kitchen::ActionFailed] if the result of the action is a failure.
-  # @return [void]
-  def create(_state)
-    verify_version
-    create_run_init
-    run_workspace_select_instance
-  rescue ::Kitchen::Terraform::Error => error
-    raise ::Kitchen::ActionFailed, error.message
-  end
-
-  # Destroys a Test Kitchen instance by initializing the working directory, selecting the test workspace,
-  # deleting the state, selecting the default workspace, and deleting the test workspace.
-  #
-  # @param _state [::Hash] the mutable instance and driver state.
-  # @raise [::Kitchen::ActionFailed] if the result of the action is a failure.
-  # @return [void]
-  def destroy(_state)
-    verify_version
-    destroy_run_init
-    run_workspace_select_instance
-    destroy_run_destroy
-    destroy_run_workspace_select_default
-    destroy_run_workspace_delete_instance
-  rescue ::Kitchen::Terraform::Error => error
-    raise ::Kitchen::ActionFailed, error.message
-  end
-
-  # Retrieves the Terraform input variables for a Kitchen instance provided by the configuration.
-  #
-  # @return [self]
-  # @yieldparam inputs [::Hash] the input variables.
-  def retrieve_inputs
-    yield inputs: config_variables
-
-    self
-  end
-
-  # Retrieves the Terraform state outputs for a Kitchen instance by selecting the test workspace and fetching the
-  # outputs.
+# @see http://www.rubydoc.info/gems/test-kitchen/Kitchen
+module Kitchen
+  # This namespace is defined by Kitchen.
   #
-  # @raise [::Kitchen::ActionFailed] if the result of the action is a failure.
-  # @return [self]
-  # @yieldparam outputs [::Hash] the state output.
-  def retrieve_outputs(&block)
-    run_workspace_select_instance
-    ::Kitchen::Terraform::Command::Output.run(
-      client: config_client,
-      options: { cwd: config_root_module_directory, live_stream: debug_logger, timeout: config_command_timeout },
-      &block
-    )
-
-    self
-  rescue ::Kitchen::Terraform::Error => error
-    raise ::Kitchen::ActionFailed, error.message
-  end
-
-  private
-
-  attr_accessor :debug_logger
-
-  def apply_run
-    apply_run_get
-    apply_run_validate
-    apply_run_apply
-  end
-
-  # @api private
-  def apply_run_apply
-    ::Kitchen::Terraform::ShellOut.run(
-      client: config_client,
-      command: "apply " \
-      "#{lock_flag} " \
-      "#{lock_timeout_flag} " \
-      "-input=false " \
-      "-auto-approve=true " \
-      "#{color_flag} " \
-      "#{parallelism_flag} " \
-      "-refresh=true " \
-      "#{variables_flags} " \
-      "#{variable_files_flags}",
-      options: {
-        cwd: config_root_module_directory,
-        live_stream: logger,
-        timeout: config_command_timeout,
-      },
-    )
-  end
-
-  # @api private
-  def apply_run_get
-    ::Kitchen::Terraform::ShellOut.run(
-      client: config_client,
-      command: "get -update",
-      options: {
-        cwd: config_root_module_directory,
-        live_stream: logger,
-        timeout: config_command_timeout,
-      },
-    )
-  end
-
-  # @api private
-  def apply_run_validate
-    ::Kitchen::Terraform::ShellOut.run(
-      client: config_client,
-      command: "validate " \
-      "#{color_flag} " \
-      "#{variables_flags} " \
-      "#{variable_files_flags}",
-      options: {
-        cwd: config_root_module_directory,
-        live_stream: logger,
-        timeout: config_command_timeout,
-      },
-    )
-  end
-
-  # @api private
-  def backend_configurations_flags
-    config_backend_configurations.map do |key, value|
-      "-backend-config=\"#{key}=#{value}\""
-    end.join " "
-  end
-
-  # api private
-  def color_flag
-    config_color and "" or "-no-color"
-  end
-
-  # @api private
-  def create_run_init
-    ::Kitchen::Terraform::ShellOut.run(
-      client: config_client,
-      command: "init " \
-      "-input=false " \
-      "#{lock_flag} " \
-      "#{lock_timeout_flag} " \
-      "#{color_flag} " \
-      "-upgrade " \
-      "-force-copy " \
-      "-backend=true " \
-      "#{backend_configurations_flags} " \
-      "-get=true " \
-      "-get-plugins=true " \
-      "#{plugin_directory_flag}" \
-      "-verify-plugins=true",
-      options: {
-        cwd: config_root_module_directory,
-        live_stream: logger,
-        timeout: config_command_timeout,
-      },
-    )
-  end
-
-  # @api private
-  def destroy_run_destroy
-    ::Kitchen::Terraform::ShellOut.run(
-      client: config_client,
-      command: "destroy " \
-      "-auto-approve " \
-      "#{lock_flag} " \
-      "#{lock_timeout_flag} " \
-      "-input=false " \
-      "#{color_flag} " \
-      "#{parallelism_flag} " \
-      "-refresh=true " \
-      "#{variables_flags} " \
-      "#{variable_files_flags}",
-      options: {
-        cwd: config_root_module_directory,
-        environment: { "TF_WARN_OUTPUT_ERRORS" => "true" },
-        live_stream: logger,
-        timeout: config_command_timeout,
-      },
-    )
-  end
-
-  # @api private
-  def destroy_run_init
-    ::Kitchen::Terraform::ShellOut.run(
-      client: config_client,
-      command: "init " \
-      "-input=false " \
-      "#{lock_flag} " \
-      "#{lock_timeout_flag} " \
-      "#{color_flag} " \
-      "-force-copy " \
-      "-backend=true " \
-      "#{backend_configurations_flags} " \
-      "-get=true " \
-      "-get-plugins=true " \
-      "#{plugin_directory_flag}" \
-      "-verify-plugins=true",
-      options: {
-        cwd: config_root_module_directory,
-        live_stream: logger,
-        timeout: config_command_timeout,
-      },
-    )
-  end
-
-  # @api private
-  def destroy_run_workspace_delete_instance
-    ::Kitchen::Terraform::ShellOut.run(
-      client: config_client,
-      command: "workspace delete #{workspace_name}",
-      options: {
-        cwd: config_root_module_directory,
-        live_stream: logger,
-        timeout: config_command_timeout,
-      },
-    )
-  end
-
-  # @api private
-  def destroy_run_workspace_select_default
-    ::Kitchen::Terraform::ShellOut.run(
-      client: config_client,
-      command: "workspace select default",
-      options: {
-        cwd: config_root_module_directory,
-        live_stream: logger,
-        timeout: config_command_timeout,
-      },
-    )
-  end
-
-  def initialize(config = {})
-    super
-    self.debug_logger = ::Kitchen::Terraform::DebugLogger.new logger
-  end
-
-  # @api private
-  def lock_flag
-    "-lock=#{config_lock}"
-  end
-
-  # @api private
-  def lock_timeout_flag
-    "-lock-timeout=#{config_lock_timeout}s"
-  end
-
-  # @api private
-  def parallelism_flag
-    "-parallelism=#{config_parallelism}"
-  end
-
-  # @api private
-  def plugin_directory_flag
-    if config_plugin_directory
-      "-plugin-dir=\"#{::Shellwords.shelljoin ::Shellwords.shellsplit config_plugin_directory}\" "
-    else
-      ""
-    end
-  end
-
-  # @api private
-  def run_workspace_select_instance
-    ::Kitchen::Terraform::ShellOut.run(
-      client: config_client,
-      command: "workspace select #{workspace_name}",
-      options: {
-        cwd: config_root_module_directory,
-        live_stream: logger,
-        timeout: config_command_timeout,
-      },
-    )
-  rescue ::Kitchen::Terraform::Error
-    ::Kitchen::Terraform::ShellOut.run(
-      client: config_client,
-      command: "workspace new #{workspace_name}",
-      options: {
-        cwd: config_root_module_directory,
-        live_stream: logger,
-        timeout: config_command_timeout,
-      },
-    )
-  end
-
-  # @api private
-  def variable_files_flags
-    config_variable_files.map do |path|
-      "-var-file=\"#{::Shellwords.shelljoin ::Shellwords.shellsplit path}\""
-    end.join " "
-  end
-
-  # @api private
-  def variables_flags
-    config_variables.map do |key, value|
-      "-var=\"#{key}=#{value}\""
-    end.join " "
-  end
-
-  def verify_version
-    if config_verify_version
-      ::Kitchen::Terraform::VerifyVersion.call
-    else
-      logger.warn "Verification of support for the available version of Terraform is disabled"
+  # @see http://www.rubydoc.info/gems/test-kitchen/Kitchen/Driver
+  module Driver
+
+    # The driver is the bridge between Test Kitchen and Terraform. It manages the
+    # {https://www.terraform.io/docs/state/index.html state} of the Terraform root module by shelling out and running
+    # Terraform commands.
+    #
+    # === Commands
+    #
+    # The following command-line commands are provided by the driver.
+    #
+    # ==== kitchen create
+    #
+    # {include:Kitchen::Terraform::Driver::Create}
+    #
+    # ==== kitchen destroy
+    #
+    # {include:Kitchen::Terraform::Driver::Destroy}
+    #
+    # === Configuration Attributes
+    #
+    # The configuration attributes of the driver control the behaviour of the Terraform commands that are run. Within the
+    # {http://kitchen.ci/docs/getting-started/kitchen-yml Test Kitchen configuration file}, these attributes must be
+    # declared in the +driver+ mapping along with the plugin name.
+    #
+    #   driver:
+    #     name: terraform
+    #     a_configuration_attribute: some value
+    #
+    # ==== backend_configurations
+    #
+    # {include:Kitchen::Terraform::ConfigAttribute::BackendConfigurations}
+    #
+    # ==== client
+    #
+    # {include:Kitchen::Terraform::ConfigAttribute::Client}
+    #
+    # ==== color
+    #
+    # {include:Kitchen::Terraform::ConfigAttribute::Color}
+    #
+    # ==== command_timeout
+    #
+    # {include:Kitchen::Terraform::ConfigAttribute::CommandTimeout}
+    #
+    # ==== lock
+    #
+    # {include:Kitchen::Terraform::ConfigAttribute::Lock}
+    #
+    # ==== lock_timeout
+    #
+    # {include:Kitchen::Terraform::ConfigAttribute::LockTimeout}
+    #
+    # ==== parallelism
+    #
+    # {include:Kitchen::Terraform::ConfigAttribute::Parallelism}
+    #
+    # ==== plugin_directory
+    #
+    # {include:Kitchen::Terraform::ConfigAttribute::PluginDirectory}
+    #
+    # ==== root_module_directory
+    #
+    # {include:Kitchen::Terraform::ConfigAttribute::RootModuleDirectory}
+    #
+    # ==== variable_files
+    #
+    # {include:Kitchen::Terraform::ConfigAttribute::VariableFiles}
+    #
+    # ==== variables
+    #
+    # {include:Kitchen::Terraform::ConfigAttribute::Variables}
+    #
+    # ==== verify_version
+    #
+    # {include:Kitchen::Terraform::ConfigAttribute::VerifyVersion}
+    #
+    # === Ruby Interface
+    #
+    # This class implements the interface of Kitchen::Configurable which requires the following Reek suppressions:
+    # :reek:MissingSafeMethod { exclude: [ finalize_config! ] }
+    #
+    # @example Describe the create command
+    #   kitchen help create
+    # @example Create a Test Kitchen instance
+    #   kitchen create default-ubuntu
+    # @example Describe the destroy command
+    #   kitchen help destroy
+    # @example Destroy a Test Kitchen instance
+    #   kitchen destroy default-ubuntu
+    # @version 2
+    class Terraform < ::Kitchen::Driver::Base
+      kitchen_driver_api_version 2
+
+      no_parallel_for(
+        :create,
+        :converge,
+        :setup,
+        :destroy
+      )
+
+      include ::Kitchen::Terraform::ConfigAttribute::BackendConfigurations
+
+      include ::Kitchen::Terraform::ConfigAttribute::Client
+
+      include ::Kitchen::Terraform::ConfigAttribute::Color
+
+      include ::Kitchen::Terraform::ConfigAttribute::CommandTimeout
+
+      include ::Kitchen::Terraform::ConfigAttribute::Lock
+
+      include ::Kitchen::Terraform::ConfigAttribute::LockTimeout
+
+      include ::Kitchen::Terraform::ConfigAttribute::Parallelism
+
+      include ::Kitchen::Terraform::ConfigAttribute::PluginDirectory
+
+      include ::Kitchen::Terraform::ConfigAttribute::RootModuleDirectory
+
+      include ::Kitchen::Terraform::ConfigAttribute::VariableFiles
+
+      include ::Kitchen::Terraform::ConfigAttribute::Variables
+
+      include ::Kitchen::Terraform::ConfigAttribute::VerifyVersion
+
+      include ::Kitchen::Terraform::Configurable
+
+      # Creates a Test Kitchen instance by initializing the working directory and creating a test workspace.
+      #
+      # @param _state [Hash] the mutable instance and driver state.
+      # @raise [Kitchen::ActionFailed] if the result of the action is a failure.
+      # @return [void]
+      def create(_state)
+        create_strategy.call
+      rescue => error
+        action_failed.call message: error.message
+      end
+
+      # Destroys a Test Kitchen instance by initializing the working directory, selecting the test workspace,
+      # deleting the state, selecting the default workspace, and deleting the test workspace.
+      #
+      # @param _state [Hash] the mutable instance and driver state.
+      # @raise [Kitchen::ActionFailed] if the result of the action is a failure.
+      # @return [void]
+      def destroy(_state)
+        destroy_strategy.call
+      rescue => error
+        action_failed.call message: error.message
+      end
+
+      # #finalize_config! invokes the super implementation and then initializes the strategies.
+      #
+      # @param instance [Kitchen::Instance] an associated instance.
+      # @raise [Kitchen::ClientError] if the instance is nil.
+      # @return [self]
+      # @see Kitchen::Configurable#finalize_config!
+      def finalize_config!(instance)
+        super instance
+        self.create_strategy = ::Kitchen::Terraform::Driver::Create.new(
+          config: config,
+          logger: logger,
+          version_requirement: version_requirement,
+          workspace_name: workspace_name,
+        )
+        self.destroy_strategy = ::Kitchen::Terraform::Driver::Destroy.new(
+          config: config,
+          logger: logger,
+          version_requirement: version_requirement,
+          workspace_name: workspace_name,
+        )
+
+        self
+      end
+
+      # #initialize prepares a new instance of the class.
+      #
+      # @param config [Hash] the driver configuration.
+      # @return [Kitchen::Driver::Terraform]
+      def initialize(config = {})
+        super config
+        self.action_failed = ::Kitchen::Terraform::Raise::ActionFailed.new logger: logger
+      end
+
+      private
+
+      attr_accessor :action_failed, :create_strategy, :destroy_strategy
     end
   end
-
-  def workspace_name
-    @workspace_name ||= "kitchen-terraform-#{::Shellwords.escape instance.name}"
-  end
 end