@opengeni/runtime 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/chunk-2PO56VAL.js +3478 -0
- package/dist/chunk-2PO56VAL.js.map +1 -0
- package/dist/index.d.ts +912 -0
- package/dist/index.js +3663 -0
- package/dist/index.js.map +1 -0
- package/dist/sandbox/index.d.ts +1738 -0
- package/dist/sandbox/index.js +187 -0
- package/dist/sandbox/index.js.map +1 -0
- package/package.json +49 -0
- package/src/bundled_hashicorp_terraform_skills/LICENSE +373 -0
- package/src/bundled_hashicorp_terraform_skills/README.md +18 -0
- package/src/bundled_hashicorp_terraform_skills/UPSTREAM_GIT_SHA +1 -0
- package/src/bundled_hashicorp_terraform_skills/azure-verified-modules/SKILL.md +613 -0
- package/src/bundled_hashicorp_terraform_skills/checkov/SKILL.md +43 -0
- package/src/bundled_hashicorp_terraform_skills/refactor-module/SKILL.md +538 -0
- package/src/bundled_hashicorp_terraform_skills/social-media-marketing/SKILL.md +35 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-search-import/SKILL.md +372 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-search-import/references/MANUAL-IMPORT.md +113 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-search-import/scripts/list_resources.sh +38 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/SKILL.md +480 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/api-monitoring.md +543 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/component-blocks.md +476 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/deployment-blocks.md +391 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/examples.md +1529 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/linked-stacks.md +187 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-stacks/references/troubleshooting.md +671 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-style-guide/SKILL.md +353 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-test/SKILL.md +451 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-test/references/CI_CD.md +80 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-test/references/EXAMPLES.md +314 -0
- package/src/bundled_hashicorp_terraform_skills/terraform-test/references/MOCK_PROVIDERS.md +171 -0
- package/src/codex-tool-search.ts +267 -0
- package/src/context-compaction.ts +538 -0
- package/src/history-sanitizer.ts +719 -0
- package/src/index.ts +3299 -0
- package/src/sandbox/capabilities.ts +69 -0
- package/src/sandbox/channel-a.ts +1031 -0
- package/src/sandbox/display-stack.ts +231 -0
- package/src/sandbox/errors.ts +34 -0
- package/src/sandbox/index.ts +832 -0
- package/src/sandbox/providers/blaxel.ts +35 -0
- package/src/sandbox/providers/cloudflare.ts +24 -0
- package/src/sandbox/providers/daytona.ts +34 -0
- package/src/sandbox/providers/docker.ts +17 -0
- package/src/sandbox/providers/e2b.ts +36 -0
- package/src/sandbox/providers/index.ts +107 -0
- package/src/sandbox/providers/local.ts +13 -0
- package/src/sandbox/providers/modal.ts +55 -0
- package/src/sandbox/providers/none.ts +13 -0
- package/src/sandbox/providers/runloop.ts +32 -0
- package/src/sandbox/providers/selfhosted.ts +96 -0
- package/src/sandbox/providers/types.ts +38 -0
- package/src/sandbox/providers/vercel.ts +29 -0
- package/src/sandbox/recording.ts +286 -0
- package/src/sandbox/routing/backend-resolver.ts +189 -0
- package/src/sandbox/routing/routing-session.ts +455 -0
- package/src/sandbox/select.ts +371 -0
- package/src/sandbox/selfhosted/capabilities.ts +255 -0
- package/src/sandbox/selfhosted/control-rpc.ts +351 -0
- package/src/sandbox/selfhosted/session.ts +930 -0
- package/src/sandbox/selfhosted/testing.ts +230 -0
- package/src/sandbox/stream-port.ts +185 -0
- package/src/sandbox/stream-token.ts +90 -0
- package/src/sandbox/terminal-server.ts +203 -0
- package/src/sandbox-computer.ts +835 -0
|
@@ -0,0 +1,451 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: terraform-test
|
|
3
|
+
description: Comprehensive guide for writing and running Terraform tests. Use when creating test files (.tftest.hcl), writing test scenarios with run blocks, validating infrastructure behavior with assertions, mocking providers and data sources, testing module outputs and resource configurations, or troubleshooting Terraform test syntax and execution.
|
|
4
|
+
metadata:
|
|
5
|
+
copyright: Copyright IBM Corp. 2026
|
|
6
|
+
version: "0.0.2"
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Terraform Test
|
|
10
|
+
|
|
11
|
+
Terraform's built-in testing framework validates that configuration updates don't introduce breaking changes. Tests run against temporary resources, protecting existing infrastructure and state files.
|
|
12
|
+
|
|
13
|
+
## Reference Files
|
|
14
|
+
|
|
15
|
+
- `references/MOCK_PROVIDERS.md` — Mock provider syntax, common defaults, when to use mocks (Terraform 1.7.0+ only — skip if the user's version is below 1.7)
|
|
16
|
+
- `references/CI_CD.md` — GitHub Actions and GitLab CI pipeline examples
|
|
17
|
+
- `references/EXAMPLES.md` — Complete example test suite (unit, integration, and mock tests for a VPC module)
|
|
18
|
+
|
|
19
|
+
Read the relevant reference file when the user asks about mocking, CI/CD integration, or wants a full example.
|
|
20
|
+
|
|
21
|
+
## Core Concepts
|
|
22
|
+
|
|
23
|
+
- **Test file** (`.tftest.hcl` / `.tftest.json`): Contains `run` blocks that validate your configuration
|
|
24
|
+
- **Run block**: A single test scenario with optional variables, providers, and assertions
|
|
25
|
+
- **Assert block**: Conditions that must be true for the test to pass
|
|
26
|
+
- **Mock provider**: Simulates provider behavior without real infrastructure (Terraform 1.7.0+)
|
|
27
|
+
- **Test modes**: `apply` (default, creates real resources) or `plan` (validates logic only)
|
|
28
|
+
|
|
29
|
+
## File Structure
|
|
30
|
+
|
|
31
|
+
```
|
|
32
|
+
my-module/
|
|
33
|
+
├── main.tf
|
|
34
|
+
├── variables.tf
|
|
35
|
+
├── outputs.tf
|
|
36
|
+
└── tests/
|
|
37
|
+
├── defaults_unit_test.tftest.hcl # plan mode — fast, no resources
|
|
38
|
+
├── validation_unit_test.tftest.hcl # plan mode
|
|
39
|
+
└── full_stack_integration_test.tftest.hcl # apply mode — creates real resources
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
Use `*_unit_test.tftest.hcl` for plan-mode tests and `*_integration_test.tftest.hcl` for apply-mode tests so they can be filtered separately in CI.
|
|
43
|
+
|
|
44
|
+
## Test File Structure
|
|
45
|
+
|
|
46
|
+
```hcl
|
|
47
|
+
# Optional: test-wide settings
|
|
48
|
+
test {
|
|
49
|
+
parallel = true # Enable parallel execution for all run blocks (default: false)
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
# Optional: file-level variables (highest precedence, override all other sources)
|
|
53
|
+
variables {
|
|
54
|
+
aws_region = "us-west-2"
|
|
55
|
+
instance_type = "t2.micro"
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
# Optional: provider configuration
|
|
59
|
+
provider "aws" {
|
|
60
|
+
region = var.aws_region
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
# Required: at least one run block
|
|
64
|
+
run "test_default_configuration" {
|
|
65
|
+
command = plan
|
|
66
|
+
|
|
67
|
+
assert {
|
|
68
|
+
condition = aws_instance.example.instance_type == "t2.micro"
|
|
69
|
+
error_message = "Instance type should be t2.micro by default"
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
```
|
|
73
|
+
|
|
74
|
+
## Run Block
|
|
75
|
+
|
|
76
|
+
```hcl
|
|
77
|
+
run "test_name" {
|
|
78
|
+
command = plan # or apply (default)
|
|
79
|
+
parallel = true # optional, since v1.9.0
|
|
80
|
+
|
|
81
|
+
# Override file-level variables
|
|
82
|
+
variables {
|
|
83
|
+
instance_type = "t3.large"
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
# Reference a specific module
|
|
87
|
+
module {
|
|
88
|
+
source = "./modules/vpc" # local or registry only (not git/http)
|
|
89
|
+
version = "5.0.0" # registry modules only
|
|
90
|
+
}
|
|
91
|
+
|
|
92
|
+
# Control state isolation
|
|
93
|
+
state_key = "shared_state" # since v1.9.0
|
|
94
|
+
|
|
95
|
+
# Plan behavior
|
|
96
|
+
plan_options {
|
|
97
|
+
mode = refresh-only # or normal (default)
|
|
98
|
+
refresh = true
|
|
99
|
+
replace = [aws_instance.example]
|
|
100
|
+
target = [aws_instance.example]
|
|
101
|
+
}
|
|
102
|
+
|
|
103
|
+
# Assertions
|
|
104
|
+
assert {
|
|
105
|
+
condition = aws_instance.example.id != ""
|
|
106
|
+
error_message = "Instance should have a valid ID"
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
# Expected failures (test passes if these fail)
|
|
110
|
+
expect_failures = [
|
|
111
|
+
var.instance_count
|
|
112
|
+
]
|
|
113
|
+
}
|
|
114
|
+
```
|
|
115
|
+
|
|
116
|
+
## Common Test Patterns
|
|
117
|
+
|
|
118
|
+
### Validate outputs
|
|
119
|
+
|
|
120
|
+
```hcl
|
|
121
|
+
run "test_outputs" {
|
|
122
|
+
command = plan
|
|
123
|
+
|
|
124
|
+
assert {
|
|
125
|
+
condition = output.vpc_id != null
|
|
126
|
+
error_message = "VPC ID output must be defined"
|
|
127
|
+
}
|
|
128
|
+
|
|
129
|
+
assert {
|
|
130
|
+
condition = can(regex("^vpc-", output.vpc_id))
|
|
131
|
+
error_message = "VPC ID should start with 'vpc-'"
|
|
132
|
+
}
|
|
133
|
+
}
|
|
134
|
+
```
|
|
135
|
+
|
|
136
|
+
### Conditional resources
|
|
137
|
+
|
|
138
|
+
```hcl
|
|
139
|
+
run "test_nat_gateway_disabled" {
|
|
140
|
+
command = plan
|
|
141
|
+
|
|
142
|
+
variables {
|
|
143
|
+
create_nat_gateway = false
|
|
144
|
+
}
|
|
145
|
+
|
|
146
|
+
assert {
|
|
147
|
+
condition = length(aws_nat_gateway.main) == 0
|
|
148
|
+
error_message = "NAT gateway should not be created when disabled"
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
```
|
|
152
|
+
|
|
153
|
+
### Resource counts
|
|
154
|
+
|
|
155
|
+
```hcl
|
|
156
|
+
run "test_resource_count" {
|
|
157
|
+
command = plan
|
|
158
|
+
|
|
159
|
+
variables {
|
|
160
|
+
instance_count = 3
|
|
161
|
+
}
|
|
162
|
+
|
|
163
|
+
assert {
|
|
164
|
+
condition = length(aws_instance.workers) == 3
|
|
165
|
+
error_message = "Should create exactly 3 worker instances"
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
```
|
|
169
|
+
|
|
170
|
+
### Tags
|
|
171
|
+
|
|
172
|
+
```hcl
|
|
173
|
+
run "test_resource_tags" {
|
|
174
|
+
command = plan
|
|
175
|
+
|
|
176
|
+
variables {
|
|
177
|
+
common_tags = {
|
|
178
|
+
Environment = "production"
|
|
179
|
+
ManagedBy = "Terraform"
|
|
180
|
+
}
|
|
181
|
+
}
|
|
182
|
+
|
|
183
|
+
assert {
|
|
184
|
+
condition = aws_instance.example.tags["Environment"] == "production"
|
|
185
|
+
error_message = "Environment tag should be set correctly"
|
|
186
|
+
}
|
|
187
|
+
|
|
188
|
+
assert {
|
|
189
|
+
condition = aws_instance.example.tags["ManagedBy"] == "Terraform"
|
|
190
|
+
error_message = "ManagedBy tag should be set correctly"
|
|
191
|
+
}
|
|
192
|
+
}
|
|
193
|
+
```
|
|
194
|
+
|
|
195
|
+
### Data sources
|
|
196
|
+
|
|
197
|
+
```hcl
|
|
198
|
+
run "test_data_source_lookup" {
|
|
199
|
+
command = plan
|
|
200
|
+
|
|
201
|
+
assert {
|
|
202
|
+
condition = data.aws_ami.ubuntu.id != ""
|
|
203
|
+
error_message = "Should find a valid Ubuntu AMI"
|
|
204
|
+
}
|
|
205
|
+
|
|
206
|
+
assert {
|
|
207
|
+
condition = can(regex("^ami-", data.aws_ami.ubuntu.id))
|
|
208
|
+
error_message = "AMI ID should be in correct format"
|
|
209
|
+
}
|
|
210
|
+
}
|
|
211
|
+
```
|
|
212
|
+
|
|
213
|
+
### Validation rules
|
|
214
|
+
|
|
215
|
+
```hcl
|
|
216
|
+
run "test_invalid_environment" {
|
|
217
|
+
command = plan
|
|
218
|
+
|
|
219
|
+
variables {
|
|
220
|
+
environment = "invalid"
|
|
221
|
+
}
|
|
222
|
+
|
|
223
|
+
expect_failures = [
|
|
224
|
+
var.environment
|
|
225
|
+
]
|
|
226
|
+
}
|
|
227
|
+
```
|
|
228
|
+
|
|
229
|
+
### Sequential tests with dependencies
|
|
230
|
+
|
|
231
|
+
```hcl
|
|
232
|
+
run "setup_vpc" {
|
|
233
|
+
command = apply
|
|
234
|
+
|
|
235
|
+
assert {
|
|
236
|
+
condition = output.vpc_id != ""
|
|
237
|
+
error_message = "VPC should be created"
|
|
238
|
+
}
|
|
239
|
+
}
|
|
240
|
+
|
|
241
|
+
run "test_subnet_in_vpc" {
|
|
242
|
+
command = plan
|
|
243
|
+
|
|
244
|
+
variables {
|
|
245
|
+
vpc_id = run.setup_vpc.vpc_id
|
|
246
|
+
}
|
|
247
|
+
|
|
248
|
+
assert {
|
|
249
|
+
condition = aws_subnet.example.vpc_id == run.setup_vpc.vpc_id
|
|
250
|
+
error_message = "Subnet should be in the VPC from setup_vpc"
|
|
251
|
+
}
|
|
252
|
+
}
|
|
253
|
+
```
|
|
254
|
+
|
|
255
|
+
### Plan options (refresh-only, targeted)
|
|
256
|
+
|
|
257
|
+
```hcl
|
|
258
|
+
run "test_refresh_only" {
|
|
259
|
+
command = plan
|
|
260
|
+
|
|
261
|
+
plan_options {
|
|
262
|
+
mode = refresh-only
|
|
263
|
+
}
|
|
264
|
+
|
|
265
|
+
assert {
|
|
266
|
+
condition = aws_instance.example.tags["Environment"] == "production"
|
|
267
|
+
error_message = "Tags should be refreshed correctly"
|
|
268
|
+
}
|
|
269
|
+
}
|
|
270
|
+
|
|
271
|
+
run "test_specific_resource" {
|
|
272
|
+
command = plan
|
|
273
|
+
|
|
274
|
+
plan_options {
|
|
275
|
+
target = [aws_instance.example]
|
|
276
|
+
}
|
|
277
|
+
|
|
278
|
+
assert {
|
|
279
|
+
condition = aws_instance.example.instance_type == "t2.micro"
|
|
280
|
+
error_message = "Targeted resource should be planned"
|
|
281
|
+
}
|
|
282
|
+
}
|
|
283
|
+
```
|
|
284
|
+
|
|
285
|
+
### Parallel modules
|
|
286
|
+
|
|
287
|
+
```hcl
|
|
288
|
+
run "test_networking_module" {
|
|
289
|
+
command = plan
|
|
290
|
+
parallel = true
|
|
291
|
+
|
|
292
|
+
module {
|
|
293
|
+
source = "./modules/networking"
|
|
294
|
+
}
|
|
295
|
+
|
|
296
|
+
assert {
|
|
297
|
+
condition = output.vpc_id != ""
|
|
298
|
+
error_message = "VPC should be created"
|
|
299
|
+
}
|
|
300
|
+
}
|
|
301
|
+
|
|
302
|
+
run "test_compute_module" {
|
|
303
|
+
command = plan
|
|
304
|
+
parallel = true
|
|
305
|
+
|
|
306
|
+
module {
|
|
307
|
+
source = "./modules/compute"
|
|
308
|
+
}
|
|
309
|
+
|
|
310
|
+
assert {
|
|
311
|
+
condition = output.instance_id != ""
|
|
312
|
+
error_message = "Instance should be created"
|
|
313
|
+
}
|
|
314
|
+
}
|
|
315
|
+
```
|
|
316
|
+
|
|
317
|
+
### State key sharing
|
|
318
|
+
|
|
319
|
+
```hcl
|
|
320
|
+
run "create_foundation" {
|
|
321
|
+
command = apply
|
|
322
|
+
state_key = "foundation"
|
|
323
|
+
|
|
324
|
+
assert {
|
|
325
|
+
condition = aws_vpc.main.id != ""
|
|
326
|
+
error_message = "Foundation VPC should be created"
|
|
327
|
+
}
|
|
328
|
+
}
|
|
329
|
+
|
|
330
|
+
run "create_application" {
|
|
331
|
+
command = apply
|
|
332
|
+
state_key = "foundation"
|
|
333
|
+
|
|
334
|
+
variables {
|
|
335
|
+
vpc_id = run.create_foundation.vpc_id
|
|
336
|
+
}
|
|
337
|
+
|
|
338
|
+
assert {
|
|
339
|
+
condition = aws_instance.app.vpc_id == run.create_foundation.vpc_id
|
|
340
|
+
error_message = "Application should use foundation VPC"
|
|
341
|
+
}
|
|
342
|
+
}
|
|
343
|
+
```
|
|
344
|
+
|
|
345
|
+
### Cleanup ordering (S3 objects before bucket)
|
|
346
|
+
|
|
347
|
+
```hcl
|
|
348
|
+
run "create_bucket" {
|
|
349
|
+
command = apply
|
|
350
|
+
|
|
351
|
+
assert {
|
|
352
|
+
condition = aws_s3_bucket.example.id != ""
|
|
353
|
+
error_message = "Bucket should be created"
|
|
354
|
+
}
|
|
355
|
+
}
|
|
356
|
+
|
|
357
|
+
run "add_objects" {
|
|
358
|
+
command = apply
|
|
359
|
+
|
|
360
|
+
assert {
|
|
361
|
+
condition = length(aws_s3_object.files) > 0
|
|
362
|
+
error_message = "Objects should be added"
|
|
363
|
+
}
|
|
364
|
+
}
|
|
365
|
+
|
|
366
|
+
# Cleanup destroys in reverse: objects first, then bucket
|
|
367
|
+
```
|
|
368
|
+
|
|
369
|
+
### Multiple aliased providers
|
|
370
|
+
|
|
371
|
+
```hcl
|
|
372
|
+
provider "aws" {
|
|
373
|
+
alias = "primary"
|
|
374
|
+
region = "us-west-2"
|
|
375
|
+
}
|
|
376
|
+
|
|
377
|
+
provider "aws" {
|
|
378
|
+
alias = "secondary"
|
|
379
|
+
region = "us-east-1"
|
|
380
|
+
}
|
|
381
|
+
|
|
382
|
+
run "test_with_specific_provider" {
|
|
383
|
+
command = plan
|
|
384
|
+
|
|
385
|
+
providers = {
|
|
386
|
+
aws = provider.aws.secondary
|
|
387
|
+
}
|
|
388
|
+
|
|
389
|
+
assert {
|
|
390
|
+
condition = aws_instance.example.availability_zone == "us-east-1a"
|
|
391
|
+
error_message = "Instance should be in us-east-1 region"
|
|
392
|
+
}
|
|
393
|
+
}
|
|
394
|
+
```
|
|
395
|
+
|
|
396
|
+
### Complex conditions
|
|
397
|
+
|
|
398
|
+
```hcl
|
|
399
|
+
assert {
|
|
400
|
+
condition = alltrue([
|
|
401
|
+
for subnet in aws_subnet.private :
|
|
402
|
+
can(regex("^10\\.0\\.", subnet.cidr_block))
|
|
403
|
+
])
|
|
404
|
+
error_message = "All private subnets should use 10.0.0.0/8 CIDR range"
|
|
405
|
+
}
|
|
406
|
+
```
|
|
407
|
+
|
|
408
|
+
## Cleanup
|
|
409
|
+
|
|
410
|
+
Resources are destroyed in **reverse run block order** after test completion. This matters for dependencies (e.g., S3 objects before bucket). Use `terraform test -no-cleanup` to skip cleanup for debugging.
|
|
411
|
+
|
|
412
|
+
## Running Tests
|
|
413
|
+
|
|
414
|
+
```bash
|
|
415
|
+
terraform test # all tests
|
|
416
|
+
terraform test tests/defaults.tftest.hcl # specific file
|
|
417
|
+
terraform test -filter=test_vpc_configuration # by run block name
|
|
418
|
+
terraform test -test-directory=integration-tests # custom directory
|
|
419
|
+
terraform test -verbose # detailed output
|
|
420
|
+
terraform test -no-cleanup # skip resource cleanup
|
|
421
|
+
```
|
|
422
|
+
|
|
423
|
+
## Best Practices
|
|
424
|
+
|
|
425
|
+
1. **Naming**: `*_unit_test.tftest.hcl` for plan mode, `*_integration_test.tftest.hcl` for apply mode
|
|
426
|
+
2. **Test naming**: Use descriptive run block names that explain the scenario being tested
|
|
427
|
+
3. **Default to plan**: Use `command = plan` unless you need to test real resource behavior
|
|
428
|
+
4. **Use mocks** for external dependencies — faster and no credentials needed (see `references/MOCK_PROVIDERS.md`)
|
|
429
|
+
5. **Error messages**: Make them specific enough to diagnose failures without running the test again
|
|
430
|
+
6. **Negative tests**: Use `expect_failures` to verify validation rules reject bad inputs
|
|
431
|
+
7. **Variable coverage**: Test different variable combinations to validate all code paths — test variables have the highest precedence and override all other sources
|
|
432
|
+
8. **Module sources**: Test files only support local paths and registry modules — not git or HTTP URLs
|
|
433
|
+
9. **Parallel execution**: Use `parallel = true` for independent tests with different state files
|
|
434
|
+
10. **Cleanup**: Integration tests destroy resources in reverse run block order automatically; use `-no-cleanup` for debugging
|
|
435
|
+
11. **CI/CD**: Run unit tests on every PR, integration tests on merge (see `references/CI_CD.md`)
|
|
436
|
+
|
|
437
|
+
## Troubleshooting
|
|
438
|
+
|
|
439
|
+
| Issue | Solution |
|
|
440
|
+
|-------|----------|
|
|
441
|
+
| Assertion failures | Use `-verbose` to see actual vs expected values |
|
|
442
|
+
| Missing credentials | Use mock providers for unit tests |
|
|
443
|
+
| Unsupported module source | Convert git/HTTP sources to local modules |
|
|
444
|
+
| Tests interfering | Use `state_key` or separate modules for isolation |
|
|
445
|
+
| Slow tests | Use `command = plan` and mocks; run integration tests separately |
|
|
446
|
+
|
|
447
|
+
## References
|
|
448
|
+
|
|
449
|
+
- [Terraform Testing Documentation](https://developer.hashicorp.com/terraform/language/tests)
|
|
450
|
+
- [Terraform Test Command](https://developer.hashicorp.com/terraform/cli/commands/test)
|
|
451
|
+
- [Testing Best Practices](https://developer.hashicorp.com/terraform/language/tests/best-practices)
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
# CI/CD Integration
|
|
2
|
+
|
|
3
|
+
## GitHub Actions
|
|
4
|
+
|
|
5
|
+
```yaml
|
|
6
|
+
name: Terraform Tests
|
|
7
|
+
|
|
8
|
+
on:
|
|
9
|
+
pull_request:
|
|
10
|
+
branches: [ main ]
|
|
11
|
+
push:
|
|
12
|
+
branches: [ main ]
|
|
13
|
+
|
|
14
|
+
jobs:
|
|
15
|
+
unit-tests:
|
|
16
|
+
runs-on: ubuntu-latest
|
|
17
|
+
steps:
|
|
18
|
+
- uses: actions/checkout@v4
|
|
19
|
+
- uses: hashicorp/setup-terraform@v3
|
|
20
|
+
with:
|
|
21
|
+
terraform_version: 1.9.0
|
|
22
|
+
|
|
23
|
+
- run: terraform fmt -check -recursive
|
|
24
|
+
- run: terraform init
|
|
25
|
+
- run: terraform validate
|
|
26
|
+
- name: Run unit tests (plan mode, no credentials needed)
|
|
27
|
+
run: terraform test -filter=unit_test -verbose
|
|
28
|
+
|
|
29
|
+
integration-tests:
|
|
30
|
+
runs-on: ubuntu-latest
|
|
31
|
+
needs: unit-tests
|
|
32
|
+
if: github.ref == 'refs/heads/main'
|
|
33
|
+
steps:
|
|
34
|
+
- uses: actions/checkout@v4
|
|
35
|
+
- uses: hashicorp/setup-terraform@v3
|
|
36
|
+
with:
|
|
37
|
+
terraform_version: 1.9.0
|
|
38
|
+
|
|
39
|
+
- run: terraform init
|
|
40
|
+
- name: Run integration tests
|
|
41
|
+
run: terraform test -filter=integration_test -verbose
|
|
42
|
+
env:
|
|
43
|
+
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
44
|
+
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
## GitLab CI
|
|
48
|
+
|
|
49
|
+
```yaml
|
|
50
|
+
stages:
|
|
51
|
+
- validate
|
|
52
|
+
- test
|
|
53
|
+
|
|
54
|
+
terraform-unit-tests:
|
|
55
|
+
image: hashicorp/terraform:1.9
|
|
56
|
+
stage: validate
|
|
57
|
+
before_script:
|
|
58
|
+
- terraform init
|
|
59
|
+
script:
|
|
60
|
+
- terraform fmt -check -recursive
|
|
61
|
+
- terraform validate
|
|
62
|
+
- terraform test -filter=unit_test -verbose
|
|
63
|
+
|
|
64
|
+
terraform-integration-tests:
|
|
65
|
+
image: hashicorp/terraform:1.9
|
|
66
|
+
stage: test
|
|
67
|
+
before_script:
|
|
68
|
+
- terraform init
|
|
69
|
+
script:
|
|
70
|
+
- terraform test -filter=integration_test -verbose
|
|
71
|
+
only:
|
|
72
|
+
- main
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
## Recommended CI Strategy
|
|
76
|
+
|
|
77
|
+
- Run unit tests (plan mode + mock tests) on every PR — fast, no credentials needed
|
|
78
|
+
- Run integration tests only on merge to main or nightly — requires cloud credentials
|
|
79
|
+
- Use `-filter=unit_test` / `-filter=integration_test` to separate test types based on naming convention
|
|
80
|
+
- Store cloud credentials as CI secrets, never in code
|