AWS Infrastructure Testing using Terratest with Go
As a developer, the custom is to have unit tests for any new code changes. Now doing Infrastructure as Code, I am naturally attracted to the idea of testing code changes for setting up the cloud. There are many benefits of testing. Some include detecting bugs early, documentation of functionalities, it facilitates more efficient debugging. How then do I get started with IAC testing? Check out a post here where I set up a simple Terraform script for creating a free VPN server. My intention now is to test this IAC code setup. I added the GitHub repo below. Note that the terratest example is on a separate branch I have called teratest so you can follow along.
Enter Terratest
Terratest is a GO-based tool for testing IAC. It has support for Terraform, Kubernetes, and many more IAC tools. Using the context of Terraform, it works by spinning up real infrastructure proposed in your terraform script, runs predefined validations in the testing script against this infrastructure, then runs $ terraform destroy to tear down components as it concludes the test. So, I am going to use Terratest to test the free open VPN terraform code.
Test Setup
Following some basic examples from the official Terratest page, I was able to arrive at the following;
So what is happening here? This is simply a GO script. Here, we first import the various testing and Terratest modules required to write the test code. Then, we create variables required for test setup which includes a random server name, default AWS as “eu-central-1”, and in the options, we tell terratest which directory to check for our terraform code. And pass in tf variable server_name as the random name generated. Next, we set up a defer statement to let GO run clean up command just before the TestFreeVPNServer function returns. Next, we do InitAndApply which is like running both$ terraform init and $ terraform apply on our terraform folder. When you run the test script and observe the output, there you note that you can see a combination of the same output you get from running these terraform commands singly. Next, we extract outputs of instanceId and vpnUrl to make certain assertions. Here, I have limited the assertion to just fetch the Name tag on the instance and confirm that it matches the random name generated. The next assertion is to make sure the output VPN URL matches a regexp checking for the correct port and /admin route.
To run the test, make sure you have the correct terraform and AWS setup. You can refer to the previous post for this. Then in the test directory, run the following;
$ go test -v -run TestFreeVPNServerYou get very verbose output because we added a -v flag. I know it is quite verbose but I like the fact that it conveys what is happening on the infrastructure level. The expected output should look like the following;
Destroy complete! Resources: 2 destroyed.--- PASS: TestFreeVPNServer (80.53s)PASSok
Happy Terraforming!
