Skip to content
/ terraform-testing-samples Public

This repository contains code samples demonstrating the Terraform IaC testing steps used by OVO tech production engineering, along with appropriate instructions and any helper resources / libraries that we’ve written to help enable this.

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ovotech/terraform-testing-samples

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
shared-resources/libs/test-helpers
shared-resources/libs/test-helpers
 
 
terraform
terraform
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Terraform Testing Samples

This repository contains code samples demonstrating the Terraform IaC testing steps used by OVO tech production engineering, along with appropriate instructions and any helper resources / libraries that we’ve written to help enable this.

Contained in this repository is a sample module which provisions an AWS Elastic Container Registry for storing container images, along with appropriate examples and tests, as well as any reusable configurations and shared helper resources to suppliment the testing.

Checkov

Checkov is an open source command line utility (approved by the OVO Security Engineering team) which we use to make sure all our IaC has all the correct security configurations and settings. If for example, an AWS S3 bucket created in our modules is missing encryption or is exposed publicly, this will be flagged by Checkov.

To run this locally or in the pipeline, we simply need to install the binary and run the CLI as follows:

checkov -d terraform/modules/aws_elastic_container_registry --quiet --output cli --framework terraform --download-external-modules false

Tflint

Tflint is a pluggable linter that we make use of to ensure we can enforce custom rules statically e.g. the enforcement of certain tags on all our resources.

To run tflint just install the binary and as an example, run the following commands:

tflint --init --config=terraform/.tflint.hcl
cd terraform/modules/aws_elastic_container_registry
terraform get
tflint --config=../../../terraform/.tflint.hcl

Terratest

Terratest is what is used in order to perform unit testing and integration testing on our Terraform IaC. The following tests are included in this repository:

  • Unit test to ensure we can run terraform plan against an example usage of our Terraform module
  • Version testing to ensure we can terraform plan with all the versions of Terraform and the AWS provider as specified by our version constraints in versions.tf
  • Integration testing which will actually spin up infrastructure in AWS using terraform apply, check for various attributes against the live resources and then cleanup the tests using terraform destroy

Note As a pre-requisite for running theses tests against resources in AWS, you need to have set CLI credentials for AWS

In order to run the test via the Go CLI all you need to do is run the following command in the test folder:

go test -v -timeout 30m

Contributions

Contributions are more than welcome from both internal (OVO tech) and external contributors.

If you have write access to this repo, create a branch and a PR, otherwise a fork and a PR.

About

This repository contains code samples demonstrating the Terraform IaC testing steps used by OVO tech production engineering, along with appropriate instructions and any helper resources / libraries that we’ve written to help enable this.

Topics

company-ovo

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages