State of Terraform Testing
Code testing in general can be done at two levels:
1. Unit testing — The boundary is your local machine network, disk and memory. Although anything outside of memory can still be debated as outside the boundary of unit testing.
2. Integration testing — When testing crosses interface boundaries and involves creation of resources or inspecting interaction with APIs.
Where are we at for Terraform testing?
The following are the current options in testing terraform code:
1. terraform test (experimental): Terraform tests can be written in HCL based terraform language. This is currently experimental and there are known limitations. The test involves steps that performs create and destroy of real resources.
2. terratest and kitchen-terraform: These are third party tools for writing integration tests for terraform. Again, both these tools involved creation and destruction of actual resources.
3. cdktf: In a recent announcement, cdktf has added unit testing support using typescript. Hopefully support for unit tests in other languages will come soon.
What should be your direction?
This space is changing rapidly, and this is making it hard to decide on investment of effort without risking rework. What is now certain is that the “Infra as Code” space is heading towards a direction of “Write Infra as Code in any language” [1] with the emergence of AWS CDK and Pulumi.
The following are the challenges:
1. If you already have code written in terraform language, you will need to invest your time in learning and converting your code into cdktf. You will probably have to update your pipeline as well. This would set you up for future direction (see [1]) and enable you to write unit tests for your current infrastructure code.
2. If we take cdktf out of the frame, the native test support in terraform cli and the terraform language makes it the obvious choice but the last update on this was more than 6 months back.
3. What about terratest? The last two points makes this choice even harder if you are thinking of making the decision now.
Final Notes
I would personally start looking seriously into cdktf and start experimenting with it by writing some tests. The current Go support is in experimental state, so I am keeping a close watch on it, Go being my preferred language.
Pulumi will also be on my radar. It could give terraform a serious competition in this space.
