What’s New In Terraform 1.6: Testing!
HashiCorp recently made Terraform 1.6 generally available. Let’s get into it!
Now module maintainers can write tests for Terraform native to HCL.
We’ll be writing a separate, deeper-dive article on the ins and outs of
terraform test syntax, but for now, the basic highlights are:
- Create tests defined in HCL within a
.tftest.hclfile. HashiCorp has a good simple example that can be viewed here.
terraform testwhich provisions resources based on the test definitions, checks the configuration against required assertions, and then tears down all cloud resources.
This provides a clean way to test that a particular module of Terraform code behaves as expected, and is a large improvement over other ways of testing Terraform modules which include:
- Testing in dev: Deploy new module changes within a development environment prior to releasing to production and ensure functionality is as expected. While this does work, when bugs occur it can result in a very slow cycle time while making corrections.
- Custom Ephemeral Pipelines: Build a custom CI pipeline to create, assess, and destroy resources created by a Terraform module. If this sounds like it would be difficult to set up robustly, that is because it is.
- Third Party Libraries: Third party tools like Gruntwork’s terratest allow for defining tests of Terraform configuration using GoLang, which can help make building a “Custom Ephemeral Pipeline” easier. That being said, writing tests for HCL using GoLang requires a lot of context switching and is not the simplest process.
So, it is easy to see how big of a new feature
terraform test is. Now we can define robust tests that are ephemeral, written in HCL, quick to cycle with, and natively executed by Terraform.
Expression evaluation within config-driven imports
Now import blocks can dynamically evaluate values, as long as they are known at the time of a terraform plan. The use case for this new functionality is to pass a value to Terraform’s for a resource’s remote
AWS Backend Enhancements
Several small enhancements were made to the S3 backend block to better integrate with recent changes to the AWS Terraform provider. One of the changes that stands out is the ability to specify specific
forbidden_account_ids that Terraform is allowed or not allowed to access, providing another layer of environment segmentation/guardrails.
Terraform Cloud CLI Updates
These improvement can be thought of as workflow enhancements for a subset of Terraform Cloud users.
First, one can now reference a project in the
cloud block and then list all available workspaces within that project through
terraform workspaces list.
Second, Terraform Cloud users can now save state plans using
terraform plan -out path/to/my/file.json on the CLI.
The biggest news by far is
terraform test, which should help nearly all users more quickly test and maintain reliable Terraform modules. Other new features will mostly be of interest to those looking to get more out of the AWS s3 backend, the Import block, or the Terraform Cloud CLI, respectively.
dragondrop.cloud’s mission is to automate developer best practices while working with Infrastructure as Code. Our flagship OSS product, cloud-concierge, allows developers to codify their cloud, detect drift, estimate cloud costs and security risks, and more — while delivering the results via a Pull Request. For enterprises running cloud-concierge at scale, we provide a management platform. To learn more, schedule a demo or get started today!
Learn More About Terraform
Why a Cloud Asset Management Platform? With ever expanding cloud environments, having visiblity for and control of cloud assets is not a trivial task to perform manually. A series of offerings exist to automate this problem, providing functionality to at least: Detect...
“Everything as Code” Definition Everything as Code is a philosophy for managing IT infrastructure where all components of infrastructure are created, managed, and deleted using code. This applies to container definitions, cloud infrastructure, on-premise server...
What is driftctl? driftctl is an OSS CLI tool that enables users to identify Terraform drift as well as unmanaged resources within a cloud environment. It is a quite popular tool and has collected over two thousand stars on GitHub. Why Would We Want a Replacement?...