wbyc/terraform-vsphere-resourcegroups
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
terraform-vsphere-resourceg.../TESTING.md
Patrick de Ruiter cfbe6cbdc4
Some checks failed
Code Quality & Security Scan / TFLint (push) Successful in 24s
Details
Code Quality & Security Scan / Terraform Destroy (push) Has been skipped
Details
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 29s
Details
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 44s
Details
Code Quality & Security Scan / Terraform Tests (push) Failing after 35s
Details
Code Quality & Security Scan / SonarQube Trigger (push) Has been skipped
Details
Code Quality & Security Scan / Terraform Init (push) Has been skipped
Details
Code Quality & Security Scan / Terraform Apply (push) Has been skipped
Details
Add comprehensive Terraform testing framework 
- Implemented 21 test cases across 3 test suites:
  * resource_groups.tftest.hcl (7 tests): Default behavior and validation
  * custom_configuration.tftest.hcl (6 tests): Custom configurations
  * variable_validation.tftest.hcl (8 tests): Input validation and edge cases

- Updated CI/CD pipeline (.gitea/workflows/sonarqube.yaml):
  * Added terraform-test job with format check and test execution
  * Generates and uploads test reports (30-day retention)
  * Runs after security scanning, before deployment

- Added comprehensive documentation:
  * TESTING.md: Complete testing guide with best practices
  * TEST_SUMMARY.md: Implementation summary and statistics
  * TESTING_QUICK_START.md: Quick reference for developers
  * TESTING_WORKFLOW.md: Visual workflow diagrams

- Updated existing documentation:
  * README.md: Added testing section with examples
  * CLAUDE.md: Added test commands to workflow

- Test coverage includes:
  * Resource creation and configuration validation
  * Tag category and tag management
  * Variable validation and defaults
  * Custom configurations and overrides
  * Edge cases and error handling
  * Output generation verification

Tests use mock credentials for infrastructure-independent execution.
Requires Terraform >= 1.6.0 for native testing framework.
2025-11-09 00:37:45 +01:00

250 lines
7.9 KiB
Markdown
Raw Blame History

# Terraform Testing Guide
This document describes the testing strategy and approach for the vSphere Resource Groups Terraform module.
## Overview
This module uses Terraform's native testing framework (introduced in Terraform 1.6.0) to ensure code quality and correctness. Tests are organized into multiple test files, each focusing on different aspects of the module's functionality.
## Test Structure
```
tests/
├── resource_groups.tftest.hcl # Tests for default resource group creation
├── custom_configuration.tftest.hcl # Tests for custom configurations
├── variable_validation.tftest.hcl # Tests for variable validation and edge cases
└── setup/
└── main.tf # Mock provider setup for testing
```
## Test Coverage
### 1. Default Resource Groups (`resource_groups.tftest.hcl`)
Tests the default behavior when using the module without custom configuration:
- **Default Resource Groups Creation**: Verifies all 5 default resource groups (kubernetes, docker, infra, databases, app-servers) are created
- **Shares Mapping Logic**: Validates the local shares_mapping values (low=500, normal=1000, high=2000)
- **Tag Categories**: Ensures Environment and ResourceGroupType tag categories are properly configured
- **Resource Group Tags**: Verifies tags are created for each resource group
- **Default Configurations**: Validates default CPU/memory settings (expandable, no limits, no reservations)
- **Output Validation**: Ensures all outputs are generated correctly
- **Naming Conventions**: Verifies resource pools have correct display names
### 2. Custom Configuration (`custom_configuration.tftest.hcl`)
Tests advanced configuration scenarios:
- **High Priority Resources**: Custom CPU/memory reservations, limits, and high priority shares
- **Low Priority Resources**: Validates low priority share allocation
- **Non-Expandable Resources**: Tests fixed resource allocation (non-expandable)
- **Multiple Custom Groups**: Validates creating multiple resource groups with different priorities
- **Environment-Specific Configuration**: Tests environment variable integration
- **Edge Cases**: Single resource group scenario
### 3. Variable Validation (`variable_validation.tftest.hcl`)
Tests input variable validation and edge cases:
- **Environment Values**: Validates accepted environment values
- **Variable Types**: Ensures variables accept correct data types
- **Resource Groups Structure**: Validates the resource_groups map structure
- **Optional Parameters**: Verifies default values are applied correctly
- **Shares Value Mapping**: Tests all three share levels (low, normal, high)
- **Empty Configuration**: Handles empty resource_groups map
- **Resource Limits**: Validates CPU/memory limits configuration
## Running Tests
### Locally
#### Run All Tests
```bash
terraform test
```
#### Run Tests in Verbose Mode
```bash
terraform test -verbose
```
#### Run Specific Test File
```bash
terraform test -filter=tests/resource_groups.tftest.hcl
```
#### Run Specific Test Case
```bash
terraform test -filter=tests/resource_groups.tftest.hcl -verbose -test-directory=tests
```
### In CI/CD Pipeline
Tests are automatically executed in the CI/CD pipeline as part of the `terraform-test` job:
1. **Format Check**: Validates Terraform formatting (`terraform fmt -check -recursive`)
2. **Test Execution**: Runs all tests with verbose output
3. **Test Report**: Generates and uploads test results as artifacts
The test job runs after security scanning (Checkov) and before SonarQube analysis.
## Test Execution Flow
```
┌─────────────┐
│ TFLint │
└──────┬──────┘
┌─────────────┐
│ Tfsec │
└──────┬──────┘
┌─────────────┐
│ Checkov │
└──────┬──────┘
┌─────────────┐
│ Terraform │
│ Test │ ◄── New Step
└──────┬──────┘
┌─────────────┐
│ SonarQube │
└──────┬──────┘
┌─────────────┐
│ Terraform │
│ Init │
└─────────────┘
```
## Writing New Tests
### Test File Structure
```hcl
# Test description
run "test_name" {
command = plan # or apply
# Optional: Override variables
variables {
environment = "dev"
resource_groups = {
custom = {
name = "Custom Group"
}
}
}
# Assertions
assert {
condition = <boolean_expression>
error_message = "Descriptive error message"
}
}
```
### Best Practices
1. **Use Descriptive Test Names**: Test names should clearly describe what they're testing
2. **One Concern Per Test**: Each test should focus on a single aspect or scenario
3. **Clear Error Messages**: Error messages should explain what failed and why
4. **Use Variables for Flexibility**: Override variables to test different scenarios
5. **Test Edge Cases**: Include tests for empty inputs, minimum/maximum values, etc.
6. **Use `plan` Command**: Most tests should use `command = plan` to avoid requiring actual infrastructure
### Example Test Pattern
```hcl
run "validate_cpu_shares_mapping" {
command = plan
variables {
resource_groups = {
test_group = {
name = "Test"
cpu_shares = "high"
}
}
}
assert {
condition = vsphere_resource_pool.resource_groups["test_group"].cpu_shares == 2000
error_message = "High CPU shares should map to 2000"
}
}
```
## Test Requirements
- **Terraform Version**: >= 1.6.0 (required for native testing framework)
- **Provider Version**: vsphere ~> 2.10
- **Mock Data**: Tests use mock values for Vault credentials and vSphere resources
## Troubleshooting
### Test Failures
1. **Review Test Output**: Use `-verbose` flag for detailed output
2. **Check Assertions**: Verify the condition logic is correct
3. **Validate Variables**: Ensure variable values match expected types
4. **Review Changes**: If tests fail after code changes, review the modifications
### Common Issues
#### Tests Skip Provider Validation
Tests use mock credentials (`TF_VAR_role_id` and `TF_VAR_secret_id`) to avoid requiring actual infrastructure access during testing.
#### Format Check Failures
Run `terraform fmt -recursive` to automatically format all Terraform files.
#### Test Hangs or Times Out
This may indicate a provider authentication issue. Ensure mock credentials are properly set in the test environment.
## Test Metrics
Current test coverage includes:
- **Total Test Files**: 3
- **Total Test Cases**: 20+
- **Areas Covered**:
- Resource creation and configuration
- Tag management
- Variable validation
- Edge cases and error handling
- Output generation
## Integration with Quality Gates
Tests are part of the overall quality assurance strategy:
1. **TFLint**: Code style and best practices
2. **Tfsec**: Security scanning
3. **Checkov**: Security and compliance checks
4. **Terraform Test**: Functional correctness ⬅ New
5. **SonarQube**: Code quality analysis
6. **Terraform Plan**: Actual infrastructure validation
## Future Improvements
Potential enhancements to the testing strategy:
- [ ] Add mock providers for complete isolation from infrastructure
- [ ] Implement test coverage reporting
- [ ] Add performance tests for large numbers of resource groups
- [ ] Create integration tests with actual vSphere environment
- [ ] Add contract tests for output structures
- [ ] Implement property-based testing for resource configurations
## References
- [Terraform Testing Documentation](https://developer.hashicorp.com/terraform/language/tests)
- [Terraform Test Command](https://developer.hashicorp.com/terraform/cli/commands/test)
- [Writing Terraform Tests](https://developer.hashicorp.com/terraform/language/tests/syntax)
Reference in New Issue View Git Blame Copy Permalink