kitchen-terraform is a set of Test Kitchen plugins for testing Terraform configuration.

• Ruby (~> 2.3)

• Bundler (~> 1.12)

• Terraform (>= 0.6, < 0.8)

kitchen-terraform is packaged as a cryptographically signed Ruby gem which means it can be installed with Bundler.

Once Bundler is installed, add kitchen-terraform to the project's Gemfile:

source 'https://rubygems.org'

gem 'kitchen-terraform', '~> 0.1'

Then, use Bundler to install the gems:

bundle install

The provided plugins must all be used together in the Test Kitchen configuration in order to successfully test the provided Terraform configuration.

Refer to Getting Started Readme for a detailed walkthrough of setting up and using kitchen-terraform.

Refer to the examples directory for a detailed example project.

The driver is a wrapper around the Terraform command-line interface. It is responsible for enforcing Terraform version support and works with the provisioner to manage the Terraform state.

The driver ensures that the parent directories of the plan and state files exist.

The driver applies a destructive Terraform plan to the Terraform state based on the Terraform configuration provided to the provisioner.

There are no configuration options for the driver.

---
driver:
  name: terraform

The provisioner is the bridge between Terraform and Test Kitchen. It is responsible for managing the Test Kitchen configuration options related to the Terraform configuration and works with the driver to manage the Terraform state.

The provisioner uses the driver to apply a constructive Terraform plan to the Terraform state based on the provided Terraform configuration.

The number of seconds to wait for the Terraform apply command to be successful before raising an error.

---
provisioner:
  name: terraform
  apply_timeout: 1000

The default apply_timeout is 600 seconds.

Enable or disable colored output from the Terraform command.

---
provisioner:
  name: terraform
  color: false

The default value for color is true.

The pathname of the directory containing the Terraform configuration to be tested; corresponds to the directory specified in several Terraform commands.

---
provisioner:
  name: terraform
  directory: directory/containing/terraform/configuration

The default directory is the current working directory of Test Kitchen.

A collection of pathnames of Terraform variable files to be evaluated for the configuration.

---
provisioner:
  name: terraform
  variable_files:
    - first/terraform/variable/file
    - second/terraform/variable/file
---
provisioner:
  name: terraform
  variable_files: a/terraform/variable/file

The default variable_files collection is empty.

A mapping of Terraform variables to be set in the configuration.

---
provisioner:
  name: terraform
  variables:
    foo: bar
# deprecated
---
provisioner:
  name: terraform
  variables:
    - foo=bar
    - biz=baz
---
# deprecated
provisioner:
  name: terraform
  variables: foo=bar

The default variables collection is empty.

The verifier is a wrapper around InSpec. It is responsible for verifying the behaviour of any server instances in the Terraform state.

The verifier verifies the test suite's configured groups of server instances in the Terraform state using an InSpec profiles located in <Test Kitchen working directory>/test/integration/<suite name>.

The verifier inherits from kitchen-inspec and should support any configuration defined by that plugin with the exception of the port and username configuration which are specified under groups.

A collection of group mappings containing InSpec control and connection options for the different server instance groups in the Terraform configuration.

Each group consists of:

• a name to use for logging purposes

• a mapping of InSpec attribute names to Terraform output variable names to define for the suite's InSpec profile

• a collection of controls to include from the suite's InSpec profile

• a hostnames output variable name to use for extracting hostnames from the Terraform state; the output value is assumed to be in CSV format

• the port to use when connecting to the group's hosts

• the username to use when connecting to the group's hosts

---
verifier:
  name: terraform
  groups:
    - name: arbitrary
      attributes:
        foo: bar
      controls:
        - biz
      hostnames: hostnames_output
      port: 123
      username: test-user

The default groups collection is empty.

For each group:

• the default attributes mapping is empty

• the default controls collection is empty

• the default port is obtained from the transport

• the default username is obtained from the transport