Replies: 4 comments
-
|
@henrykie @gabebatista thoughts? |
Beta Was this translation helpful? Give feedback.
-
|
I think that integrating Terraform Tests into the project is a great idea and should be a high priority. We can dedicate a sprint to create the tests and flesh out any examples we might be missing, but I think that we should wait until the large PRs (Cloud DDC and Perforce updates) we are currently reviewing are merged. Regarding the dependencies in a CI account, we might be able to mock some of the resources as stated in the docs here. A few quick questions for you:
|
Beta Was this translation helpful? Give feedback.
-
|
Moving this issue to Discussions. |
Beta Was this translation helpful? Give feedback.
-
|
Agreed - I think the ideal time is right after this sprint is completed, but before the next one starts. We can mock the resources in the CI account that may be necessary, but I think we can also create a standard to store any value that potentially may be needed (domains, email addresses, VPC IDs, etc.) in SSM Parameter Store in the CI account. Responses to the above questions:
I may have been mixing this up with another project. Perhaps I'm thinking of a discussion where we were talking about tests and were deciding between terratest or terraform test.
Both, but slightly more related to the PR process. I see a few ways these can be used: Speed up developmentIn the most simple form, tests can just reference a module, including a root module, such as the core configuration files a contributor would be writing. For example, see this directory structure for the Within my test ( run "unit_test" {
command = plan
module {
source = "./"
}
}
run "e2e_test" {
command = apply
module {
source = "./"
}
}The above will run The small downside with the standard structure is it leads to a bit of duplication, since you'd be configuring the test to create resources, when you could just point at the resources that are already defined in the configuration files. Each way of writing the tests are valuable and have their own place, but I propose at the minimum all submitted code has a mandatory test (testing basic functionality using the configuration files themselves). I think this will keep the barrier to entry for contributors low. For more complex use cases, such as the modules themselves where we likely would want to have some additional, more robust tests, we lean into the other standard way to define tests. For speeding up development, users always will have the option to simply run
In general, I'd recommend following the typical path until closer to "done" with whatever TF code is being written, but the option is always there. GitHub Actions for Testing PRsThis is the core way I see terraform test being used - alongside out other tests (checkov, etc.). When submitting a PR, the final step should be to replace values with SSM Parameters (using data sources) that point to those that exist in the CI account. That way the test can run without us writing sensitive values for things that live in the CI account. The other benefit is that this will speed up tests. We should not necessarily be creating VPCs, ALBs, etc. during each test, though that is likely something we'd want depending on what the module/sample does. In general, we should lean into using data sources to reference things that already exist in the CI account (VPCs, subnets, etc.) where relevant. I believe that's how most customers would be using the modules - passing in their own existing resources, at least for the larger/more complicated resources or anything that may be in a shared services/shared networking type AWS account
I agree. I have some ideas for packer. We could use Potential challenges/things to look out forThe blessing and curse of Terraform Tests are that they manage the state on your behalf. This means that if you run into a weird issue and aren't sure what's going on, you can't inspect the state file if needed since it won't be accessible. Also, if for some reason you force a cancellation of a running test, all of the existing resources that have been deployed will be orphaned in the AWS account and will need manual cleanup. At the end of the day |
Beta Was this translation helpful? Give feedback.
-
Is this related to an existing feature request or issue?
No response
What part of the Cloud Game Development Toolkit does this RFC relate to?
Modules
Summary
This proposal is for integration with Terraform Tests. Ideally, all local and pipeline tests will be transitioned from Terratest to Terraform Tests.
Use case
The reasoning behind this is to streamline testing for the entire project, especially when it comes to new module contributions. Currently there is some portion that is manual, and in addition the requirement of tests in Terratest having to be written in Go can be a barrier to entry for contributors. With Terraform Test, tests are written in HCL and examples that will already be written/modified, can be used as the tests themselves which simplifies the process and encourages the writing of tests more frequently. Terraform Test manages state on your behalf, and will create and destroy resources based on the tests that are defined by running a simple
terraform testcommand.Proposal
This proposal is for integration with Terraform Tests. Ideally, all local and pipeline tests will be transitioned from Terratest to Terraform Tests. Alongside a new module addition, a subsequent example is written. This example will be pointed at for the test. Additionally, this makes it easier for newer contributors as they can easily run local and pipelines tests to have confidence in the functionality in their PR, even when making smaller changes. This can also be leveraged by dependabot to ensure small version updates also don't inadvertently break functionality.
For configuration, we'd leverage a centralized CI account where we could have dependencies already setup/configured (such as domains, etc.) which would be used for pipeline tests.
For local tests, we can leverage
abp-localand define a series of tests that can run locally with theabp-localbinary and docker. This will accelerate local development, and result in less pipeline runs until there is a substantial level of confidence in the functionality of the PR. Examples of these types of configurations can be seen in the IAM Identity Center Terraform Module, specifically in the.config,.project-automation,examples, andtestsdirectories.Out of scope
Testing of Packer may need to be out of scope for now in terms of Terraform Test, however I'd like to add it in the future depending on how much of a focus it will continue to be. There was a a few Packer issues (#439, #440) identified that a dedicated test would help avoid in the future. The test would create the AMI, validate it's creation in the correct region, and then destroy the AMI for cleanup).
At the moment I believe Terraform Test is only scoped to Terraform (as you'd probably assume). However, there may be other ways we can automate testing of Packer templates, though this may require leveraging a combination
local-execandnull resourceresources to run packer CLI commands, which would need to be in the context of the related Terraform Module(s) (e.g. Perforce modules). Alternatively, we could make a dedicated module for testing of all packer templates available in CGDTK.Potential challenges
Potential challenges may be timing, as we currently are in a sprint. Ideally this would be implemented after this sprint is completed, and before the next one begins. There are already manny large PRs in the works, so adding another one that could potentially impact all modules and the ability of PRs to be merged is risky to do at the moment.
Dependencies and Integrations
No response
Alternative solutions
No response
Beta Was this translation helpful? Give feedback.
All reactions