Tag: terraform

How Terraform Tests Saved a Prod Deployment

Picture this: Itโ€™s 1 AM. I am not even joking:

Youโ€™ve just refactored your Terraform module to add the auto-scaling magic. You merge. You deploy. You go to bed. The next morning? Production is literally on fire ๐Ÿ”ฅ because your โ€œtinyโ€ change accidentally nuked the database.

How to stop โ€œOopsโ€ from becoming โ€œOH NOโ€ …

Test-Driven Chaos Prevention ๐Ÿงช

Terraform tests (available in v1.6+) let you validate config changes before they touch your infrastructure. Think of them as your codeโ€™s personal bouncer, checking IDs at the door.

# valid_string_concat.tftest.hcl
run "did_i_break_everything" {
  command = plan
  assert {
    condition = aws_s3_bucket.bucket.name == "my-glittery-unicorn-bucket"
    error_message = "Name mismatch! Abort mission! ๐Ÿšจ"
  }
}

Translation: โ€œIf the bucket name isnโ€™t โ€˜my-glittery-unicorn-bucket,โ€™ error and abort.โ€

How Terraform Tests Save You ๐Ÿค—

1๏ธโƒฃ command = plan: Simulate changes without touching real infra. โ€œWhat ifโ€ฆ?โ€ but for adults.
2๏ธโƒฃ Assertions: Like a clingy ex, theyโ€™ll text you 100x if somethingโ€™s wrong. Example:

assert {
  condition = output.bucket_name == "test-bucket" 
  error_message = "This is NOT the bucket youโ€™re looking for. ๐Ÿ‘‹"
}

3๏ธโƒฃ Variables & Overrides: Test edge cases without redeploying. Example: โ€œWhat if someone sets bucket_prefix to ๐Ÿ”ฅ?โ€

Some Tips !

  • Mock Providers (v1.7+): Fake it โ€™til you make it. Test AWS without paying AWS ๐Ÿ‘
  • Expect Failure: Want to validate that a config should break? Use expect_failures. Example:
run "expect_chaos" {
  variables { input = 1 } # Odd number โ†’ should fail validation
  expect_failures = [var.input]
}

Translation: โ€œIf this doesnโ€™t fail, Iโ€™ve lost faith in humanity.โ€ (I have already tbh)

  • Modules in Tests: Reuse setup/teardown logic like a lazy genius. Example: A โ€œtestโ€ module that pre-creates a VPC so you can focus on actual work.
module "consul" {
  source  = "hashicorp/consul/aws"
  version = "0.0.5"

  servers = 3
}

The Takeaway ๐Ÿš€

Testing is like adding seat belts to your code: boring until you crash !

Use run blocks, assertions, and provider mocking to:

  • Avoid โ€œWorks on My Machineโ€ syndrome
  • Sleep better (no 3 AM โ€œWHY IS S3 DOWNโ€)
  • Brag in PR reviews (โ€œMy tests caught 10 bugs. Your move, Karen.โ€)

TL;DR: Write tests. Save your sanity.

Resources:
[1] https://www.paloaltonetworks.com/blog/prisma-cloud/hashicorp-terraform-cloud-run-tasks-integration
[2] https://developer.hashicorp.com/terraform/language/tests