Kitchen-Terraform Logo Kitchen-Terraform

Kitchen-Terraform enables verification of infrastructure systems provisioned with Terraform.

Gem version Gem downloads version Gem downloads total

Delivery Pages Build and Deployment Code coverage Maintainability Technical debt

Gitter chat

Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls.

As Kitchen-Terraform integrates several distinctive technologies in a nontrivial manner, reviewing the documentation of each of the aforementioned products is strongly encouraged.

Installation

Terraform

Kitchen-Terraform integrates with the Terraform command-line interface to implement a Test Kitchen workflow for Terraform modules.

Installation instructions can be found in the Terraform: Install Terraform article.

Kitchen-Terraform supports versions of Terraform in the interval of >= 0.11.4, < 2.0.0.

tfenv can be used to manage versions of Terraform on the system.

Ruby

Kitchen-Terraform is written in Ruby which requires an interpreter to be installed on the system.

Installation instructions can be found in the Ruby: Installing Ruby article.

Kitchen-Terraform aims to support all versions of Ruby that are in "normal" or "security" maintenance, which is currently the interval of >= 2.4, < 2.8.

rbenv can be used to manage versions of Ruby on the system.

Kitchen-Terraform Ruby Gem

Each version of Kitchen-Terraform is published as a Ruby gem to RubyGems.org which makes them readily available for installation on a system.

Bundler

Bundler should be used to manage versions of Kitchen-Terraform on the system. Using Bundler provides easily reproducible Ruby gem installations that can be shared with other systems.

First, create a Gemfile with contents like the following example. The pessimistic pinning of the version is recommended to benefit from the semantic versioning of the Ruby gem.

Defining Kitchen-Terraform as a dependency for Bundler in a Gemfile


source "https://rubygems.org/" do
  gem "kitchen-terraform", "~> 7.0"
end

Second, run the following command.

Installing Kitchen-Terraform with Bundler


bundle install

The preceding command will create a Gemfile.lock comprising a list of the resolved Ruby gem dependencies.

More information can be found in the Bundler: In Depth article.

RubyGems

RubyGems, the default Ruby package manager, can also be used to install a version of Kitchen-Terraform by running a command like the following example.

Installing Kitchen-Terraform with RubyGems


gem install kitchen-terraform --version 7.0.2

This approach is not recommended as it requires more effort to install the gem in a manner that is reproducible and free of dependency conflicts.

More information can be found in the RubyGems: Installing Gems article.

Extra Dependencies

The RbNaCl gem may need to be installed in order to use Ed25519-type SSH keys to connect to systems with the SSH backend. This gem implicitly depends on the system package libsodium, and its presence when libsodium is not installed causes unexpected errors when loading InSpec transport plugins like GCP, so it is not included by default to reduce the burden on users whom do not require support for Ed25519-type SSH keys.

Usage

A familiarity with Test Kitchen workflows and commands is required to use Kitchen-Terraform.

Configuration

Kitchen-Terraform provides four Test Kitchen plugins which must be configured in a Test Kitchen configuration file in order to successfully test Terraform configuration.

The Terraform driver is the bridge between Test Kitchen and Terraform. It manages the state of the Terraform root module under test by shelling out and running Terraform commands.

The Terraform provisioner applies changes to the Terraform state based on the configuration of the root module.

The Terraform transport is responsible for the integration with the Terraform CLI.

The Terraform verifier utilizes InSpec to verify the behaviour and state of resources in the Terraform state.

More information can be found in the Ruby gem documentation.

The kitchen doctor command can be used to validate the system and the configuration file.

Caveats

Versions of Terraform in the 0.11 series may cause kitchen test to fail if the initial destroy targets an empty Terraform state. A workaround for this problem is to use kitchen verify && kitchen destroy instead of kitchen test. More details about the problem are available in issue #271.

Tutorials and Examples

Several tutorials are available on the Kitchen-Terraform Tutorials page.

The integration tests for Kitchen-Terraform can also be viewed as examples of how it works. The integration test Test Kitchen configuration file and the integration test directory provide several functional examples which exercise various features of Kitchen-Terraform.

Contributing

Kitchen-Terraform thrives on community contributions.

Information about contributing to Kitchen-Terraform can be found in the Contributing document.

Changelog

Kitchen-Terraform adheres to semantic versioning and documents all significant changes accordingly.

Information about changes to Kitchen-Terraform can be found in the Changelog.

Maintainers

Kitchen-Terraform is maintained by community contributors and Copado NCS LLC.

Copado logo copado.com

Twitter logo @CopadoSolutions

LinkedIn logo Copado

GitHub logo @CopadoSolutions

Email logo [email protected]

Email logo [email protected]

License

Kitchen-Terraform is distributed under the Apache License.