$30 off During Our Annual Pro Sale. View Details »

Test-Driven Development (TDD) for Infrastructure

Rosemary Wang
November 07, 2019
Technology
8
5k

Test-Driven Development (TDD) for Infrastructure

Originally presented at 2019 O'Reilly Velocity (Berlin).

In software development, test-driven development (TDD) is the process of writing tests and then developing functionality to pass the tests. Let's explore methods of adapting and applying TDD to configuring and deploying infrastructure-as-code.

Repository here: https://github.com/joatmon08/tdd-infrastructure

Rosemary Wang

November 07, 2019
Tweet

More Decks by Rosemary Wang

See All by Rosemary Wang
Break Glass, Repair Fast, Reconcile Automation
joatmon08
2
14
Building a Developer Platform? Ask these questions.
joatmon08
0
4
From Cloud-Hosted to Cloud-Native
joatmon08
0
27
Refactoring Applications for Dynamic Secrets
joatmon08
1
23
Catching Commits to Secure Infrastructure as Code
joatmon08
1
24
Minimum Secure Pipeline
joatmon08
0
46
HashiCorp Terraform for Network Infrastructure as Code
joatmon08
0
40
Patterns to Refactor Terraform
joatmon08
1
130
Auditing Your Automation's Access... Using More Automation
joatmon08
1
2.6k

Other Decks in Technology

See All in Technology
幸運を科学する ~アジャイルチームの成功を再現する方法~
okamototakuyasr2
0
190
Flink SQL: the Challenges of Implementing a Streaming SQL Engine
jark
0
400
cloudflare-workersを使ってslack上に匿名チャットを作った話
sugawani
0
120
SOLID Is Dead, Long Live SOLID
lemiorhan
2
150
[2023년 11월 세미나] 마케팅 성과 분석의 모든 것 (feat. GA4)
datarian
0
310
11/10 watsonx.aiに関する資料
masaaki_k
2
130
RAG Approach on AWS
hayaok3
4
540
エンジニア不足の中で どう技術的負債と向き合ったのか RevComm Research の場合 -
revcomm_inc
4
2.5k
実装がすべてではない、開発者の周りから考える Web プロダクトセキュリティ
oldbigbuddha
0
180
About HealthKit nutrition
coe
0
150
Apache Flink 2.0 Preview
jark
1
500
決済事業のアーキテクチャとそれを⽀える AlloyDB
sansantech
PRO
6
1.3k

Featured

See All Featured
YesSQL, Process and Tooling at Scale
rocio
159
13k
Product Roadmaps are Hard
iamctodd
43
9k
10 Git Anti Patterns You Should be Aware of
lemiorhan
644
57k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
16
1.5k
Optimizing for Happiness
mojombo
368
68k
Learning to Love Humans: Emotional Interface Design
aarron
265
39k
Producing Creativity
orderedlist
PRO
336
38k
The Power of CSS Pseudo Elements
geoffreycrofte
56
4.7k
How To Stay Up To Date on Web Technology
chriscoyier
780
250k
StorybookのUI Testing Handbookを読んだ
zakiyama
9
4.1k
Making Projects Easy
brettharned
105
5.2k
Documentation Writing (for coders)
carmenintech
55
3.4k

Transcript

  1. Copyright © 2019 HashiCorp
    Test-Driven
    Development for
    Infrastructure
    Rosemary Wang, @joatmon08
    Velocity Berlin | Nov. 7, 2019

    View Slide

  2. “TDD is dead.”
    https://dhh.dk/2014/tdd-is-dead-long-live-testing.html

    View Slide

  3. What’s Test-
    Driven
    Development
    (TDD)?
    ▪ Write tests firsts, then the
    feature.
    ▪ “Red, green, refactor”
    ▪ Benefits:
    – Only build defined features
    – Modular, testable code

    View Slide

  4. Integration Tests
    Contract Tests
    Unit Tests
    “Ideal”
    Testing
    Pyramid
    Manual
    Testing
    Cost
    (Time, $$$)
    End-to-End Tests

    View Slide

  5. Infrastructure
    Testing
    Signpost
    End-to-End Tests
    Manual
    Testing
    Integration Tests
    Contract Tests
    Unit Tests
    Cost
    (Time, $$$)

    View Slide

  6. Why is it a signpost?
    ▪ #YOLO-driven development
    ▪ Lack of education
    ▪ Lack of automation / interface
    ▪ Lack of tooling

    View Slide

  7. Let’s try TDD
    for
    Infrastructure.
    ▪ Infrastructure configuration still
    requires good code practices
    ▪ Infrastructure architecture has
    definition of “feature complete”
    ▪ terraform yolo isn’t a thing
    (or insert deploy command here).

    View Slide

  8. Target
    State

    View Slide

  9. Integration Tests
    Contract Tests
    Unit Tests
    TDD Up the
    Pyramid
    Manual
    Testing
    Cost
    (Time, $$$)
    End-to-End Tests

    View Slide

  10. Warning, Some Terraform
    VS Code Live Share at:
    hashi.co/tdd-velocity

    View Slide


  11. Unit Testing

    View Slide

  12. Unit Tests
    ▪ Test individual component
    ▪ Can be run without dependencies
    ▪ Infrastructure: check specific
    configuration & syntax

    View Slide

  13. Live Code
    ▪ We’ll use conftest (Open Policy Agent) & terraform
    validate.
    ▪ Terraform-specific tools, compiled by Peter Souter:
    – clarity
    – terraform-compliance
    – terraform_validate
    ▪ Other infrastructure: native testing frameworks

    View Slide

  14. Target
    State

    View Slide

  15. Unit TDD

    Function logic?
    Execution?
    Resource dependencies?

    Fast feedback
    Architectural Conformance
    Lint and check syntax

    View Slide


  16. Contract
    Testing

    View Slide

  17. Contract Tests
    ▪ Validate interactions between 2
    components (input & output)
    ▪ “Real” resources not required
    ▪ Compare infrastructure state

    View Slide

  18. Live Code
    ▪ We’ll use conftest (Open Policy Agent) & terraform plan.
    ▪ Terraform-specific tools: kitchen-terraform
    ▪ Can also use native testing frameworks
    – Example for network switches with Python
    – Example for S3 Bucket Policy with Golang
    – If Kubernetes, check Kubernetes to external components
    (i.e., DNS)

    View Slide

  19. Target
    State

    View Slide

  20. Contract TDD

    Resource dependencies?
    Interactions?

    Fast feedback
    Check functional logic
    Catch our input errors
    More holistic

    View Slide


  21. Integration
    Testing

    View Slide

  22. Integration Tests
    ▪ Confirms interactions between 2+
    components
    ▪ Real resources required
    ▪ May also include acceptance tests

    View Slide

  23. IMPORTANT
    ▪ Integration tests are about interactions.
    ▪ When using IaC tool, testing deployment is redundant.
    – In Terraform, covered by Provider Acceptance Tests
    ▪ Many types of integration tests, including Functional, Policy,
    & Security

    View Slide

  24. Testing
    with
    Kitchen

    View Slide

  25. Tools
    ▪ Terraform-specific tools: terratest, kitchen-terraform,
    Sentinel
    ▪ Other tools:
    – AWS localstack / mocking framework (USE WITH CAUTION)
    – Kubernetes local environments (KIND, Minikube, etc.)
    – Various Inspec resource packs

    View Slide

  26. Fails!
    TERMINAL
    > kitchen test
    -----> Starting Kitchen (v2.3.3)

    Waiting for SSH service on 54.93.35.169:22, retrying
    in 3 seconds
    Waiting for SSH service on 54.93.35.169:22, retrying
    in 3 seconds
    Waiting for SSH service on 54.93.35.169:22, retrying
    in 3 seconds
    Waiting for SSH service on 54.93.35.169:22, retrying
    in 3 seconds
    Waiting for SSH service on 54.93.35.169:22, retrying
    in 3 seconds

    View Slide

  27. Passing
    the Test

    View Slide

  28. Pass!
    TERMINAL
    > kitchen test
    -----> Starting Kitchen (v2.3.3)

    Profile: Integration Tests for Application (default)
    ✔ db: Database: check routing from public to private subnet
    ✔ Host 10.128.0.43 port 27017 proto tcp should be reachable
    ✔ Host 10.128.0.43 port 27017 proto tcp should be resolvable
    ✔ Host 10.128.0.43 port 80 proto tcp should not be reachable
    ✔ outbound: Public Subnet: check routing out to public internet
    ✔ HTTP GET on https://hashicorp.com status should cmp == 301
    Profile Summary: 2 successful controls, 0 control failures, 0 controls
    skipped
    Test Summary: 3 successful, 0 failures, 0 skipped

    View Slide

  29. Integration TDD

    Not that fast
    Requires real resources

    Convert theory to reality
    Caught a missing
    component
    Isolate sections of system

    View Slide


  30. End-to-End
    Testing

    View Slide

  31. End-to-End Tests
    ▪ “The Real Deal”
    ▪ Can be manual, fully automated,
    or smoke tests
    ▪ If it starts smoking, it doesn’t work.

    View Slide

  32. TDD it!
    Did it fail?

    View Slide

  33. Tools
    ▪ Terraform-specific tools: terratest, Sentinel
    ▪ Other:
    – Behavior-Driven Development (BDD) Frameworks
    – Can also use native testing frameworks
    – Kubernetes: Sonobuoy conformance tests, local
    environments (KIND, Minikube, etc.)

    View Slide


  34. Final
    Thoughts

    View Slide

  35. Ugh, so much effort.
    ▪ (Yes, it can be.)
    ▪ Unit testing is useless here!
    ▪ I don’t find testing tools for this!
    ▪ Stop with pedantic practices!

    View Slide

  36. [Preaching] TDD is dead.
    So is #YOLO-driven
    development.

    View Slide

  37. Use TDD to Learn
    Infrastructure
    ▪ Confidence in infrastructure-as-code
    ▪ Develop knowledge of infrastructure
    ▪ More useful integration & end-to-end tests
    ▪ Tacit knowledge of a change’s blast radius

    View Slide

  38. Eventually, YDD & TDD of
    infrastructure are dead
    …to you.

    View Slide

  39. joatmon08.github.io/#slides
    Please rate the session!
    Rosemary Wang
    she/her
    Developer Advocate at HashiCorp
    [email protected]
    @joatmon08
    joatmon08
    linkedin.com/in/rosemarywang/
    39

    View Slide