Infrastructure as Code Testing¶
Infrastructure as Code (IaC) testing validates the quality of IaC scripts and the desired state of infrastructure deployments. IaC security tests are also used to identify known vulnerabilities and security misconfigurations in the IaC files. Automated testing of infrastructure code allows teams to efficiently validate IaC scripts before deploying to production.
Characteristics¶
Module Tests¶
Module tests validate individual components in IaC scripts. These tests are used to analyze module configurations and dependencies before execution to ensure that the module code creates the expected resources successfully. Module tests deploy the module resources; validate the deployed resources and configurations; and then tear down any deployed resources.
End-to-End Tests¶
End-to-end (E2E) tests are used to verify the interactions between components of the IaC scripts.
E2E tests validate:
- The desired state of the environment can be achieved
- The full system of deployed resources works collectively as expected before starting to direct traffic to it
IaC Template Validation and Linting¶
When writing IaC, code can have valid syntax, but lack consistency with standards, conventions or organizational practices. Template validation ensures templates pass established standards. For example, the following uses illustrate when a template validation would not pass:
- Parameters that are not available during deployment or blending different code styles
- Different naming conventions, indentation and whitespace
- Hard-coded values
Linting and validation tools are used to perform static code analysis on IaC templates to identify these types of errors in the code.
Examples¶
Automated Infrastructure as Code Testing¶
- The "Reduce errors, improve consistency, and deploy with confidence using codified IaC best practices" solution provides implementations that enable automated IaC testing in Azure cloud deployments. Implementations include module testing, end-to-end testing, and IaC template validation.