Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
Aaron Lane
@aaron-lane
That's a great quote 😁
Jarryd Took
@troxil
I understand this concept and I am doing that. What I am missing is how to test each whole states which has their own provider. Some times each of those states also refer to other remote states.
I guess the approach for me to essentially duplicate the *.tf files and drop all references to remote states and recreate those resources precisely
Aaron Lane
@aaron-lane
@troxil Kitchen-Terraform is best used to test modules which are intended to be included in larger system modules. Once you're at the system level, especially when you are relying on the remote state of other systems, a more robust monitoring and compliance solution is called for
Jarryd Took
@troxil
100% agree. although one thing to consider is even normal impact analysis
Aaron Lane
@aaron-lane
I'm not sure what you mean by that
Jarryd Took
@troxil
integration tests should very much be a part of any system that you deploy. Did things come up as expected, did your changes break simple things.
maybe you deleted a NAT gateway and you wonder why nothing can reach the internet. Your application won't know anything upstream; you can develop an integration test that deploys your network state and your app state to validate it's got what it needs
Aaron Lane
@aaron-lane
Definitely, and it is possible to reuse the InSpec tests written for a module when testing a larger system, but they should be invoked just by running InSpec
Kitchen-Terraform can very easily destroy environments with no confirmation
Jarryd Took
@troxil
I do not use kitchen terraform (or just kitchen for that matter) to check existing environments
I am building a test harness that includes all of the resources a given module requires and then test it using inspec/awspec/
Aaron Lane
@aaron-lane
I see. I may have misunderstood your original question
Vincent Passaro
@darksheer
@aaron-lane Hey, just wanted to circle back as I got the bastion component working if I use the actual IP address for the bastion_host field. So, it’s jus that the bastion_host: field wont take a variable output from terraform? Is that the limitation?
Aaron Lane
@aaron-lane
Yup. There is an issue tracking the request
@darksheer
Aaron Lane
@aaron-lane
Need to figure out why Gitter is eating my notifications 🕵️‍♀️
Vincent Passaro
@darksheer
@aaron-lane Cheers.
Edward Bartholomew
@edwardbartholomew
Thanks for the deps updates you're working on @aaron-lane Had just run into yesterday when I rebuilt our kitchen-terraform container under 2.3.x ... as was docker, was easy enough to switch to ruby 2.4 base image but I think that's great if you can keep minimum at 2.3
Aaron Lane
@aaron-lane
@edwardbartholomew I have some bad news for you... Ruby 2.3 reaches end of life on 2019-03-31
🤾
Edward Bartholomew
@edwardbartholomew
So long and thanks for all the memories Ruby 2.3!
Aaron Lane
@aaron-lane
v4.4.0 has been released. You can now specify the driver client, which means terraform no longer has to be on the PATH, and terragrunt is a viable option :beers:
Next up: automatic downloads of terraform :scream_cat:
Aaron Lane
@aaron-lane
Or not. But v4.5.0 and v4.6.0 are both out :trumpet:
@superyarick @aaronlippold #173 is about to be fixed with v4.7.0
Yarick Tsagoyko
@yarick
@aaron-lane👍
Aaron Lane
@aaron-lane
Which is old news, because we're up to v4.9.0 now!
And v5.0.0 is coming up
🤡
Aaron Lane
@aaron-lane
@tbugfinder yes, thank you. Early morning releases :zzz:
tdsacilowski
@tdsacilowski

Hi all! I have a question regarding backend-configurations, specifically interacting with Terraform's remote backend. I've posted my question as a follow-on to this thread: newcontext-oss/kitchen-terraform#341. A colleague of mine also mentioned you all have a gitter room so I figured I'd post here as well. Thanks!

Hi there, I have an additional question on this topic... and forgive me if I misunderstand how some of this configuration works, still wrapping my head around kitchen-terraform.

Makes sense that you'd define the backend type in your Terraform configuration file and just pass specific parameters for it through your kitchen.yml file. One area where I see an issue though is with the remote backend type.

This type takes a number of configuration parameters, one of them being workspaces, which is configured as a block. The documentation for Class: Kitchen::Driver::Terraform indicates that backend_configurations is of the type "Mapping of scalars to scalars", which seems to indicate that I can't have a nested block here.

This would be especially useful for setting a prefix to be added to the workspaces that kitchen-terraform creates via the CLI, since the remote backend also supports a CLI-driven workflow for interfacing with Terraform Cloud and Terraform Enterprise.

Curious if this is supported and if maybe I'm just missing something?

For reference, I tried the following in my kitchen.yml file:

---
driver:
  name: terraform

  backend_configurations:
    organization: teddyruxpin
    hostname:     app.terraform.io
    workspaces:
      prefix: kt-validate
...

And received the following error response:

Dev/ptfe-testing/terraform-gcp via 🛠 default took 3s
❯ bundle exec kitchen verify
-----> Starting Kitchen (v1.25.0)
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::UserError
>>>>>> Message: Kitchen::Driver::Terraform configuration: backend_configurations {:value=>["must be a hash which includes only symbol keys and string values"]}
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration
Aaron Lane
@aaron-lane
@tdsacilowski sorry for the delay! I replied a couple of days ago https://github.com/newcontext-oss/kitchen-terraform/issues/341#issuecomment-504443780
tdsacilowski
@tdsacilowski
Hi @aaron-lane thanks for the heads-up! I did see your reply and there are a few things I'm working on on my end and will update the ticket shortly.
tbugfinder
@tbugfinder
Hi, while running kitchen verify I noticed that some output of inspec might get reduced (using ...), e.g. while testing many tags of an ec2 instance. Is there any setting to get always full output or is this more an inspec question?
Aaron Lane
@aaron-lane
@tbugfinder it's a both question. 😊 It may be a matter of changing the reporter which you can configure in the Kitchen configuration file
Brian G. Shacklett
@bgshacklett
My apologies if this has been discussed already, but does anyone know what effect, if any, Chef's new license policy has on using Kitchen-Terraform?
I.e., is it required to license Chef due to Inspec being used?
Aaron Lane
@aaron-lane
@bgshacklett I don't believe it has been discussed. As far as I am aware, the license only applies to the inspec-bin gem, whereas we use the plain inspec gem
Brian G. Shacklett
@bgshacklett
One thing that's interesting about that gem is that it has a runtime dependancy on https://rubygems.org/gems/license-acceptance. While I've never seen a request to accept a license when installing, that is a bit concerning.
Purple90
@Purple90
I just wanted to see if I am doing something wrong. I am running through the tutorial here - https://newcontext-oss.github.io/kitchen-terraform/getting_started.html and the tests are failing at the last step.
  ×  file_check: File .kitchen/kitchen-terraform/kt-suite-terraform/foobar
     ×  File .kitchen/kitchen-terraform/kt-suite-terraform/foobar should exist
     expected File .kitchen/kitchen-terraform/kt-suite-terraform/foobar to exist
I do see foobar, but it is here
test/fixtures/tf_module/foobar
Jeff
@jeffcampbell
Anyone using kitchen-terraform with GCP? I am wondering if it always creates a new project when switching to a new workspace. Due to the nature of our terraform implementation we are strict with our resourcemanager.projectCreator roles. data.terraform_remote_state.organization: Refreshing state... google_project.project: Creating...
Aaron Lane
@aaron-lane
@Purple90 oh no, the tutorial may be out of date 😥thanks for pointing that out
@jeffcampbell 👋we spoke out of band, but for the benefit of the rest of the group, the use of workspaces means that all resources in the graph of the root_module_directory will be created specifically for the Kitchen Terraform instance