With the acme example of having infrastructure-modules-multi-account-acme hold the “blueprints” and infrastructure-live-multi-account-acme “instantiate” them makes sense, but where do you introduce holistic testing with Terratest?
Typically, infrastructure-modules
combines a bunch of small modules from other repos (e.g., from the Gruntwork Infrastructure as Code Library). Those modules should each have their own automated tests. You can think of those as the “unit tests,” though infrastructure testing doesn’t really have pure unit testing.
The next level up is to have tests for the modules in the infrastructure-modules
repo itself. These are tests validating that several of your modules work together, so you can think of them as your “integration tests.” You’ll need to find ways to “mock” dependencies of one module on another; e.g., if you have a db
module in infrastructure-modules
that looks up VPC/subnet data created by a vpc
module, you’ll want to make it possible to override that data so you can provide it automatically at test time without having to run the vpc
module itself.
Finally, the top level is to test the code in infrastructure-live
. These would be your end-to-end tests, as they are validating how everything works together. In practice, deploying your entire architecture from scratch can be a bit too slow/brittle, so typically, these tests run each change against an existing environment that is already up and running, so you are just checking that the latest increment of change has broken anything.