It would be useful to have an option with the experimental unit test feature to output a plan in JSON format.
This file could then be used with external processors. An example would be to use https://www.conftest.dev/ and perform compliance checks against the plan.
Thanks for the feedback, @allensea!
The terraform test command’s current design is to effectively run the following sequence of steps for each configuration in the tests directory:
terraform apply -auto-approveterraform destroy -auto-approveFrom your description it sounds like you are asking for it to instead behave as if you had run terraform plan -out=tfplan then terraform show -json tfplan for each of those tests, generating a separate JSON-formatted plan for each one, and then feed each of them into corresponding rules written in Rego.
Is that what you intended? If so, I wonder if you’ve tried externally scripting Terraform in the way I just described to see if it allows you to get the effect you intended, using the normal Terraform commands directly instead of the terraform test wrapper harness. If you have success doing that it would be helpful to hear about what worked well and what didn’t work so well so we can think about how best to fold that use-case into the built-in testing command.
Thanks!
I’ve managed to get this working as intended, I was just being thick. Terraform plan and terraform show work as I wanted with Terraform using the test provider.