TDD For Infrastructure Code
Atul Joshi
Experienced Technology Leader | Senior Architect @ Western Union | AWS Certified Solutions Architect
Every software development team on the cloud adaption journey would know that their scope of ownership is now increased. Their DevOps engineers are now churning more scripts, sometime more than the application code! These scripts then must ensure that your virtual infrastructure is going to be rock solid, secure, scaleable and compliant.
By practicing the standard application deployment practices, we generally ensure that the code is always integrated, tested, scanned and regular releases are happening. The infrastructure code is still treated as second class citizen. By becoming purist in agile principles, you must start testing your infrastructure code.
So how do we write our infrastructure? AWS CloudFormation, Azure Resource Manager, Chef, Ansible, Vagrant and many such frameworks are available. Depending on your platform and the skills availability you are likely to choose one.
For testing the infrastructure code, recently I explored Kitchen CI test harness used for testing Chef cookbooks/recipes. This harness is very flexible which allows us to use many infrastructure testing frameworks like InSpec and ServerSpec and at the same time supports most virtualization technologies like EC2, docker and vagrant. The harness is actively supported from here. Kitchen is based on the RSpec BDD syntax. For various reasons your team may or may not use Chef, but there are many alternatives like using Cucumber and validating AWS CloudFormation stack outputs.
It is always important to follow TDD workflow of Fail->Refactor/Create->Pass loop even for the infrastructure code. Test harnesses like Kitchen, will definitely help you to make this simple whereas other custom approaches may add some level of complexity. But at the end, it is important that the infrastructure you have created meets non-functional requirements of security, availability, elasticity and compliance (and more). With added level of testing, experts from these fields can contribute to generate the tests and ensure reliability of a system. This process might also serve for your organization's audit needs ensuring compliance at all the levels.
This article just scratches the surface of big topic, but I would be interested to know your thoughts on TDD for infrastructure. It would be also interesting to see if any big cloud provider are already in the process to brings out a service for this purpose.
Product Developer III@ BMC Software | AMI Platform | Product Security, System Design
5 年What my understanding from your blog is that if we can have a TDD approach for insfrastructure setup. In one of the tehnical blogs in ycombinator.com I went through a similar post where it was stated that Infrastructure as Code (IaC) is the concept of codifying your infrastructure via templates and config files. The benefits of doing this is that it is allowing companies to automate building up their IT infrastructure and benefit from software development processes such as requirement definition, version control, continuous integration, and automated testing. It can be implemented using Packer and Serverspec. HashiCorp’s Packer is an open source tool that enables companies to create immutable infrastructure by generating machine images from a configuration file. May be this blog below can give somehow a better picture of what you want to proceed with or thinking of. https://blog.unif.io/test-driven-development-of-infrastructure-code-9146d3d6c780