You have many options to use when it comes to testing and validating your Terraform configurations and modules. The newest addition to these options is the native Terraform testing framework. This in combination with custom conditions, check blocks, and policies allow for creating robust infrastructure-as-code. This post is a comprehensive guide to testing and validation in Terraform.

This week I attended HashiConf in San Francisco. In this post I summarize my experience and what I thought about the conference!

In this post I compare how to import resources into your Terraform state using the traditional CLI-driven method with the new method using import blocks. This is a new feature in Terraform 1.5 and as we will see an improvement over the traditional method.

What’s up with the new Terraform Cloud pricing model?

Azure Bicep is constantly evolving. The latest release brought a preview of user-defined functions, but in this post I am using modules as a substitute for user-defined functions. I will create Kubernetes deployments through a module, where the module is as close to a function as you can come. I will also be using another experimental feature of Bicep: user-defined types.

In this post I will go through an example of how you can promote releases between different GitOps environments. The sample application I use consists of a simple Helm chart. I will use Argo CD as my GitOps operator. Automation workflows are created using GitHub Actions.

In this post I show how I have created a few custom GitHub actions to allow me to create workspaces in Terraform Cloud automatically as well as triggering runs and applying variable sets to my workspace. I go through details about how to create custom GitHub actions using the Docker action type. I also show a complete GitHub workflow where I use my custom actions to automatically create new Terraform Cloud workspaces when a pull request is opened, and to automatically delete the workspace when the pull request is closed.

In this post I will demonstrate how HashiCorp Vault can be used to generate temporary credentials to Azure from a GitHub Actions workflow. The workflow will ask Vault to create a temporary service principal with associated credentials that GitHub can use. The service principal is deleted after a few minutes, and no permanent credentials to Azure remain.

Let’s take a look at what Google considers to be best-practices when working with Terraform. The list is long, but I will only highlight a few that I find most important.

A summary of my Kubernetes-101 series of articles!