Terratest coverage for modules

[migara]

Summary

We will create Terratest test code to cover the below modules

VM-Series

• Initial Deployment
• Add/remove routes after deployment
• Add/remove security group rules
• Add/remove interfaces to the firewall
• Add/remove public IP from an interface
• Change userdata parameters
• Add/remove tags
• S3 bootstrapping

Autoscaling

• Initial deployment
• Scale out/in by changing desired/max instances for auto-scaling group
• Change userdata parameters
• Add/remove tags
• Add/remove interfaces
• Add/remove public IPs
• TBD - End-to-end autoscaling testing based on vmseries published metrics

Panorama

• Initial Deployment
• Add/remove interface to Panorama
• Add/remove public IP from the primary interface
• Add/remove logging disk
• Add new tags

ALB

• Initial Deployment
• Add/remove listener rules
• Add/remove members in the target group
• Add/remove tags

NLB

• Initial Deployment
• Add/remove listener rules
• Add/remove members in the target group
• Add/remove tags

VPC

• Initial Deployment
• Brownfield use case with create_vpc set to false
• Add/remove VPC endpoints

TGW

• Initial Deployment
• Brownfield use case for using an existing TGW with create set to false
• Add/remove TGW route tables
• Brownfield use case for using an existing TGW rtb with create set to false

GWLB

• Initial Deployment
• Add/remove GWLB endpoints
• Brownfield use case for using an existing GWLB

[sebastianczech]

Tasks:

• Prepare template of test skeleton
• Prepare tests for modules
  • alb
  • asg
  • bootstrap
  • crosszone_failover
  • gwlb
  • gwlb_endpoint_set
  • nat_gateway_set
  • nlb
  • panorama
  • subnet_set
  • transit_gateway
  • transit_gateway_attachment
  • transit_gateway_peering
  • vmseries
  • vpc
  • vpc_endpoint
  • vpc_route

[sebastianczech]

Proposition of next steps regarding testing VM-Series modules for AWS:

• close all open issues with label tests and stale (besides this issue - Terratest coverage for modules #86)
• after merging PR 2 with samples for Terratest test skeleton:
  • in all Go files in folders examples and tests change import in order to use test skeleton for Terratest - replace github.com/PaloAltoNetworks/terraform-aws-vmseries-modules/go/testskeleton by github.com/PaloAltoNetworks/terraform-modules-vmseries-tests-skeleton/pkg/testskeleton
  • remove Go files with folders from go/testskeleton and go/helpers
• in folder tests, which contains integrations tests for modules:
  • add integration tests for modules, which are working only with terraform plan (this kind of tests are going to be executed for PR CI) - now we don't have such tests for modules at all (only for examples we have it)
  • simplify existing integration tests for modules, which are deploying every module (this kind of tests are going to be executed for Release CI) - now sometimes for 1 module we have multiple tests e.g. for vmseries module we have tests:
    TestOutputForModuleVmseriesWithFullVariables, TestOutputForModuleVmseriesWithMinimumVariables, TestOutputForModuleVmseriesWithS3BootstrappingAndFullVariables. In order to shorten time of testing and limits cloud costs, maybe we should have only 2 kind of tests: TestModuleNNNPlan, TestModuleNNNDeployment.
  • add tests for modules, for which currently we don't have any tests in folder tests e.g. for module nlb
• extend GitHub workflows to execute modules tests from folder tests for PR CI (only plan) and for Release CI (with apply) - now we are not executing any Terratest from folder tests, only from folder examples, which for PR CI are only checking the plan, for Release CI are deploying all examples.

After fulfilling all above steps we can start to think how to prepare E2E tests, in which we can configure VM-Series, deploy spokes VPCs and VMs and finally test traffic flows - inbound, outbound or east-west.