0

I am implementing end to end testing with Terraform Test for a Cloud Run solution. The desired outcomes is that a file uploaded to a storage bucket, triggers a pubsub message, which in turn triggers a Cloud Run Service.

Our Cloud Run image responds to pub-sub with a 200 response, this is typically visible in the logs. So I wanted to write a test that inspects the logs to look for this response.

Would anyone please be able to help me understand what the best practice is for testing this kind of functionality?

Currently, I create all the resources to be tested in /tests/setup. This includes a log metric and a policy alert, which i believe I need to be able to inspect the logs.

resource "google_monitoring_alert_policy" "successful_200_response" {
  project      = "wrk-ir1-prd-wrk02-svp-90548"
  display_name = "successful_200_response"
  combiner     = "OR"
  conditions {
    display_name = "Cloud Run 200 Responses Condition"
    condition_threshold {
      filter          = <<EOF
metric.type="logging.googleapis.com/user/cloud-run-200-responses" AND resource.type="cloud_run_revision"
EOF
      comparison      = "COMPARISON_GT"
      threshold_value = 0
      duration        = "60s"
      aggregations {
        alignment_period     = "60s"
        per_series_aligner   = "ALIGN_RATE"
        cross_series_reducer = "REDUCE_SUM"
      }
    }
  }
}

Then I run this e2e-tests.tftest.hcl file:

run "e2e_tests" {
  module {
    source = "./tests/setup"
  }
  assert {
    condition     = google_monitoring_alert_policy.successful_200_response.conditions[0].condition_threshold[0].threshold_value > 0
    error_message = "No 200 HTTP response from Cloud Run on pubsub trigger"
  }
}

This feels very clunky having to create logging and monitoring resources for the testing. The log metric also has to be created ahead of time, as it can take up to 10 minutes to create. So it either slows my pipeline down massively or it means that the tests have requirements outside of their state file. Both very suboptimal outcomes.

Is there a better way to inspect the logs with Terraform Test, I feel like I am missing something! Does anyone know of any better ways to test this?

Improve this question
2
  • 1
    Not a Terraform developer so ... caveat developer. It seems your goal is more easily achieved by filtering the logs for the appropriate entry and using its existence as success. The Google Cloud provider doesn't permit this directly but presumably (!) you can call out either to gcloud (gcloud logging read), using one of the Cloud Logging SDKs, or the API directly, to get this information more directly Commented Dec 21, 2024 at 19:11
  • Yeah agreed, this is how I would like to do it! However, I cant run gcloud commands, as I need the test execution and pass criteria to be all contained within a terraform test execution. Which means I am constrained by what is possible in Terraform and unable to supplement with gcloud commands Commented Dec 23, 2024 at 11:52
Related questions
1
PubSub message against a Python Cloud Run not being acknowledged
0
Pubsub signs the JWT token for push with a wrong key
3
Cloud Scheduler Job hits HTTPS endpoint and logs as it had failed (status 502) but server is returning a success response (status 200)
Load 5 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.