chore(tests): add an end to end test that uses real terraform plan output

.devcontainer/devcontainer.json

@@ -0,0 +1,30 @@
+{
+	"name": "infra-diff",
+	"image": "mcr.microsoft.com/devcontainers/typescript-node:22",
+	"features": {
+		"ghcr.io/devcontainers/features/docker-outside-of-docker:1": {},
+		"ghcr.io/devcontainers-contrib/features/terraform-asdf:2": {
+			"version": "1.13.4"
+		}
+	},
+	"customizations": {
+		"vscode": {
+			"extensions": [
+				"dbaeumer.vscode-eslint",
+				"esbenp.prettier-vscode",
+				"biomejs.biome",
+				"hashicorp.terraform"
+			],
+			"settings": {
+				"editor.formatOnSave": true,
+				"editor.defaultFormatter": "biomejs.biome"
+			}
+		}
+	},
+	"postCreateCommand": "npm install",
+	"forwardPorts": [50000],
+	"mounts": [
+		"source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind"
+	],
+	"remoteUser": "node"
+}

.github/dependabot.yml

@@ -25,3 +25,10 @@ updates:
     schedule:
       interval: "weekly"
     open-pull-requests-limit: 5
+
+  # Monitor Terraform
+  - package-ecosystem: "terraform"
+    directory: "/e2e/terraform"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5

.github/workflows/ci.yml

@@ -40,9 +40,23 @@ jobs:
       - run: npm test
       - run: npm run test:e2e:file-reading
 
+  test-terraform-integration:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        with:
+          node-version-file: ".nvmrc"
+      - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
+        with:
+          terraform_version: 1.13.4
+      - run: npm ci
+      - name: Run Terraform integration tests
+        run: npm run test:e2e:terraform
+
   validate-action:
     runs-on: ubuntu-latest
-    needs: [lint, test]
+    needs: [lint, test, test-terraform-integration]
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0

.terraform-version

@@ -0,0 +1 @@
+1.13.4

docker-compose.yml

@@ -0,0 +1,15 @@
+---
+version: '3.8'
+
+services:
+  moto:
+    image: motoserver/moto:5.0.0
+    container_name: infra-diff-moto-test
+    ports:
+      - "50000:5000"
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:5000"]
+      interval: 5s
+      timeout: 3s
+      retries: 10
+      start_period: 10s

e2e/terraform-integration.test.ts

@@ -0,0 +1,253 @@
+import { existsSync, rmSync, unlinkSync } from "node:fs";
+import * as fs from "node:fs/promises";
+import * as path from "node:path";
+import {
+	GenericContainer,
+	Network,
+	type StartedNetwork,
+	type StartedTestContainer,
+} from "testcontainers";
+import { afterAll, beforeAll, describe, expect, it } from "vitest";
+import { ParsePlanUseCase } from "../src/domain/usecases/ParsePlanUseCase";
+import { ReadPlanFileUseCase } from "../src/domain/usecases/ReadPlanFileUseCase";
+import { FilesystemAdapter } from "../src/infrastructure/adapters/FilesystemAdapter";
+
+describe("E2E: Terraform Integration with moto", () => {
+	const terraformDir = path.join(process.cwd(), "e2e", "terraform");
+	const planFileRelative = "plan.bin";
+	const planFile = path.join(terraformDir, planFileRelative);
+	const planJsonFileRelative = "plan.json";
+	const planJsonFile = path.join(terraformDir, planJsonFileRelative);
+	let motoContainer: StartedTestContainer;
+	let terraformContainer: StartedTestContainer;
+	let network: StartedNetwork;
+	const motoContainerName = "moto-server";
+
+	// Read Terraform version from .terraform-version file
+	const getTerraformVersion = async (): Promise<string> => {
+		const versionFilePath = path.join(process.cwd(), ".terraform-version");
+		const versionContent = await fs.readFile(versionFilePath, "utf-8");
+		return versionContent.trim();
+	};
+
+	beforeAll(async () => {
+		try {
+			// Get Terraform version from .terraform-version file
+			const terraformVersion = await getTerraformVersion();
+			console.log(`Using Terraform version: ${terraformVersion}`);
+
+			// Create a shared network for containers
+			console.log("Creating Docker network...");
+			network = await new Network().start();
+
+			// Start moto server in the network
+			console.log("Starting moto server...");
+			motoContainer = await new GenericContainer("motoserver/moto:5.0.0")
+				.withNetwork(network)
+				.withNetworkAliases(motoContainerName)
+				.withExposedPorts(5000)
+				.withStartupTimeout(120000)
+				.start();
+
+			const motoPort = motoContainer.getFirstMappedPort();
+			console.log(`Moto server is ready on port ${motoPort}`);
+
+			// Start Terraform container in the same network
+			console.log("Starting Terraform container...");
+			terraformContainer = await new GenericContainer(
+				`hashicorp/terraform:${terraformVersion}`,
+			)
+				.withNetwork(network)
+				.withBindMounts([
+					{
+						source: terraformDir,
+						target: "/terraform",
+						mode: "rw",
+					},
+				])
+				.withWorkingDir("/terraform")
+				.withEntrypoint(["/bin/sh", "-c", "exec sleep infinity"])
+				.withEnvironment({
+					AWS_ACCESS_KEY_ID: "testing",
+					AWS_SECRET_ACCESS_KEY: "testing",
+					AWS_SECURITY_TOKEN: "testing",
+					AWS_SESSION_TOKEN: "testing",
+					AWS_EC2_METADATA_DISABLED: "true",
+				})
+				.withStartupTimeout(60000)
+				.start();
+
+			console.log("Terraform container started");
+
+			// Initialize Terraform
+			console.log("Initializing Terraform...");
+			const initResult = await terraformContainer.exec(["terraform", "init"]);
+			console.log("Init exit code:", initResult.exitCode);
+			if (initResult.exitCode !== 0) {
+				console.error("Init output:", initResult.output);
+				throw new Error(`Terraform init failed: ${initResult.output}`);
+			}
+
+			// Generate plan using moto endpoint accessible from container
+			console.log("Generating Terraform plan...");
+			const planResult = await terraformContainer.exec([
+				"terraform",
+				"plan",
+				`-out=${planFileRelative}`,
+				"-var",
+				`moto_endpoint=http://${motoContainerName}:5000`,
+				"-no-color",
+			]);
+			console.log("Plan exit code:", planResult.exitCode);
+			if (planResult.exitCode !== 0) {
+				console.error("Plan output:", planResult.output);
+				throw new Error(`Terraform plan failed: ${planResult.output}`);
+			}
+
+			// Convert plan to JSON
+			console.log("Converting plan to JSON...");
+			const showResult = await terraformContainer.exec([
+				"terraform",
+				"show",
+				"-json",
+				planFileRelative,
+			]);
+			console.log("Show exit code:", showResult.exitCode);
+			if (showResult.exitCode !== 0) {
+				console.error("Show output:", showResult.output);
+				throw new Error(`Terraform show failed: ${showResult.output}`);
+			}
+
+			// Write the JSON output to file
+			await fs.writeFile(planJsonFile, showResult.output);
+		} catch (error) {
+			console.error("Setup failed:", error);
+			throw error;
+		}
+	}, 120000); // 2 minute timeout for setup
+
+	afterAll(async () => {
+		// Cleanup
+		console.log("Cleaning up...");
+
+		// Have terraform container clean up its own files with proper permissions
+		try {
+			if (terraformContainer) {
+				console.log("Cleaning up terraform files from container...");
+				await terraformContainer.exec([
+					"sh",
+					"-c",
+					"rm -rf /terraform/.terraform /terraform/plan.bin /terraform/plan.json /terraform/.terraform.lock.hcl",
+				]);
+				console.log("Terraform files cleaned from container");
+			}
+		} catch (error) {
+			console.warn("Failed to cleanup from container:", error);
+		}
+
+		// Stop and remove terraform container
+		try {
+			if (terraformContainer) {
+				await terraformContainer.stop();
+				console.log("Terraform container stopped");
+			}
+		} catch (error) {
+			console.error("Failed to stop terraform container:", error);
+		}
+
+		// Stop and remove moto container
+		try {
+			if (motoContainer) {
+				await motoContainer.stop();
+				console.log("Moto container stopped");
+			}
+		} catch (error) {
+			console.error("Failed to stop moto container:", error);
+		}
+
+		// Stop and remove network
+		try {
+			if (network) {
+				await network.stop();
+				console.log("Network stopped");
+			}
+		} catch (error) {
+			console.error("Failed to stop network:", error);
+		}
+
+		// Remove plan files from host
+		try {
+			if (existsSync(planFile)) {
+				unlinkSync(planFile);
+			}
+			if (existsSync(planJsonFile)) {
+				unlinkSync(planJsonFile);
+			}
+		} catch (error) {
+			console.error("Failed to cleanup plan files:", error);
+		}
+
+		// Remove .terraform directory
+		try {
+			const terraformStateDir = path.join(terraformDir, ".terraform");
+			if (existsSync(terraformStateDir)) {
+				rmSync(terraformStateDir, { recursive: true, force: true });
+				console.log(".terraform directory cleaned up");
+			}
+		} catch (error) {
+			// Log error but don't fail - permissions issues in CI can be expected
+			console.warn("Failed to cleanup .terraform directory:", error);
+		}
+
+		// Remove lock file
+		try {
+			const lockFile = path.join(terraformDir, ".terraform.lock.hcl");
+			if (existsSync(lockFile)) {
+				unlinkSync(lockFile);
+			}
+		} catch (error) {
+			console.error("Failed to cleanup lock file:", error);
+		}
+	}, 60000); // 1 minute timeout for cleanup
+
+	it("should parse real Terraform plan output", async () => {
+		// Verify plan JSON file was created
+		expect(existsSync(planJsonFile)).toBe(true);
+
+		// Read the plan file
+		const fileReader = new FilesystemAdapter();
+		const readUseCase = new ReadPlanFileUseCase(fileReader);
+		const readResult = await readUseCase.execute(planJsonFile);
+
+		expect(readResult.path).toBe(planJsonFile);
+		expect(readResult.content).toBeTruthy();
+		expect(readResult.content.length).toBeGreaterThan(0);
+
+		// Parse the plan
+		const parseUseCase = new ParsePlanUseCase();
+		const plan = await parseUseCase.parse(readResult.content);
+
+		// Verify plan structure
+		expect(plan).toBeDefined();
+		expect(plan.formatVersion).toBeTruthy();
+		expect(plan.terraformVersion).toBeTruthy();
+		expect(plan.resourceChanges).toBeDefined();
+		expect(Array.isArray(plan.resourceChanges)).toBe(true);
+
+		// Verify we have the expected SQS queue resource change
+		expect(plan.resourceChanges.length).toBeGreaterThan(0);
+
+		const sqsQueue = plan.resourceChanges.find(
+			(rc) => rc.type === "aws_sqs_queue" && rc.name === "queue",
+		);
+
+		expect(sqsQueue).toBeDefined();
+		expect(sqsQueue?.address).toBe("aws_sqs_queue.queue");
+		expect(sqsQueue?.actions).toContain("create");
+
+		// Verify the queue has expected configuration
+		expect(sqsQueue?.after).toBeDefined();
+		expect(sqsQueue?.after?.name).toBe("test-queue");
+		expect(sqsQueue?.after?.tags).toBeDefined();
+	});
+});

e2e/terraform/backend.tf

@@ -0,0 +1,3 @@
+terraform {
+  backend "local" {}
+}

e2e/terraform/provider.tf

@@ -0,0 +1,12 @@
+provider "aws" {
+  region                      = "us-east-1"
+  skip_credentials_validation = true
+  skip_metadata_api_check     = true
+  skip_requesting_account_id  = true
+
+  endpoints {
+    sts = var.moto_endpoint
+    s3  = var.moto_endpoint
+    sqs = var.moto_endpoint
+  }
+}

e2e/terraform/sqs.tf

@@ -0,0 +1,7 @@
+resource "aws_sqs_queue" "queue" {
+  name = "test-queue"
+  tags = {
+    github = "https://github.com/zpratt/infra-diff.git"
+    random = 1234
+  }
+}

e2e/terraform/variables.tf

@@ -0,0 +1,5 @@
+variable "moto_endpoint" {
+  type        = string
+  description = "The endpoint for the moto server"
+  default     = "http://localhost:5000"
+}

features/end-to-end-with-terraform.md

@@ -0,0 +1,16 @@
+# End to End with Terraform
+
+Goal: Demonstrate how Infra Diff can be used in an end-to-end workflow with Terraform and moto to provide a fake of the AWS API. The goal is to produce a real binary terraform plan, convert it to json, and then run infra-diff against that json plan.
+
+## Context
+
+In this workflow, we will use Terraform to create a simple infrastructure setup on AWS. We will use moto to mock the AWS API, allowing us to generate a binary terraform plan without needing access to a real AWS account. This plan will then be converted to JSON format and analyzed using Infra Diff to identify any potential changes or issues. The test itself should be implemented in typescript, using the infra-diff library to run the analysis programmatically, treating the production code as if it is a complete black box. We should run moto in a docker container to ensure a clean and isolated environment for the test. Everything that is created should be runnable locally with a single command and should also be included in our CI pipeline to ensure consistent results across different environments. I've added example terraform fixtures in the e2e/terraform directory to get started. Ensure you examine the e2e/terraform/provider.tf file to see how to configure terraform to point at the moto server.
+
+## Requirements
+
+- Ensure the pipeline uses setup-terraform action to install terraform
+- Ensure we're testing with the latest version of terraform
+- Use moto server in a docker container to mock AWS API
+- When running locally, create a devcontainer environment that we can use to run the tests with a specific version of node and terraform.
+- Write the test in typescript using infra-diff library to analyze the terraform plan json output.
+- Ensure the entire setup can be run with a single command both locally and in CI.