Terraform test: ability to expect overall failures of plan or apply commandΒ #35628
Description
Terraform Version
1.9.4Use Cases
I'm trying to test an AWS IAM role's trust policy. Under certain conditions (how the session is tagged), I expect to be able to assume the role when I configure the AWS provider's assume_role block. Under other conditions, I expect the role assumption to fail and cause the plan to fail. I am happily using terraform test to test the successful cases but, from what I understand, it's not useful for testing the failure cases.
I think it would be generally useful to be able to assert that terraform plan or terraform apply failed, and optionally specify some pattern we expect the error text to match.
Attempted Solutions
I tried using terraform test's expect_failures option, but it only appears to support custom conditions that we define on variables/resources/data sources. I don't see a way to do what I want using that mechanism.
Proposal
No response
References
No response