Everything is Code. Why and how you should test your Terraform

Originally posted on SogetiLabs: https://labs.sogeti.com/everything-is-code-why-and-how-you-should-test-your-terraform/

’ve written in a previous blog that for writing maintainable code, you really should automate your tests. Currently we see Terraform really taking off as the standard to provision and deploy almost everything in cloud like Azure and AWS. In this short blogpost I will show how you can start testing your Terraform code using the Open Policy Agent.

Infrastructure-as-Code

With Terraform, engineers write declarative statements that, when applied, result in for example a network, of a database:

Write Declarative Configuration Files

This obviously is great because you can automate and repeat your steps minimizing the manual labour of setting up services. Next to that, you can reuse components so all provisioned services will adhere to the same standard.

What about standards and compliancy?

In the previous example, a network will be created with some IP range, in a specific location from Google.

If you use any cloud, you should have some policies in place. It is not a free-for-all, do whatever you want, scenario. It could be very important where your data resides. In that case you don’t want to enable teams to deploy in non-compliant regions.

With code however, especially in the sample shown above, it is not directly clear what is allowed. Some examples of questions DevOps team may have are:

  • Am I allowed to create a public IP address on a machine or database?
  • Am I allowed to deploy services in the US or only in Europe?

Worst case, the team finds out when they deploy their services onto their cloud environment. In case of Azure, policies can block a certain location, blocking the entire deployment of their stack.

This means they have to go back to trace why something is wrong, adjust the code, go through all steps again and hope they did not miss anything.

Shift left

One solution to this problem is to test as early as possible. If a team gets feedback on their code, this will save a lot of time in the stages later on. It will also give the teams the confidence they are doing things right!

Open Policy Agent (OPA)

OPA states the following on their website:

Stop using a different policy language, policy model, and policy API for every product and service you use. Use OPA for a unified toolset and framework for policy across the cloud native stack.

Whether for one service or for all your services, use OPA to decouple policy from the service’s code so you can release, analyze, and review policies (which security and compliance teams love) without sacrificing availability or performance.

Source: Open Policy Agent website

Using OPA for testing your Terraform plans

You can use Open Policy Agent for a variety of use cases. Testing Terraform plans is only one of them, but really interesting for DevOps team.

The language for writing the OPA policy is called rego. It is easy to understand and should be relatively simple to learn. To get a grasp, take a look at the explanation of the language on the OPA site: https://www.openpolicyagent.org/docs/latest/policy-language/.

A very complete manual is located at https://www.openpolicyagent.org/docs/latest/terraform/ and helps you understand writing a test.

The great thing about the tool, is that you can use it in your pipelines, running the eval command in for example Azure DevOps. There is even an installertask for Azure Pipelines.

Getting started

If you are using Terraform, just download OPA, and go to the getting started page. Use the given example to test against your own Terraform plan outputs.

Just want to play around with the rego language? The site https://play.openpolicyagent.org/ contains several examples, and makes exploring easy, as it is an online playground without the need for installing anything!

Is low code replacing traditional development?

Originally posted on SogetiLabs: https://labs.sogeti.com/is-low-code-replacing-traditional-development/

Spoiler alert; no.

Low code vs Traditional Dev

My colleague, friend and SogetiLabs Fellow Daniel Laskewitz and I frequently talk about this topic. His field of expertise as Microsoft MVP covers the Microsoft PowerPlatform including low code systems like Power Automate (formerly Flow).

All too often people see a division between low code and traditional development using languages like C#, Java, TypeScript and Go.
In the real world however, these systems work together perfectly.

Most of the times, you cannot solve a problem with only low code. Think about scenario’s where you should link to old legacy systems or complex API calls. In those cases low code without any enhancement cannot natively connect to those systems.

Behold custom connectors

In the Microsoft ecosystems, custom connectors allow you to bridge this gap. This way, the low code system can interact with any system you write a connector for. This may be common knowledge, but the fact is that most developers do not see how big this really is.

This means you can link any PowerApp, Microsoft Flow, or LogicApps to your custom connector, and reuse those within your entire organisation.
You could even publicly publish these if you have a service you want to expose. So if you are an ISV, this can help you get more traction on your product.

Bridging the gap

In the end it all comes down to developers of any system and language understanding the capabilities of the platforms they and their companies are using. For low code developers this means sometimes calling in the help of traditional developers. And more importantly, this also means traditional developers should learn that these low code systems can help you simplify (and thus speed up!) your development by using ready-to-roll systems and connectors available to you.

As there are over 325 connectors available, that should really speed making connections up!

Get started!

Want to explore custom connectors? Look at these resources or feel free to contact me or Daniel, we strongly believe bridging this gap between low code and traditional dev is key for succes in the future of development!

Education in a 5 feet economy

Originally posted on SogetiLabs: https://labs.sogeti.com/education-in-a-5-feet-economy/

Our Prime Minister Mark Rutte prepared us; the 5 feet economy could be here for a while. How does that work in education? And what problems do we see around us?

Technology Leaders

I (try to) teach coworkers and clients on a regular basis, and do this mostly on-site to get the interaction going between everyone in the room, and also to get a sense of how people react to my presentation or my talk. I personally find it hard to get the same feedback while working remotely.

Mind you; we are ‘Technology Leaders‘ and are capable of doing our job and all sessions remotely. We have the tech, but do we really have the same impact? At this moment, we do not have a choice, and have to do things online.

Education Online

As a father-of-three, I see these issues also on the side of education. Kids in pre-school really learn a lot in the classroom, and also from their friends in class. Want to be engaging and keep the attention of your coworkers? Try doing that for 6 or 7-year-olds…

My belief is that, especially for children, learning from each other is key. This cannot be replaced by an online tool. Still, in these ‘5 feet times,’ you have to make concessions. Digital skills are important, so make sure your kids and your friends can work online.

I see schools struggle with Microsoft Teams, Skype, with MOOC environments and with technology in general. I see this as a fail from IT companies; We always talk about inclusion, but it is still difficult to get everyone online working together. We have done a very good job making sure ‘we’ the IT people can do everything online, but we see educators or parents in general struggling with technology.

Help the educators, help each other

Big things start small; My door is always open, and I (time permitting) am always available for a quick tip or some help. Keep in mind that using Teams or Skype or Zoom is second-nature to ‘us’, for some parents or teachers this can be challenging. By helping another parent, simply by explaining how a tool works, you already have one more person that uses the tool. Maybe you can lend out a spare laptop for someone not having those resources. Maybe you can fix their internet, or setup their environment.

Small things count, we can make a difference together.