sassoftware
diff --git a/‎Dockerfile.terratest‎
Lines changed: 3 additions & 2 deletions b/‎Dockerfile.terratest‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎docs/user/TerratestDockerUsage.md‎
Lines changed: 59 additions & 5 deletions b/‎docs/user/TerratestDockerUsage.md‎
Lines changed: 59 additions & 5 deletions
diff --git a/‎docs/user/TestingPhilosophy.md‎
Lines changed: 46 additions & 6 deletions b/‎docs/user/TestingPhilosophy.md‎
Lines changed: 46 additions & 6 deletions
diff --git a/‎test/defaultapply/default_apply_main_test.go‎
Lines changed: 21 additions & 0 deletions b/‎test/defaultapply/default_apply_main_test.go‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎test/defaultapply/resource_group_test.go‎
Lines changed: 51 additions & 0 deletions b/‎test/defaultapply/resource_group_test.go‎
Lines changed: 51 additions & 0 deletions
@@ -1,6 +1,6 @@
 FROM golang:1.24
 
-# Install terraform from apt repository and terratest_log_parser
+# Install terraform from apt repository, terratest_log_parser, jq, azure-cli
 RUN \
     apt-get update \
     && apt-get install -y jq lsb-release \
@@ -11,7 +11,8 @@ RUN \
     && apt update \
     && apt install terraform \
     && ssh-keygen -f ~/.ssh/id_rsa -P "" \
-    && go install github.com/gruntwork-io/terratest/cmd/terratest_log_parser@latest
+    && go install github.com/gruntwork-io/terratest/cmd/terratest_log_parser@latest \
+    && curl -sL https://aka.ms/InstallAzureCLIDeb | bash
 
 WORKDIR /viya4-iac-azure/test
 
 
@@ -21,14 +21,24 @@ The Docker image `viya4-iac-azure-terratest` will contain Terraform and Go execu
 ### Docker Environment File for Azure Authentication
 
 Follow either one of the authentication methods that are described in [Authenticating Terraform to access Azure](./TerraformAzureAuthentication.md), and create a file with the authentication variable values to use with container invocation. Store these values outside of this repository in a secure file, such as
-`$HOME/.azure_docker_creds.env`. Protect that file with Azure credentials so that only you have Read access to it. **NOTE**: Do not use quotation marks around the values in the file, and be sure to avoid any trailing blank spaces.
+`$HOME/.azure_docker_creds.env`.
+
+**NOTE**: Do not use quotation marks around the values in the file, and be sure to avoid any trailing blank spaces.
+
+#### Public Access Cidrs Environment File
+
+In order to run  ```terraform apply``` integration tests, you will also need to define your ```TF_VAR_public_cidrs``` as described in [Admin Access](../CONFIG-VARS.md#admin-access), and create a file with the public access cidr values to use with container invocation.  Store these values in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) outside of this repository in a secure file, such as `$HOME/.azure_public_cidrs.env`. Protect that file with public access cidr values so that only you have Read access to it. Below is an example of what the file should look like.
+
+```bash
+TF_VAR_public_cidrs=["123.456.7.8/16", "98.76.54.32/32"]
+```
 
 Now each time you invoke the container, specify the file with the [`--env-file`](https://docs.docker.com/engine/reference/commandline/run/#set-environment-variables--e---env---env-file) option to pass Azure credentials to the container.
 
 ### Docker Volume Mounts
 
-Run the following command:  
-`--volume="$(pwd)":/viya4-iac-azure`  
+To mount the current working directory, add the following argument to the docker run command:
+`--volume="$(pwd)":/viya4-iac-azure`
 Note that the project must be mounted to the `/viya4-iac-azure` directory.
 
 ## Command-Line Arguments
@@ -42,9 +52,9 @@ The `terratest_docker_entrypoint.sh` script supports several command-line argume
 
 ## Running Terratest Commands
 
-### Running the Default Tests
+### Running the Plan Tests
 
-To run the default suite of unit tests (only `terraform plan`), run the following Docker command:
+To run the suite of unit tests (only `terraform plan`), run the following Docker command:
 
 ```bash
 # Run from the ./viya4-iac-azure directory
@@ -54,6 +64,20 @@ docker run --rm \
   viya4-iac-azure-terratest
 ```
 
+### Running the Apply Tests
+
+To run the suite of integration tests (only `terraform apply`), run the following Docker command:
+
+```bash
+# Run from the ./viya4-iac-azure directory
+docker run --rm \
+  --env-file=$HOME/.azure_docker_creds.env \
+  --env-file=$HOME/.azure_public_cidrs.env \
+  --volume "$(pwd)":/viya4-iac-azure \
+  viya4-iac-azure-terratest \
+  -r=".*Apply.*"
+```
+
 ### Running a Specific Go Test
 
 To run a specific test, run the following Docker command with the `-r` option:
@@ -62,12 +86,27 @@ To run a specific test, run the following Docker command with the `-r` option:
 # Run from the ./viya4-iac-azure directory
 docker run --rm \
   --env-file=$HOME/.azure_docker_creds.env \
+  --env-file=$HOME/.azure_public_cidrs.env \ #env file for integration tests
   --volume "$(pwd)":/viya4-iac-azure \
   viya4-iac-azure-terratest \
   -r="YourTest"
 ```
 To run multiple tests, pass in a regex to the `-r` option - "TestName1|TestName2|TestName3"
 
+####  Running a Specific Integration Go Test
+
+To run a specific integration test, modify the main test runner function (e.g. YourIntegrationTestMainFunction) to define the test name you desire and run the following Docker command with the `-r` option:
+
+```bash
+# Run from the ./viya4-iac-azure directory
+docker run --rm \
+  --env-file=$HOME/.azure_docker_creds.env \
+  --env-file=$HOME/.azure_public_cidrs.env \
+  --volume "$(pwd)":/viya4-iac-azure \
+  viya4-iac-azure-terratest \
+  -r="YourIntegrationTestMainFunction"
+```
+
 ### Running a Specific Go Package and Test
 
 If you want to specify the Go package and test name, run the following Docker command with the following options:
@@ -82,6 +121,21 @@ docker run --rm \
   -p="YourPackage"
 ```
 
+####  Running a Specific Integration Go Package and Test
+
+To run a specific integration Go package and test name, modify the main test runner function in the desired packaged to define the test name you want and run the following Docker command with the following options:
+
+```bash
+# Run from the ./viya4-iac-azure directory
+docker run --rm \
+  --env-file=$HOME/.azure_docker_creds.env \
+  --env-file=$HOME/.azure_public_cidrs.env \
+  --volume "$(pwd)":/viya4-iac-azure \
+  viya4-iac-azure-terratest \
+  -r="YourIntegrationTestMainFunction" \
+  -p="YourPackage"
+```
+
 ### Running the Go Tests with verbose mode
 
 If you want to run the tests in verbose mode, run the Docker command with the `-v` option:
 
@@ -15,7 +15,7 @@ The unit tests in this project are designed to quickly and efficiently verify th
 
 The unit tests are written as [table-driven tests](https://go.dev/wiki/TableDrivenTests) so that they are easier to read, understand, and expand. The tests are divided into two packages, [defaultplan](../../test/defaultplan) and [nondefaultplan](../../test/nondefaultplan).
 
-The test package defaultplan validates the default values of a Terraform plan. This testing ensures that there are no regressions in the default behavior of the code base. The test package nondefaultplan modifies the input values before running the Terraform plan. After generating the plan file, the test verifies that it contains the expected values. Both sets of tests are written to be table-driven.
+The test package defaultplan validates the default values of a `terraform plan`. This testing ensures that there are no regressions in the default behavior of the code base. The test package nondefaultplan modifies the input values before running the Terraform plan. After generating the plan file, the test verifies that it contains the expected values. Both sets of tests are written to be table-driven.
 
 To see an example, look at the `TestPlanStorage` function in the defaultplan/storage_test.go file that is shown below.
 
@@ -59,19 +59,59 @@ To create a unit test, you can add an entry to an existing test table if it's re
 
 ### Integration Testing
 
-The integration tests are designed to thoroughly verify the code base using `terraform apply`. Unlike the unit tests, these tests provision resources in cloud platforms. Careful consideration is required to avoid unnecessary infrastructure costs.
-
-These test are still a work-in-progress. We will update these sections once we have more examples to reference.
+The integration tests are designed to thoroughly verify the code base using `terraform apply`. The tests are intended to validate that the cloud provider creates the expected resources. Unlike the unit tests, these tests provision resources through the cloud provider. Careful consideration is required to avoid unnecessary infrastructure costs. The integration test framework is designed to optimize resource utilization and reduce associated costs by enabling multiple test cases to run against a single provisioned resource group, provided the test cases are compatible with the resource’s configuration and state.
 
 ### Integration Testing Structure
 
-These test are still a work-in-progress. We will update these sections once we have more examples to reference.
+The integration tests are also written as [table-driven tests](https://go.dev/wiki/TableDrivenTests) so that they are easier to read, understand, and expand. The tests are divided into two packages, [defaultapply](../../test/defaultapply) and [nondefaultapply](../../test/nondefaultapply).
+
+The test package defaultapply validates that the provisioned resources match the default configuration values. The test package nondefaultapply validates that, when given non-default input configuration values, the provisioned resources match the input configuration values. This level of integration testing ensures the cloud provider is correctly creating the resources via Terraform.
+
+### Resource Management
+
+As running `terraform apply` provisions infrastructure, it inherently incurs costs. To manage and minimize these expenses, it is essential that our testing framework optimizes resource utilization and ensures proper teardown and cleanup of any infrastructure created during testing.
+
+To support this, we have implemented main function test runners for our integration tests that handle the setup of the testing environment by provisioning resources based on the provided Terraform options. These runners also include deferred cleanup routines that automatically decommission resources once tests are completed.
+
+We encourage developers contributing integration tests to be mindful of resource usage. Add your tests to the defaultapply suite if no configuration changes are needed.  If testing non default options, please modify the nondefault suite as long as the new options do not conflict with the existing overrides. If the existing packages do not fit your testing needs, please add a new non default apply package, test runner, and test suite for your unique option configuration.
+
+### Error Handling
+
+Terratest provides some flexibility with how to [handle errors](https://terratest.gruntwork.io/docs/testing-best-practices/error-handling/). Every method in Terratest comes in two versions (e.g., `terraform.Apply` and `terraform.ApplyE` )
+
+* `terraform.Apply`: The base method takes a `t *testing.T` as an argument. If the method hits any errors, it calls `t.Fatal` to fail the test
+* `terraform.ApplyE`: Methods that end with the capital letter `E` always return an error as the last argument and never call `t.Fatal` themselves. This allows you to decide how to handle errors.
+
+We recommend using the capital letter `E` version of Terratest methods. This allows the test to handle the error rather than immediately calling `t.Fatal`. `t.Fatal` causes test run to exit, preventing other tests from running and stopping the deferred cleanup routine from being executed.
+
+Here's an example of how we handle terratest method calls:
+
+```go
+resourceGroup, err := azure.GetAResourceGroupE(resourceGroupName, os.Getenv("TF_VAR_subscription_id"))
+	if err != nil {
+		t.Errorf("Error: %s\n", err)
+	}
+}
+```
+
+### Adding Integration Tests
+
+To create an integration test, you can add a new test file with your table tests to the appropriate package and update the desired main function test runner to call and run your test.  If you don't see a main function test runner that fits your needs, you are welcome to create a new package, main function test runner, and test suite in a similar format.
+
+Below is an example of a possible structure for the new package, main function test runner, and test suite:
+
+    .
+    └── test/
+        └── nondefaultapply/
+            └── nondefaultapplycustomconfig/
+                ├── non_default_apply_custom_config_main_test.go
+                └── test_custom_config.go
+
 
 ## How to Run the Tests Locally
 
 Before changes can be merged, all unit tests must pass as part of the SAS CI/CD process. Unit tests are automatically run against every PR using the [Dockerfile.terratest](../../Dockerfile.terratest) Docker image. Refer to [TerratestDockerUsage.md](./TerratestDockerUsage.md) document for more information about running the tests locally.
 
-
 ## Additional Documents
 
 * [Go Table-Driven Testing](https://go.dev/wiki/TableDrivenTests)
 
@@ -0,0 +1,21 @@
+// Copyright © 2025, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package defaultapply
+
+import (
+	"test/helpers"
+	"testing"
+)
+
+func TestApplyDefaultMain(t *testing.T) {
+	// terrafrom init and apply using the default configuration
+	terraformOptions, plan := helpers.InitPlanAndApply(t, nil)
+
+	// deferred cleanup routine for the resources created by the terrafrom init and apply after the test have been run
+	defer helpers.DestroyDouble(t, terraformOptions)
+
+	// Drop in new test cases here
+	testApplyResourceGroup(t, plan)
+	testApplyVirtualMachine(t, plan)
+}
@@ -0,0 +1,51 @@
+// Copyright © 2025, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package defaultapply
+
+import (
+	"os"
+	"test/helpers"
+	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/azure"
+	"github.com/gruntwork-io/terratest/modules/terraform"
+	"github.com/stretchr/testify/assert"
+)
+
+func testApplyResourceGroup(t *testing.T, plan *terraform.PlanStruct) {
+	resourceMapName := "azurerm_resource_group.aks_rg[0]"
+	resourceGroupName := helpers.RetrieveFromPlan(plan, resourceMapName, "{$.name}")()
+	resourceGroup, err := azure.GetAResourceGroupE(resourceGroupName, os.Getenv("TF_VAR_subscription_id"))
+	if err != nil {
+		t.Errorf("Error: %s\n", err)
+	}
+
+	// validate resource group resource from the cloud provider match the plan
+	tests := map[string]helpers.ApplyTestCase{
+		"resourceGroupExistsTest": {
+			Expected:       nil,
+			Actual:         resourceGroup,
+			AssertFunction: assert.NotEqual,
+			Message:        "Resource group does not exist",
+		},
+		"resourceGroupLocationTest": {
+			ExpectedRetriever: helpers.RetrieveFromPlan(plan, resourceMapName, "{$.location}"),
+			ActualRetriever:   helpers.RetrieveFromStruct(resourceGroup, "Location"),
+			Message:           "Resource group location is incorrect",
+		},
+		"resourceGroupNameTest": {
+			Expected:        resourceGroupName,
+			ActualRetriever: helpers.RetrieveFromStruct(resourceGroup, "Name"),
+			Message:         "Resource group name is incorrect",
+		},
+		"resourceGroupIdTest": {
+			Expected:        "nil",
+			ActualRetriever: helpers.RetrieveFromStruct(resourceGroup, "ID"),
+			AssertFunction:  assert.NotEqual,
+			Message:         "Resource group ID is nil",
+		},
+	}
+
+	helpers.RunApplyTests(t, tests)
+}