Terraform test assertions fail when conditions evaluate to false during test execution. This prevents test files from passing and indicates mismatched expected vs actual values in your test configuration.
A test assertion failure occurs when the condition expression in a Terraform test run block evaluates to false. Terraform's testing framework (available in v1.6+) validates your infrastructure configuration by creating temporary resources and checking them against defined assertions. When any assertion condition returns false, the test fails and displays the associated error message. This is the primary way Terraform reports test failures.
When a test fails, Terraform displays the line number, the condition that failed, and the custom error_message. Write down the exact value that was received and what was expected. This will help you identify the root cause quickly.
Double-check your test assumptions. For example, if asserting resource.name == "expected-name", verify that your configuration actually produces "expected-name". Test your Terraform plan separately to see actual values:
terraform plan -json | grep -i nameEnsure you are comparing compatible types. A common error is comparing a boolean to a string: local.enabled == "true" will fail because the actual value is boolean true, not string "true". Fix this by removing quotes or using tostring():
# Wrong
assert {
condition = local.enabled == "true"
}
# Correct
assert {
condition = local.enabled == true
}If your assert block references a resource that fails a validation, the assertion won't be reached. Make sure all values you're asserting on are actually computed. If using expect_failures, separate those from assert blocks:
# Bad: mixing expect_failures with assert on same resource
run "test" {
expect_failures = [ var.name ]
assert {
condition = aws_instance.example.id != null # Never evaluated
}
}
# Good: separate test runs
run "expect_invalid" {
expect_failures = [ var.name ]
}
run "assert_valid" {
assert {
condition = aws_instance.example.id != null
}
}Update your error_message to include the actual value received for better debugging:
assert {
condition = aws_instance.example.tags["Name"] == "prod-server"
error_message = "Expected tag Name=prod-server but got ${aws_instance.example.tags["Name"]}"
}Catch configuration syntax errors early before running tests. These tools should never fail in your pipeline:
terraform fmt -check .
terraform validate
terraform plan -out=tfplan
terraform testFor complex assertions with multiple conditions, use the alltrue() function to combine them cleanly. When dealing with sensitive values, note that error messages may not display the actual sensitive value for security reasons, making debugging harder. Consider using nonsensitive() in test code only. In Terraform versions before 1.12.0, assertions with complex variable references could crash; ensure you're on a recent version. The test framework creates and destroys real infrastructure per test, so use testing providers or local-only resources when possible to keep costs down.
Error: Error installing helm release: cannot re-use a name that is still in use
How to fix "release name in use" error in Terraform with Helm
Error: Error creating GKE Cluster: BadRequest
BadRequest error creating GKE cluster in Terraform
Error: External program failed to produce valid JSON
External program failed to produce valid JSON
Error: Unsupported argument in child module call
How to fix "Unsupported argument in child module call" in Terraform
Error: network is unreachable
How to fix "network is unreachable" in Terraform