In this article I describe the overview of Terraform's Drift Detection by tfaction.
https://suzuki-shunsuke.github.io/tfaction/docs/feature/drift-detection
What's tfaction?
https://suzuki-shunsuke.github.io/tfaction/docs/
tfaction is a framework for Monorepo to build high level Terraform Workflows by GitHub Actions. You don't have to run terraform apply in your laptop, and don't have to reinvent the wheel for Terraform Workflows anymore.
What's drift?
In the context of IaC, drift
means the divergence between the code and infrastructure.
Drift harms not only the reliability of the code but also the productivity.
So you should detect and resolve the drift as soon as possible.
In case of Terraform, the drift causes the unexpected changes of terraform plan
. Unexpected changes confuse you and let you handle them.
What's tfaction's Drift Detection?
From tfaction v0.6.0, tfaction supports Drift Detection.
tfaction enables you to detect the drift periodically and manage the drift as GitHub Issues.
This feature is disabled by default. To enable, please see the document.
tfaction creates an Issue per working directory.
tfaction checks if the drift exists at the following timing.
-
apply
workflow-
apply
workflow is run when the pull request is merged - If the job succeeds, the issue is closed.
- If the job fails, the issue is reopened.
-
-
schedule-detect-drifts
workflow-
schedule-detect-drifts
is run periodically - If
terraform plan
has no change, the issue is closed - If the job fails or
terraform plan
has change, the issue is reopened.
-
tfaction reopens the issue when the drift is detected, and closes the issue when the drift is resolved.
tfaction posts a comment and updates the issue description according to the result of the drift detection.
Example 1. An Issue is closed because terraform apply
succeeds and the drift is resolved
Example 2. An Issue is opened because terraform apply
fails
Example 3. Drift is checked by schedule-detect-drifts
periodically
Example 4. The latest comment is reflected to the issue description
Good point
If you already use GitHub Issues for your task management, you can add drift handling into your task management naturally.
You don't have to create issues yourself. You can manage issues in GitHub Projects, adjust the priority, and assign someone to issues.
Issue's comments become the history, so you can track when the drift is raised and which pull request caused the drift.
And comments tell you not only the existence of the drift but also the content of the drift.
You can adjust the frequency of the drift detection, and select workfing directories where the dirft detection is enabled.
Conclusion
In this article I described the overview of Terraform's Drift Detection by tfaction.
About the details, please see the document.
https://suzuki-shunsuke.github.io/tfaction/docs/feature/drift-detection
Top comments (0)