DEV Community

Shunsuke Suzuki
Shunsuke Suzuki

Posted on • Updated on

Terraform's Drift Detection by tfaction

#terraform

In this article I describe the overview of Terraform's Drift Detection by tfaction.

https://suzuki-shunsuke.github.io/tfaction/docs/feature/drift-detection

image

What's tfaction?

https://suzuki-shunsuke.github.io/tfaction/docs/

tfaction is a framework for Monorepo to build high level Terraform Workflows by GitHub Actions. You don't have to run terraform apply in your laptop, and don't have to reinvent the wheel for Terraform Workflows anymore.

What's drift?

In the context of IaC, drift means the divergence between the code and infrastructure.
Drift harms not only the reliability of the code but also the productivity.
So you should detect and resolve the drift as soon as possible.

In case of Terraform, the drift causes the unexpected changes of terraform plan. Unexpected changes confuse you and let you handle them.

What's tfaction's Drift Detection?

From tfaction v0.6.0, tfaction supports Drift Detection.
tfaction enables you to detect the drift periodically and manage the drift as GitHub Issues.

This feature is disabled by default. To enable, please see the document.

tfaction creates an Issue per working directory.
tfaction checks if the drift exists at the following timing.

  • apply workflow
    • apply workflow is run when the pull request is merged
    • If the job succeeds, the issue is closed.
    • If the job fails, the issue is reopened.
  • schedule-detect-drifts workflow
    • schedule-detect-drifts is run periodically
    • If terraform plan has no change, the issue is closed
    • If the job fails or terraform plan has change, the issue is reopened.

tfaction reopens the issue when the drift is detected, and closes the issue when the drift is resolved.
tfaction posts a comment and updates the issue description according to the result of the drift detection.

Example 1. An Issue is closed because terraform apply succeeds and the drift is resolved

image

Example 2. An Issue is opened because terraform apply fails

image

Example 3. Drift is checked by schedule-detect-drifts periodically

image

image

Example 4. The latest comment is reflected to the issue description

image

Good point

If you already use GitHub Issues for your task management, you can add drift handling into your task management naturally.
You don't have to create issues yourself. You can manage issues in GitHub Projects, adjust the priority, and assign someone to issues.

Issue's comments become the history, so you can track when the drift is raised and which pull request caused the drift.
And comments tell you not only the existence of the drift but also the content of the drift.

You can adjust the frequency of the drift detection, and select workfing directories where the dirft detection is enabled.

Conclusion

In this article I described the overview of Terraform's Drift Detection by tfaction.
About the details, please see the document.

https://suzuki-shunsuke.github.io/tfaction/docs/feature/drift-detection

Top comments (0)

Read next

femilawal profile image

Navigating AWS EKS with Terraform: Understanding EKS Cluster Configuration

Oluwafemi Lawal -

edwardmercado profile image

Unveiling the Kubernetes Resume Challenge: A Quest for Professional Growth - Extra Steps

Edward Allen Mercado -

edwardmercado profile image

Unveiling the Kubernetes Resume Challenge: A Quest for Professional Growth - Part 2

Edward Allen Mercado -

justinepdevasia profile image

Building HashiCorp Nomad Cluster in Vultr Cloud using Terraform

justinepdevasia -