TFDriftAgent

Overview

TFDriftAgent is a Python-based application designed to monitor and report drift in Terraform deployments. It utilizes Terraform for infrastructure management and git for version control, integrating with Prometheus for metrics reporting. The app dynamically schedules drift checks at specified intervals and reports on any discrepancies between the intended state (as defined in the Terraform code) and the actual state of the infrastructure.

Features

• Drift Detection: Automatically detects drift in Terraform deployments.
• Git Integration: Clones and checks repositories for the latest Terraform states.
• Terraform Integration: Uses Terraform to compare the actual state with the expected state.
• Metrics Reporting: Integrates with Prometheus to report drift metrics.
• Configurable Scheduling: Allows scheduling of drift checks at configurable intervals.
• Logging and Error Handling: Robust logging and error handling for troubleshooting.

Prerequisites

• Python 3.x
• Terraform
• git
• Prometheus, or any other metrics reporting tool capable of using the Prometheus scrape point format, for example Datadog.

Installation

• Clone the repository: git clone [email protected]:cdemers/TFDriftAgent.git
• Navigate to the cloned directory: cd TFDriftAgent/src
• Install dependencies: pip install -r requirements.txt (You might want to use a virtual environment)

Configuration

• Create a config.yaml file in the src root directory, or set the APP_CONFIG environment variable to the path of the configuration file.
• Specify the infrastructure deployments, Git repository details, scheduling intervals, and Prometheus configuration.
• Example:

infrastructure_deployments:
  - name: "example_deployment"
    enabled: true
    git:
      repo_url: "https://example.com/repo.git"
      branch: "main"
      ssh_key: "/path/to/ssh/key"
    drift_check_interval: 30 # in minutes
    ...
server:
  host: "localhost"
  port: 5000

Usage

• Run the application: python agent.py
• Use command-line arguments to specify the config file and log level:
  • -c, --config (env. var APP_CONFIG) to specify the configuration file path. Defaults to config.yaml in the src root directory.
  • -l, --loglevel (env. var APP_LOGLEVEL) to set the logging level (DEBUG, INFO, WARNING, ERROR, CRITICAL).

API

• The application hosts a RESTful API for real-time monitoring and control.
• Access the API at http://[host]:[port] as defined in the configuration.

Prometheus Integration

• The app exposes various metrics for Prometheus scraping.
• Metrics include drift detected changes, successful/error drift checks, and check durations.

Logging

The application logs important events and errors, aiding in troubleshooting and monitoring.

Contributing

Contributions to improve TFDriftAgent are welcome. Please follow the standard git workflow for contributions.

Pending Features

These features are planned for future releases:

• Support authentication for the Prometheus scrape point.
• Logs sanitization for sensitive data.
• Complete exception handling.
• Complete signal handling.
• Remove the GitPython workaround once the issue is resolved upstream.
• Add minimal unit and integration tests.

License

This project is licensed under the MIT License. See the LICENSE file in the project root for more information.