• Stars
    star
    102
  • Rank 335,584 (Top 7 %)
  • Language
    JavaScript
  • License
    GNU Affero Genera...
  • Created over 6 years ago
  • Updated almost 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Get told when your Terraform config doesn't match reality

terradiff

CircleCI build of master Docker Repository on Quay

Get told when reality no longer matches your Terraform configuration.

This project is not ready for general use. This README is an infelicitous mix of documentation, plans, aspirations, and notes to self.

Why you might want this

Say you've got some Terraform configuration in a Git repository somewhere.

You will have some way of applying this configuration to your environments. You might run terraform manually, you might run it from CI, or you might use a tool like Atlantis.

No matter which of these you do, there might still be times when your actual environment will differ from what you intend in your configuration. Perhaps the config fails to apply. Perhaps someone made a direct change to the environment, circumventing your Terraform.

When this happens, you want to be told. In fact, you want to be alerted, so you can take whatever action is necessary to reconcile your configuration and reality.

What this does

When deployed, terradiff monitors a Terraform configuration and runs terraform plan every so often (every 2 minutes, say). It exports a Prometheus gauge, terradiff_plan_exit_code, that indicates whether terraform plan succeeded with no diff (0), failed due to some kind of error (1), or succeeded with some kind of diff (2). See the terraform plan manual for more details.

You can then configure a Prometheus alert that will tell you when there's a diff, or when the diffing process is broken.

terradiff also serves a simple web UI that shows the full terraform plan output. Your alert should link to that page so you can figure out what to do.

How to deploy it

terradiff is designed to run on Kubernetes. It is cloud native, if you're into that sort of thing.

It expects to run with a git-sync sidecar that pulls in your Terraform configuration from Git.

An example Kubernetes Deployment manifest can be found in this repository. It assumes you have a Secret named git-sync-secret with your GitHub credentials for synchronising the repository with your Terraform configuration, and Secrets for any credentials required to run terraform plan on that configuration.

Example alerting rules are also provided.

History

This project is inspired by the use of Terraform at Weaveworks. In particular, its lineage includes prom-run.

How to build this project

You really want to have stack installed, and to invoke it directly.

More Repositories

1

undistract-me

Notifies you when long-running terminal commands complete
Shell
539
star
2

servant-template

Cookiecutter template for Servant projects
Haskell
58
star
3

tree-format

Python library for printing trees on the console
Python
39
star
4

difftodo

Turns diffs into todo lists by parsing comments
Haskell
32
star
5

obsidian-to-org

Convert an Obsidian directory to org-roam
Python
14
star
6

direnv-el

Emacs integration for direnv
Emacs Lisp
8
star
7

bazel-python-spike

Experiment with using Bazel for testing Python
Python
8
star
8

open-haddock

Quickly open documentation for Haskell packages or modules from the command line
Haskell
4
star
9

dotfiles

System configuration
Emacs Lisp
4
star
10

rules_haskell-old

Haskell rules for Bazel
Python
3
star
11

haverer

Haskell implementation of Loveletter
Haskell
2
star
12

holborn

Haskell
2
star
13

jml-web-service

Haskell library for web services
Haskell
2
star
14

diff-match-patch

Haskell library for diff, match, and patch
Haskell
2
star
15

hazard-deprecated

A RESTful API for playing Love Letter
Haskell
1
star
16

haskell-cli-template

Cookiecutter template for Haskell CLI programs
Haskell
1
star
17

treeshape

Quickly make files and directory structures in Python
Python
1
star
18

perfidy

Immutable data structures and functional tools for Python
Python
1
star
19

loveletter

Implementation of Love Letter
Rust
1
star
20

reach

Rust implementation of DRMacIver's each
Rust
1
star
21

haskell-static-minimal-repro

Minimal Haskell project to experiment with static linking
Haskell
1
star
22

bazel-haskell-experiment

Python
1
star
23

omnimetrics

Tools for exploring OmniFocus data
Python
1
star
24

txapply

Tools for combining Twisted Deferreds
Python
1
star
25

quay-admin

Administer quay.io repositories for an organization
Python
1
star
26

emacs-configuration

My emacs configuration.
Emacs Lisp
1
star
27

flocker-tools

Experimental repository for prototype tools for administering flocker clusters
Python
1
star
28

pretty-error

Pretty error messages for failed runtime invariants in Haskell
Haskell
1
star