Terraform Detecting Drift
One of the core challenges of infrastructure as code is keeping an up-to-date record of all deployed infrastructure and their properties. Terraform manages this by maintaining state information in a single file, called the state file.
Terraform uses declarative configuration files to define the infrastructure resources to provision. This configuration serves as the target source of truth for what exists on the backend API. Changes to Infrastructure outside of Terraform will be detected as deviation by Terraform and shown as a diff in future runs of terraform plan. This type of change is referred to as "drift", and its detection is an important responsibility of Terraform in order to inform users of changes in their infrastructure. Here are a few techniques for developers to ensure drift is detected.
»Capture all state in READ
A provider's READ method is where state is synchronized from the remote API to Terraform state. It's essential that all attributes defined in the schema are recorded and kept up-to-date in state. Consider this provider code:
// resource_example_simple.gopackageexamplefuncresourceExampleSimple()*schema.Resource{return&schema.Resource{Read:resourceExampleSimpleRead,Create:resourceExampleSimpleCreate,Schema:map[string]*schema.Schema{"name":{Type:schema.TypeString,Required:true,ForceNew:true,},"type":{Type:schema.TypeString,Optional:true,},},}}funcresourceExampleSimpleRead(d*schema.ResourceData,metainterface{})error{client:=meta.(*ProviderApi).clientresource,_:=client.GetResource(d.Id())d.Set("name",resource.Name)d.Set("type",resource.Type)returnnil}
As defined in the schema, the type attribute is optional, now consider this config:
# config.tf
resource "simple" "ex" {
name = "example"
}
Even though type is omitted from the config, it is vital that we record it into state in the READ function, as the backend API could set it to a default value. To illustrate the importance of capturing all state consider a configuration that interpolates the optional value into another resource:
resource "simple" "ex" {
name = "example"
}
resource "another" "ex" {
name = "${simple.ex.type}"
}
»Update state after modification
A provider's CREATE and UPDATE functions will create or modify resources on the remote API. APIs might perform things like provide default values for unspecified attributes (as described in the above example config/provider code), or normalize inputs (lower or upper casing all characters in a string). The end result is a backend API containing modified versions of values that Terraform has in its state locally. Immediately after creation or updating of a resource, Terraform will have a stale state, which will result in a detected deviation on subsequent plan or applys, as Terraform refreshes its state and wants to reconcile the diff. Because of this, it is standard practice to call READ at the end of all modifications to synchronize immediately and avoid that diff.
funcresourceExampleSimpleRead(d*schema.ResourceData,metainterface{})error{client:=meta.(*ProviderApi).clientresource,_:=client.GetResource(d.Id())d.Set("name",resource.Name)d.Set("type",resource.Type)returnnil}funcresourceExampleSimpleCreate(d*schema.ResourceData,metainterface{})error{client:=meta.(*ProviderApi).clientname:=d.Get("name").(string)client.CreateResource(name)d.SetId(name)returnresourceExampleSimpleRead(d,meta)}
»Error checking aggregate types
Terraform schema is defined using primitive types and aggregate types. The preceding examples featured primitive types which don't require error checking. Aggregate types on the other hand, schema.TypeList, schema.TypeSet, and schema.TypeMap, are converted to key/value pairs when set into state. As a result the Set method must be error checked, otherwise Terraform will think it's operation was successful despite having broken state. The same can be said for error checking API responses.
# config.tf
resource "simple" "ex" {
name = "example"
type = "simple"
tags = {
name = "example"
}
}
// resource_example_simple.gopackageexamplefuncresourceExampleSimple()*schema.Resource{return&schema.Resource{Read:resourceExampleSimpleRead,Create:resourceExampleSimpleCreate,Schema:map[string]*schema.Schema{"name":{Type:schema.TypeString,Required:true,ForceNew:true,},"type":{Type:schema.TypeString,Optional:true,},"tags":{Type:schema.TypeMap,Optional:true,},},}}funcresourceExampleSimpleRead(d*schema.ResourceData,metainterface{})error{client:=meta.(*ProviderApi).clientresource,err:=client.GetResource(d.Id())iferr!=nil{returnfmt.Errorf("error getting resource %s: %s",d.Id(),err)}d.Set("name",resource.Name)d.Set("type",resource.Type)iferr:=d.Set("tags",resource.TagMap);err!=nil{returnfmt.Errorf("error setting tags for resource %s: %s",d.Id(),err)}returnnil}
»Use Schema Helper methods
As mentioned, remote APIs can often perform mutations to the attributes of a resource outside of Terraform's control. Common examples include data containing uppercase letters and being normalized to lowercase, or complex defaults being set for unset attributes. These situations expectedly result in drift, but can be reconciled by using Terraform's schema functions, such as DiffSuppressFunc or DefaultFunc
Terraform Detecting Drift的更多相关文章
- terraform plugin 版本以及changlog 规范
文章来自官方文章,转自:https://www.terraform.io/docs/extend/best-practices/versioning.html 里面包含了版本命名的规范,以及chang ...
- 论文阅读(Xiang Bai——【CVPR2012】Detecting Texts of Arbitrary Orientations in Natural Images)
Xiang Bai--[CVPR2012]Detecting Texts of Arbitrary Orientations in Natural Images 目录 作者和相关链接 方法概括 方法细 ...
- **stack smashing detecting**
stack smashing aborted 堆 猛烈撞击 流失 我在使用数据时写了 tmp_row = row + pos[num1][[0]; tmp_col = col + pos[num1][ ...
- 论文阅读之 DECOLOR: Moving Object Detection by Detecting Contiguous Outliers in the Low-Rank Representation
DECOLOR: Moving Object Detection by Detecting Contiguous Outliers in the Low-Rank Representation Xia ...
- Detecting diabetic retinopathy in eye images
Detecting diabetic retinopathy in eye images The past almost four months I have been competing in a ...
- 1.6.7 Detecting Languages During Indexing
1. Detecting Languages During Indexing 在索引的时候,solr可以使用langid UpdateRequestProcessor来识别语言,然后映射文本到特定语言 ...
- 如何使用 Docker、ECS、Terraform 重建基础架构?
早期 Segment 基础架构普遍组合在一起.我们通过 AWS 界面设定实例,使用许多闲散的 AMI,并且采用三种不同的部署方式. 然而随着商业的飞速发展,工程师团队的规模不断扩大,基础架构的复杂度也 ...
- 关于terraform的状态管理
我们想在aws创建3台主机,使用ansible和terraform都是可以实现的. 用ansible可能是这样子的: - ec2: count: 10 image: ami-40d281120 ins ...
- ansible+packer+terraform在aws上布署web服务器
各工具所扮演的角色 ansible: 配合packer生成安装有apache的基础镜像 packer: 生成amazon AMI terraform: 以packer生成的镜像为基础,布署web服务器 ...
随机推荐
- C语言转义字符'\'
body, table{font-family: 微软雅黑; font-size: 13.5pt} table{border-collapse: collapse; border: solid gra ...
- Flatten Nested List Iterator
Given a nested list of integers, implement an iterator to flatten it. Each element is either an inte ...
- delete和delete[] 区别
// DeleteAndDelete[].cpp : 定义控制台应用程序的入口点. // #include "stdafx.h" #include <Windows.h> ...
- VCL界面控件DevExpress VCL发布v18.2.2|附下载
DevExpress VCL Controls是 Devexpress公司旗下最老牌的用户界面套包.所包含的控件有:数据录入,图表,数据分析,导航,布局,网格,日程管理,样式,打印和工作流等,让您快速 ...
- 插入排序算法 Java实现
插入排序算法是算法排序中的一种: 该算法是假设已有序列是有序序列,从首元素(首元素为单个元素,肯定是有序的...)开始分析,对其他元素的位置进行有序的确定: 以算法为例: public class I ...
- 初始化集合的花样new HashMap<String, String>{ {put("str1":"abc");} }(转)
Map集合的普通初始化方法: Map<String, String> map = new HashMap<String, String>(); map.put("Na ...
- WebView加载页面
//使用内置浏览器webView.setWebViewClient(new WebViewClient(){ @Override public boolean shouldOverrideUrlLoa ...
- 常见无线DOS攻击
记录下自己最近一段时间对无线渗透学习的笔记. 无线DOS就是无线拒绝服务攻击.主要包括以下几种攻击类型:Auth Dos攻击.Deauth Flood攻击.Disassociate攻击及RF干扰攻击等 ...
- MYSQL锁表问题解决
本文实例讲述了MYSQL锁表问题的解决方法.分享给大家供大家参考,具体如下: 很多时候!一不小心就锁表!这里讲解决锁表终极方法! 案例一 ? 1 mysql>show processlist; ...
- python sub替换方法
命令:re.sub(pattern, repl, string, count=0, flags=0) re.sub 用于替换字符串的匹配项.如果没有匹配到规则,则原字符串不变. 第一个参数:规则 第二 ...