Drift Control - Automated testing for infrastructure automation

I was working with a DevOps team that set up a drift control system, like code coverage but for infrastructure. If one of your goals for production reliability is infrastructure automation via IaC (infrastructure as code), then having a tool like drift control allows us to track our progress.

"Measurement is the first step that leads ... improvement. If you can't measure something, ... you can't improve it."

― H. James Harrington

The tool driftctl is an open-source tool that detects infrastructure drift. The driftctl tool compares your current infrastructure with the expected state defined in your IaC scripts (infrastructure as code). If there are any differences, driftctl sends an alert to your team.

Background/TLDR;

Infrastructure code coverage tools and drift control are two different concepts, but they are related to each other in the context of infrastructure management.

Infrastructure code coverage tools measure the code coverage of infrastructure-as-code (IaC) scripts. IaC is a process of managing infrastructure in a declarative way by writing scripts in a domain-specific language (DSL). These scripts automate the deployment and configuration of infrastructure resources such as virtual machines, containers, networks, and storage.

Infrastructure code coverage tools help developers and operations teams ensure that their IaC scripts cover all the configurations required for a particular deployment. These tools analyze the IaC code and report the percentage of code tested, allowing teams to identify areas of their infrastructure that need additional testing.

On the other hand, Drift control is a process of monitoring and detecting changes to infrastructure resources that deviate from the expected state. Drift control is essential because changes can occur in a dynamic environment due to one-off production fixes, human error, software bugs, or even gasp security breaches.

Drift control tools compare the current state of the infrastructure with the expected state. The Drift control system raises a red flag if there is any delta. Think of it as a failed unit test but for IaC.

In summary, infrastructure code coverage tools and drift control are essential for managing infrastructure-as-code. Infrastructure code coverage tools help ensure that IaC scripts cover all necessary configurations, while drift control helps detect and correct any deviations from the expected state. The drift control system keeps you on track when the rubber hits the road.