feat:drift detection (wip)

[motatoes]

(Still a work in progress PR, not ready for review yet, but you are welcome to have a look :))

what

Work in progress Implementation of #3245 drift detection feature. It allows users to configure drift detection for specific projects so atlantis can detect drift and create a pull request based on this change. Working on:

• Creation of atlantis.yml parameters
• Creation of server parameters
• Creation of cron job for drift detection of requested projects
• Creation of pull request with any detected drift using token
  • Github
  • Gitlab
  • Bitbucket
  • Azure Devops

why

To support drift detection natively in atlantis

tests

• Test atlantis.yml configuration parameters
• Test server configuration parameters
• Test drift detection job

references

• closes Drift Detection #3245

[barth12]

Hi guys, any chance there will be some progress on this one soon? would be beautiful to have this functionality in Atlantis.

[l13t]

There is probably no chance since the author works on an alternative solution.

[jeffersontavaresdm]

I ended up using Driftive and running the drift analysis in GH actions with this action.

[dimisjim]

@jeffersontavaresdm The issue with solutions like driftive is that you need to run an additional binary other than Atlantis somewhere, which would need to comply to a different spec (see https://github.com/driftive/driftive?tab=readme-ov-file#repository-configuration), other than the already available repo config yaml that atlantis offers. It would also need to have its own access to the infra Atlantis manages.

Thus I think something like this to begin with: #5087 is the proper way to do it when an org uses Atlantis.

[jamengual]

@jeffersontavaresdm The issue with solutions like driftive is that you need to run an additional binary other than Atlantis somewhere, which would need to comply to a different spec (see https://github.com/driftive/driftive?tab=readme-ov-file#repository-configuration), other than the already available repo config yaml that atlantis offers. It would also need to have its own access to the infra Atlantis manages.

Thus I think something like this to begin with: #5087 is the proper way to do it when an org uses Atlantis.

That is not entirely correct.

We have been discussing for a while to run a cron-like job within Atlantis to run the repo/repos against current infra, then create an issue and a remediation PR and maybe an event to Slack to notify.

Atlantis is already running, so why not use Atlantis itself to trigger the discovery/drift detection and use the already provided access.

[dimisjim]

@jamengual An internal non-API mechanism can work too, sure. However, the API would be possible to be used outside of Atlantis too.

Either way, would be nice for an Atlantis drift detection mechanism to fully support the atlantis repo level yaml config file.

[jamengual]

Sorry, I do not want one or the other; I was saying we can do both.
there is an early incarnation that does something like this here https://github.com/cresta/atlantis-drift-detection

[l13t]

It would be nice to have an option that says if the plan should be only monitored for drift or will be applied if there is a drift.