feat(config): implement runtime configuration drift auditing#117
Open
ekwe7 wants to merge 1 commit into
Open
Conversation
Contributor
|
@ekwe7 CI Failed |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
closes #85
Implement Runtime Configuration Auditing and Drift Detection
Summary
This PR introduces runtime configuration auditing to detect and surface production configuration drift before it results in silent outages or unexpected behavior.
The implementation periodically snapshots runtime configuration, compares it against the repository-defined baseline, classifies detected drift, and routes critical deployment-scoped alerts through PagerDuty. A historical dashboard is also added to provide visibility into configuration changes over time.
Problem
During incident response, emergency fixes, or manual operational changes, production configuration can diverge from the expected repository-defined state.
Without automated auditing:
Solution
This PR introduces a runtime configuration auditing pipeline that continuously validates deployed configuration against a known baseline.
Key Capabilities
Implementation
Configuration Snapshot Collector
Added a collector responsible for:
Drift Detection Engine
Implemented a comparator that evaluates runtime snapshots against the repository baseline.
Supported drift categories:
Value Changes
Added Keys
Removed Keys
Alert Routing
Added drift classification and alert routing logic.
Critical deployment-scoped drift events:
Drift Dashboard
Implemented a dashboard providing:
Technical Bounds
Snapshot Interval
Baseline Source
Supported Drift Types
Alert Destination
for deployment-scoped critical drift events.
Operational Benefits
Reliability
Incident Response
Compliance and Auditing
Validation
Performed validation for:
Acceptance Criteria