The Hidden Factor:

Introduction:  Software CI/CD pipelines authors often miss out on a critical component when it comes to automating IaC deployments. This factor called state is declared, easy to locate and even documented well but its role in the traditional code pipelines often escapes attention.

The trio of portal, state and IaC must be kept in sync otherwise  one of the most perplexing errors that appear is that the changes pushed through the pipeline break unrelated resources.

This article suggests how these three components must be maintained.

 

Priority:

1.      Keep the IaC and state in sync with portal without touching resources.

2.      Pipeline must not show conflicts for unrelated changes, edit state.

3.      Follow up on any state edits with changes to IaC for resources impacted.

Severity:

1.      Maintain associations when adding subnets or virtual networks, allow access to related resources.

2.      When version increases occur, please include them in the portal, state, and code.

Best Practice

1.      Add optional attributes to IaC

2.      Prevent unrelated changes to not see conflict.

3.      Follow up on any state edits such as version bump or increase count with IaC

4.      Keep the planning and apply stages to show similar or no conflicts.

Process:

1.      Forward write-through –

a.       Create new resources – complete all associations.

b.      Introduce the state of the new resources.

c.       Create the resources in the portal.

d.      Indicate blockers or announce your changes, when important.

2.      Backward propagate changes from Portal

a.        Capture the changes in state

b.       Capture the changes in IaC

c.       Go through step 1 to check that it is no-op

3.      Establish baseline and make incremental updates where after each update all three are in sync

4.      Add enforcements, detect changes, and send notifications when things change

 

 

Finally, the changes being made to keep all three in sync were often spread out over time and distributed among authors leading to sources of errors or discrepancies. Establishing a baseline combination of state, IaC and corresponding resources is necessary to make incremental changes. It is also important to keep them in sync going forward. The best way to do this would be to close the gap by enumerating all discrepancies to establish a baseline and then have the process and the practice to enforce that they do not get out of sync.