Introduction to Drift Detection
Drift Detection identifies configuration changes, infrastructure drift, and security policy violations between desired and actual states in cloud-native environments. This guide covers implementing comprehensive drift detection for Kubernetes, cloud infrastructure, and application configurations.
System Architecture Overview
Drift Detection System ├── Infrastructure Drift │ ├ - Cloud Resource Monitoring │ ├ - Configuration Comparison │ ├ - Terraform State Analysis │ └ - Cost Optimization ├── Kubernetes Drift │ ├ - Resource Configuration │ ├ - Security Policies │ ├ - Network Policies │ └ - Storage Configuration ├── Security Drift │ ├ - Policy Violations │ ├ - Compliance Checks │ ├ - Vulnerability Changes │ └ - Access Control Changes └── Application Drift ├ - Configuration Changes ├ - Dependency Updates ├ - Performance Regression └ - Feature Flags
Core Implementation
1. Maven Dependencies
<properties>
<kubernetes.client.version>18.0.0</kubernetes.client.version>
<aws.java.sdk.version>2.20.56</aws.java.sdk.version>
<azure.sdk.version>1.0.0</azure.sdk.version>
<gcp.sdk.version>2.20.0</gcp.sdk.version>
<jackson.version>2.15.2</jackson.version>
<spring.boot.version>2.7.0</spring.boot.version>
</properties>
<dependencies>
<!-- Kubernetes Client -->
<dependency>
<groupId>io.kubernetes</groupId>
<artifactId>client-java</artifactId>
<version>${kubernetes.client.version}</version>
</dependency>
<!-- AWS SDK -->
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>ec2</artifactId>
<version>${aws.java.sdk.version}</version>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>s3</artifactId>
<version>${aws.java.sdk.version}</version>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>rds</artifactId>
<version>${aws.java.sdk.version}</version>
</dependency>
<!-- Azure SDK -->
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>${azure.sdk.version}</version>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-resourcemanager</artifactId>
<version>${azure.sdk.version}</version>
</dependency>
<!-- GCP SDK -->
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>google-cloud-compute</artifactId>
<version>${gcp.sdk.version}</version>
</dependency>
<!-- Spring Boot -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>${spring.boot.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
<version>${spring.boot.version}</version>
</dependency>
<!-- JSON Processing -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
</dependency>
<!-- YAML Processing -->
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>2.0</version>
</dependency>
<!-- Database for State Storage -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
<version>${spring.boot.version}</version>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<scope>runtime</scope>
</dependency>
<!-- Testing -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<version>${spring.boot.version}</version>
<scope>test</scope>
</dependency>
</dependencies>
2. Configuration Classes
package com.example.drift.config;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
import java.util.Arrays;
import java.util.List;
@Component
@ConfigurationProperties(prefix = "drift.detection")
public class DriftDetectionConfig {
private boolean enabled = true;
private String mode = "scheduled"; // scheduled, realtime, manual
private int scheduleInterval = 300; // seconds
private int historyRetentionDays = 30;
// Detection scopes
private boolean kubernetesEnabled = true;
private boolean cloudEnabled = true;
private boolean securityEnabled = true;
private boolean applicationEnabled = true;
// Kubernetes configuration
private String kubeConfigPath;
private List<String> monitoredNamespaces = Arrays.asList("default", "kube-system");
private List<String> resourceTypes = Arrays.asList(
"deployments", "services", "configmaps", "secrets", "networkpolicies"
);
// Cloud providers
private List<String> cloudProviders = Arrays.asList("aws", "azure", "gcp");
private AwsConfig aws;
private AzureConfig azure;
private GcpConfig gcp;
// Alerting
private boolean slackEnabled = false;
private String slackWebhookUrl;
private boolean emailEnabled = false;
private String emailRecipients;
private boolean webhookEnabled = false;
private String webhookUrl;
// Drift thresholds
private int criticalSeverityThreshold = 1;
private int highSeverityThreshold = 5;
private int mediumSeverityThreshold = 10;
// Auto-remediation
private boolean autoRemediationEnabled = false;
private List<String> autoRemediationActions = Arrays.asList("alert", "rollback", "notify");
// Getters and setters
public boolean isEnabled() { return enabled; }
public void setEnabled(boolean enabled) { this.enabled = enabled; }
public String getMode() { return mode; }
public void setMode(String mode) { this.mode = mode; }
public int getScheduleInterval() { return scheduleInterval; }
public void setScheduleInterval(int scheduleInterval) { this.scheduleInterval = scheduleInterval; }
public int getHistoryRetentionDays() { return historyRetentionDays; }
public void setHistoryRetentionDays(int historyRetentionDays) { this.historyRetentionDays = historyRetentionDays; }
public boolean isKubernetesEnabled() { return kubernetesEnabled; }
public void setKubernetesEnabled(boolean kubernetesEnabled) { this.kubernetesEnabled = kubernetesEnabled; }
public boolean isCloudEnabled() { return cloudEnabled; }
public void setCloudEnabled(boolean cloudEnabled) { this.cloudEnabled = cloudEnabled; }
public boolean isSecurityEnabled() { return securityEnabled; }
public void setSecurityEnabled(boolean securityEnabled) { this.securityEnabled = securityEnabled; }
public boolean isApplicationEnabled() { return applicationEnabled; }
public void setApplicationEnabled(boolean applicationEnabled) { this.applicationEnabled = applicationEnabled; }
public String getKubeConfigPath() { return kubeConfigPath; }
public void setKubeConfigPath(String kubeConfigPath) { this.kubeConfigPath = kubeConfigPath; }
public List<String> getMonitoredNamespaces() { return monitoredNamespaces; }
public void setMonitoredNamespaces(List<String> monitoredNamespaces) { this.monitoredNamespaces = monitoredNamespaces; }
public List<String> getResourceTypes() { return resourceTypes; }
public void setResourceTypes(List<String> resourceTypes) { this.resourceTypes = resourceTypes; }
public List<String> getCloudProviders() { return cloudProviders; }
public void setCloudProviders(List<String> cloudProviders) { this.cloudProviders = cloudProviders; }
public AwsConfig getAws() { return aws; }
public void setAws(AwsConfig aws) { this.aws = aws; }
public AzureConfig getAzure() { return azure; }
public void setAzure(AzureConfig azure) { this.azure = azure; }
public GcpConfig getGcp() { return gcp; }
public void setGcp(GcpConfig gcp) { this.gcp = gcp; }
public boolean isSlackEnabled() { return slackEnabled; }
public void setSlackEnabled(boolean slackEnabled) { this.slackEnabled = slackEnabled; }
public String getSlackWebhookUrl() { return slackWebhookUrl; }
public void setSlackWebhookUrl(String slackWebhookUrl) { this.slackWebhookUrl = slackWebhookUrl; }
public boolean isEmailEnabled() { return emailEnabled; }
public void setEmailEnabled(boolean emailEnabled) { this.emailEnabled = emailEnabled; }
public String getEmailRecipients() { return emailRecipients; }
public void setEmailRecipients(String emailRecipients) { this.emailRecipients = emailRecipients; }
public boolean isWebhookEnabled() { return webhookEnabled; }
public void setWebhookEnabled(boolean webhookEnabled) { this.webhookEnabled = webhookEnabled; }
public String getWebhookUrl() { return webhookUrl; }
public void setWebhookUrl(String webhookUrl) { this.webhookUrl = webhookUrl; }
public int getCriticalSeverityThreshold() { return criticalSeverityThreshold; }
public void setCriticalSeverityThreshold(int criticalSeverityThreshold) { this.criticalSeverityThreshold = criticalSeverityThreshold; }
public int getHighSeverityThreshold() { return highSeverityThreshold; }
public void setHighSeverityThreshold(int highSeverityThreshold) { this.highSeverityThreshold = highSeverityThreshold; }
public int getMediumSeverityThreshold() { return mediumSeverityThreshold; }
public void setMediumSeverityThreshold(int mediumSeverityThreshold) { this.mediumSeverityThreshold = mediumSeverityThreshold; }
public boolean isAutoRemediationEnabled() { return autoRemediationEnabled; }
public void setAutoRemediationEnabled(boolean autoRemediationEnabled) { this.autoRemediationEnabled = autoRemediationEnabled; }
public List<String> getAutoRemediationActions() { return autoRemediationActions; }
public void setAutoRemediationActions(List<String> autoRemediationActions) { this.autoRemediationActions = autoRemediationActions; }
// Nested configuration classes
public static class AwsConfig {
private String accessKey;
private String secretKey;
private String region;
private List<String> services = Arrays.asList("ec2", "s3", "rds", "iam");
// Getters and setters
public String getAccessKey() { return accessKey; }
public void setAccessKey(String accessKey) { this.accessKey = accessKey; }
public String getSecretKey() { return secretKey; }
public void setSecretKey(String secretKey) { this.secretKey = secretKey; }
public String getRegion() { return region; }
public void setRegion(String region) { this.region = region; }
public List<String> getServices() { return services; }
public void setServices(List<String> services) { this.services = services; }
}
public static class AzureConfig {
private String tenantId;
private String clientId;
private String clientSecret;
private String subscriptionId;
private List<String> services = Arrays.asList("compute", "storage", "network");
// Getters and setters
public String getTenantId() { return tenantId; }
public void setTenantId(String tenantId) { this.tenantId = tenantId; }
public String getClientId() { return clientId; }
public void setClientId(String clientId) { this.clientId = clientId; }
public String getClientSecret() { return clientSecret; }
public void setClientSecret(String clientSecret) { this.clientSecret = clientSecret; }
public String getSubscriptionId() { return subscriptionId; }
public void setSubscriptionId(String subscriptionId) { this.subscriptionId = subscriptionId; }
public List<String> getServices() { return services; }
public void setServices(List<String> services) { this.services = services; }
}
public static class GcpConfig {
private String projectId;
private String credentialsPath;
private List<String> services = Arrays.asList("compute", "storage", "bigquery");
// Getters and setters
public String getProjectId() { return projectId; }
public void setProjectId(String projectId) { this.projectId = projectId; }
public String getCredentialsPath() { return credentialsPath; }
public void setCredentialsPath(String credentialsPath) { this.credentialsPath = credentialsPath; }
public List<String> getServices() { return services; }
public void setServices(List<String> services) { this.services = services; }
}
}
3. Core Drift Detection Service
package com.example.drift.service;
import com.example.drift.config.DriftDetectionConfig;
import com.example.drift.model.*;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.JsonNode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Service;
import java.util.*;
import java.util.concurrent.CompletableFuture;
import java.util.stream.Collectors;
@Service
public class DriftDetectionService {
private static final Logger logger = LoggerFactory.getLogger(DriftDetectionService.class);
private final DriftDetectionConfig config;
private final KubernetesService kubernetesService;
private final CloudService cloudService;
private final SecurityService securityService;
private final ApplicationService applicationService;
private final DriftRepository driftRepository;
private final AlertService alertService;
private final RemediationService remediationService;
private final ObjectMapper objectMapper = new ObjectMapper();
public DriftDetectionService(DriftDetectionConfig config,
KubernetesService kubernetesService,
CloudService cloudService,
SecurityService securityService,
ApplicationService applicationService,
DriftRepository driftRepository,
AlertService alertService,
RemediationService remediationService) {
this.config = config;
this.kubernetesService = kubernetesService;
this.cloudService = cloudService;
this.securityService = securityService;
this.applicationService = applicationService;
this.driftRepository = driftRepository;
this.alertService = alertService;
this.remediationService = remediationService;
}
/**
* Scheduled drift detection
*/
@Scheduled(fixedRateString = "${drift.detection.schedule-interval:300000}")
public void performScheduledDriftDetection() {
if (!config.isEnabled()) {
logger.debug("Drift detection is disabled");
return;
}
logger.info("Starting scheduled drift detection");
try {
DriftDetectionResult result = detectDrift();
// Store results
driftRepository.save(result);
// Process alerts
if (result.hasDrifts()) {
processDriftAlerts(result);
}
// Auto-remediation
if (config.isAutoRemediationEnabled()) {
performAutoRemediation(result);
}
logger.info("Drift detection completed. Found {} drifts", result.getTotalDrifts());
} catch (Exception e) {
logger.error("Drift detection failed", e);
}
}
/**
* Comprehensive drift detection across all scopes
*/
public DriftDetectionResult detectDrift() {
logger.info("Performing comprehensive drift detection");
DriftDetectionResult result = new DriftDetectionResult();
result.setDetectionId(UUID.randomUUID().toString());
result.setStartTime(new Date());
List<CompletableFuture<Void>> futures = new ArrayList<>();
// Kubernetes drift detection
if (config.isKubernetesEnabled()) {
futures.add(CompletableFuture.runAsync(() -> {
try {
List<Drift> kubernetesDrifts = kubernetesService.detectKubernetesDrift();
result.addDrifts(kubernetesDrifts);
logger.info("Kubernetes drift detection found {} drifts", kubernetesDrifts.size());
} catch (Exception e) {
logger.error("Kubernetes drift detection failed", e);
result.addError("Kubernetes", e.getMessage());
}
}));
}
// Cloud infrastructure drift detection
if (config.isCloudEnabled()) {
futures.add(CompletableFuture.runAsync(() -> {
try {
List<Drift> cloudDrifts = cloudService.detectCloudDrift();
result.addDrifts(cloudDrifts);
logger.info("Cloud drift detection found {} drifts", cloudDrifts.size());
} catch (Exception e) {
logger.error("Cloud drift detection failed", e);
result.addError("Cloud", e.getMessage());
}
}));
}
// Security drift detection
if (config.isSecurityEnabled()) {
futures.add(CompletableFuture.runAsync(() -> {
try {
List<Drift> securityDrifts = securityService.detectSecurityDrift();
result.addDrifts(securityDrifts);
logger.info("Security drift detection found {} drifts", securityDrifts.size());
} catch (Exception e) {
logger.error("Security drift detection failed", e);
result.addError("Security", e.getMessage());
}
}));
}
// Application drift detection
if (config.isApplicationEnabled()) {
futures.add(CompletableFuture.runAsync(() -> {
try {
List<Drift> applicationDrifts = applicationService.detectApplicationDrift();
result.addDrifts(applicationDrifts);
logger.info("Application drift detection found {} drifts", applicationDrifts.size());
} catch (Exception e) {
logger.error("Application drift detection failed", e);
result.addError("Application", e.getMessage());
}
}));
}
// Wait for all detection tasks to complete
CompletableFuture.allOf(futures.toArray(new CompletableFuture[0])).join();
result.setEndTime(new Date());
result.calculateMetrics();
return result;
}
/**
* Detect drift for specific resource
*/
public DriftDetectionResult detectResourceDrift(ResourceIdentifier resource) {
logger.info("Detecting drift for resource: {}", resource);
DriftDetectionResult result = new DriftDetectionResult();
result.setDetectionId(UUID.randomUUID().toString());
result.setStartTime(new Date());
try {
List<Drift> drifts = new ArrayList<>();
switch (resource.getResourceType()) {
case KUBERNETES:
drifts = kubernetesService.detectResourceDrift(resource);
break;
case CLOUD:
drifts = cloudService.detectResourceDrift(resource);
break;
case SECURITY:
drifts = securityService.detectResourceDrift(resource);
break;
case APPLICATION:
drifts = applicationService.detectResourceDrift(resource);
break;
}
result.addDrifts(drifts);
result.setEndTime(new Date());
result.calculateMetrics();
} catch (Exception e) {
logger.error("Resource drift detection failed for: {}", resource, e);
result.addError(resource.getResourceType().name(), e.getMessage());
}
return result;
}
/**
* Compare current state with baseline
*/
public ComparisonResult compareWithBaseline(String baselineId) {
logger.info("Comparing current state with baseline: {}", baselineId);
// Get baseline state
Baseline baseline = driftRepository.findBaselineById(baselineId)
.orElseThrow(() -> new IllegalArgumentException("Baseline not found: " + baselineId));
// Get current state
DriftDetectionResult currentState = detectDrift();
// Perform comparison
ComparisonResult comparison = new ComparisonResult();
comparison.setBaselineId(baselineId);
comparison.setComparisonTime(new Date());
// Compare resources
Map<String, ResourceComparison> resourceComparisons = compareResources(
baseline.getResourceStates(),
currentState.getResourceStates()
);
comparison.setResourceComparisons(resourceComparisons);
// Calculate drift metrics
calculateComparisonMetrics(comparison, resourceComparisons);
return comparison;
}
/**
* Create baseline from current state
*/
public Baseline createBaseline(String name, String description) {
logger.info("Creating baseline: {}", name);
DriftDetectionResult currentState = detectDrift();
Baseline baseline = new Baseline();
baseline.setId(UUID.randomUUID().toString());
baseline.setName(name);
baseline.setDescription(description);
baseline.setCreatedAt(new Date());
baseline.setResourceStates(currentState.getResourceStates());
baseline.setDriftCounts(currentState.getDriftCounts());
return driftRepository.saveBaseline(baseline);
}
/**
* Get drift history
*/
public DriftHistory getDriftHistory(HistoryFilter filter) {
logger.info("Getting drift history with filter: {}", filter);
List<DriftDetectionResult> results = driftRepository.findDriftResults(filter);
DriftHistory history = new DriftHistory();
history.setResults(results);
history.setTimeRange(filter.getStartTime(), filter.getEndTime());
// Calculate trends
calculateDriftTrends(history, results);
return history;
}
/**
* Real-time drift monitoring
*/
public void startRealTimeMonitoring() {
if (!"realtime".equals(config.getMode())) {
logger.warn("Real-time monitoring is not enabled");
return;
}
logger.info("Starting real-time drift monitoring");
// Implementation for real-time monitoring would use:
// - Kubernetes watches
// - Cloud event bridges
// - Webhook listeners
// - Message queues
CompletableFuture.runAsync(() -> {
while (true) {
try {
// Monitor for specific events
monitorKubernetesEvents();
monitorCloudEvents();
monitorSecurityEvents();
Thread.sleep(10000); // Check every 10 seconds
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
break;
} catch (Exception e) {
logger.error("Real-time monitoring error", e);
}
}
});
}
/**
* Analyze drift patterns
*/
public PatternAnalysis analyzeDriftPatterns(PatternAnalysisRequest request) {
logger.info("Analyzing drift patterns for time range: {} to {}",
request.getStartTime(), request.getEndTime());
List<DriftDetectionResult> historicalData = driftRepository.findDriftResults(
new HistoryFilter(request.getStartTime(), request.getEndTime())
);
PatternAnalysis analysis = new PatternAnalysis();
analysis.setAnalysisId(UUID.randomUUID().toString());
analysis.setTimeRange(request.getStartTime(), request.getEndTime());
// Analyze patterns
analyzeTemporalPatterns(analysis, historicalData);
analyzeResourcePatterns(analysis, historicalData);
analyzeSeverityPatterns(analysis, historicalData);
analyzeRootCausePatterns(analysis, historicalData);
// Generate recommendations
analysis.setRecommendations(generatePatternRecommendations(analysis));
return analysis;
}
// Helper methods
private void processDriftAlerts(DriftDetectionResult result) {
Map<DriftSeverity, List<Drift>> driftsBySeverity = result.getDrifts().stream()
.collect(Collectors.groupingBy(Drift::getSeverity));
// Send alerts based on severity thresholds
if (driftsBySeverity.getOrDefault(DriftSeverity.CRITICAL, List.of()).size() >=
config.getCriticalSeverityThreshold()) {
alertService.sendCriticalAlert(result);
}
if (driftsBySeverity.getOrDefault(DriftSeverity.HIGH, List.of()).size() >=
config.getHighSeverityThreshold()) {
alertService.sendHighSeverityAlert(result);
}
if (driftsBySeverity.getOrDefault(DriftSeverity.MEDIUM, List.of()).size() >=
config.getMediumSeverityThreshold()) {
alertService.sendMediumSeverityAlert(result);
}
}
private void performAutoRemediation(DriftDetectionResult result) {
for (String action : config.getAutoRemediationActions()) {
switch (action.toLowerCase()) {
case "rollback":
remediationService.rollbackDrifts(result.getDrifts());
break;
case "notify":
remediationService.notifyStakeholders(result);
break;
case "quarantine":
remediationService.quarantineResources(result.getDrifts());
break;
default:
logger.warn("Unknown remediation action: {}", action);
}
}
}
private Map<String, ResourceComparison> compareResources(
Map<String, ResourceState> baseline,
Map<String, ResourceState> current) {
Map<String, ResourceComparison> comparisons = new HashMap<>();
// Compare existing resources
for (String resourceId : baseline.keySet()) {
ResourceState baselineState = baseline.get(resourceId);
ResourceState currentState = current.get(resourceId);
ResourceComparison comparison = new ResourceComparison();
comparison.setResourceId(resourceId);
comparison.setBaselineState(baselineState);
comparison.setCurrentState(currentState);
if (currentState == null) {
comparison.setStatus(ComparisonStatus.DELETED);
comparison.setDrifts(Collections.singletonList(
new Drift("Resource deleted", "Resource was present in baseline but is now missing",
DriftSeverity.HIGH, DriftType.DELETION)
));
} else if (!baselineState.equals(currentState)) {
comparison.setStatus(ComparisonStatus.MODIFIED);
comparison.setDrifts(calculateConfigurationDrifts(baselineState, currentState));
} else {
comparison.setStatus(ComparisonStatus.UNCHANGED);
}
comparisons.put(resourceId, comparison);
}
// Check for new resources
for (String resourceId : current.keySet()) {
if (!baseline.containsKey(resourceId)) {
ResourceComparison comparison = new ResourceComparison();
comparison.setResourceId(resourceId);
comparison.setCurrentState(current.get(resourceId));
comparison.setStatus(ComparisonStatus.ADDED);
comparison.setDrifts(Collections.singletonList(
new Drift("Resource added", "New resource not present in baseline",
DriftSeverity.LOW, DriftType.ADDITION)
));
comparisons.put(resourceId, comparison);
}
}
return comparisons;
}
private List<Drift> calculateConfigurationDrifts(ResourceState baseline, ResourceState current) {
List<Drift> drifts = new ArrayList<>();
// Compare configurations
JsonNode baselineConfig = baseline.getConfiguration();
JsonNode currentConfig = current.getConfiguration();
// Implementation for deep configuration comparison
// This would use JSON patch or similar to identify specific changes
return drifts;
}
private void calculateComparisonMetrics(ComparisonResult result,
Map<String, ResourceComparison> comparisons) {
long added = comparisons.values().stream()
.filter(c -> c.getStatus() == ComparisonStatus.ADDED)
.count();
long modified = comparisons.values().stream()
.filter(c -> c.getStatus() == ComparisonStatus.MODIFIED)
.count();
long deleted = comparisons.values().stream()
.filter(c -> c.getStatus() == ComparisonStatus.DELETED)
.count();
result.setAddedResources(added);
result.setModifiedResources(modified);
result.setDeletedResources(deleted);
result.setTotalChanges(added + modified + deleted);
}
private void calculateDriftTrends(DriftHistory history, List<DriftDetectionResult> results) {
if (results.isEmpty()) return;
// Calculate daily trends
Map<Date, Long> dailyDrifts = results.stream()
.collect(Collectors.groupingBy(
result -> truncateToDay(result.getStartTime()),
Collectors.summingLong(DriftDetectionResult::getTotalDrifts)
));
history.setDailyTrends(dailyDrifts);
// Calculate severity trends
Map<Date, Map<DriftSeverity, Long>> severityTrends = results.stream()
.collect(Collectors.groupingBy(
result -> truncateToDay(result.getStartTime()),
Collectors.toMap(
DriftDetectionResult::getStartTime,
result -> result.getDriftCounts()
)
));
history.setSeverityTrends(severityTrends);
}
private Date truncateToDay(Date date) {
Calendar cal = Calendar.getInstance();
cal.setTime(date);
cal.set(Calendar.HOUR_OF_DAY, 0);
cal.set(Calendar.MINUTE, 0);
cal.set(Calendar.SECOND, 0);
cal.set(Calendar.MILLISECOND, 0);
return cal.getTime();
}
private void analyzeTemporalPatterns(PatternAnalysis analysis,
List<DriftDetectionResult> historicalData) {
// Analyze when drifts occur most frequently
// Implementation would identify patterns like:
// - Drifts during deployment windows
// - Drifts during maintenance periods
// - Seasonal patterns
}
private void analyzeResourcePatterns(PatternAnalysis analysis,
List<DriftDetectionResult> historicalData) {
// Analyze which resources drift most frequently
// Implementation would identify:
// - Most volatile resources
// - Resource types with highest drift rates
// - Dependencies between drifting resources
}
private void analyzeSeverityPatterns(PatternAnalysis analysis,
List<DriftDetectionResult> historicalData) {
// Analyze severity distribution and trends
// Implementation would identify:
// - Severity trends over time
- Critical drift patterns
- Severity correlations
}
private void analyzeRootCausePatterns(PatternAnalysis analysis,
List<DriftDetectionResult> historicalData) {
// Analyze root causes of drifts
// Implementation would identify:
// - Common root causes
// - Human vs automated changes
// - Configuration management issues
}
private List<String> generatePatternRecommendations(PatternAnalysis analysis) {
List<String> recommendations = new ArrayList<>();
// Generate recommendations based on patterns
// Example recommendations:
// - "Implement stricter change controls for frequently drifting resources"
// - "Schedule additional monitoring during high-drift periods"
// - "Review automation scripts that may be causing unintended changes"
return recommendations;
}
private void monitorKubernetesEvents() {
// Implementation for Kubernetes event monitoring
}
private void monitorCloudEvents() {
// Implementation for cloud event monitoring
}
private void monitorSecurityEvents() {
// Implementation for security event monitoring
}
// Data models
public static class DriftDetectionResult {
private String detectionId;
private Date startTime;
private Date endTime;
private List<Drift> drifts = new ArrayList<>();
private Map<String, ResourceState> resourceStates = new HashMap<>();
private Map<DriftSeverity, Long> driftCounts = new HashMap<>();
private Map<String, String> errors = new HashMap<>();
private DetectionMetrics metrics = new DetectionMetrics();
// Getters and setters
public String getDetectionId() { return detectionId; }
public void setDetectionId(String detectionId) { this.detectionId = detectionId; }
public Date getStartTime() { return startTime; }
public void setStartTime(Date startTime) { this.startTime = startTime; }
public Date getEndTime() { return endTime; }
public void setEndTime(Date endTime) { this.endTime = endTime; }
public List<Drift> getDrifts() { return drifts; }
public void setDrifts(List<Drift> drifts) { this.drifts = drifts; }
public void addDrifts(List<Drift> newDrifts) { this.drifts.addAll(newDrifts); }
public void addDrift(Drift drift) { this.drifts.add(drift); }
public Map<String, ResourceState> getResourceStates() { return resourceStates; }
public void setResourceStates(Map<String, ResourceState> resourceStates) { this.resourceStates = resourceStates; }
public Map<DriftSeverity, Long> getDriftCounts() { return driftCounts; }
public void setDriftCounts(Map<DriftSeverity, Long> driftCounts) { this.driftCounts = driftCounts; }
public Map<String, String> getErrors() { return errors; }
public void setErrors(Map<String, String> errors) { this.errors = errors; }
public void addError(String component, String error) { this.errors.put(component, error); }
public DetectionMetrics getMetrics() { return metrics; }
public void setMetrics(DetectionMetrics metrics) { this.metrics = metrics; }
public boolean hasDrifts() { return !drifts.isEmpty(); }
public int getTotalDrifts() { return drifts.size(); }
public void calculateMetrics() {
// Calculate various metrics from drifts
driftCounts = drifts.stream()
.collect(Collectors.groupingBy(Drift::getSeverity, Collectors.counting()));
metrics.setTotalDrifts(drifts.size());
metrics.setCriticalDrifts(driftCounts.getOrDefault(DriftSeverity.CRITICAL, 0L).intValue());
metrics.setHighDrifts(driftCounts.getOrDefault(DriftSeverity.HIGH, 0L).intValue());
metrics.setMediumDrifts(driftCounts.getOrDefault(DriftSeverity.MEDIUM, 0L).intValue());
metrics.setLowDrifts(driftCounts.getOrDefault(DriftSeverity.LOW, 0L).intValue());
// Calculate detection time
if (startTime != null && endTime != null) {
metrics.setDetectionTimeMs(endTime.getTime() - startTime.getTime());
}
}
}
// Additional data models would be defined here...
}
4. Kubernetes Drift Detection
package com.example.drift.service.kubernetes;
import com.example.drift.model.*;
import io.kubernetes.client.openapi.ApiClient;
import io.kubernetes.client.openapi.Configuration;
import io.kubernetes.client.openapi.apis.AppsV1Api;
import io.kubernetes.client.openapi.apis.CoreV1Api;
import io.kubernetes.client.openapi.models.*;
import io.kubernetes.client.util.Config;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import java.io.File;
import java.util.*;
import java.util.stream.Collectors;
@Service
public class KubernetesService {
private static final Logger logger = LoggerFactory.getLogger(KubernetesService.class);
private final ApiClient client;
private final CoreV1Api coreV1Api;
private final AppsV1Api appsV1Api;
public KubernetesService() throws Exception {
// Initialize Kubernetes client
String kubeConfigPath = System.getenv("KUBECONFIG");
if (kubeConfigPath != null) {
this.client = Config.fromConfig(new File(kubeConfigPath));
} else {
this.client = Config.defaultClient();
}
Configuration.setDefaultApiClient(client);
this.coreV1Api = new CoreV1Api();
this.appsV1Api = new AppsV1Api();
}
/**
* Detect Kubernetes resource drifts
*/
public List<Drift> detectKubernetesDrift() {
logger.info("Detecting Kubernetes resource drifts");
List<Drift> drifts = new ArrayList<>();
// Detect deployment drifts
drifts.addAll(detectDeploymentDrifts());
// Detect service drifts
drifts.addAll(detectServiceDrifts());
// Detect configmap drifts
drifts.addAll(detectConfigMapDrifts());
// Detect secret drifts
drifts.addAll(detectSecretDrifts());
// Detect network policy drifts
drifts.addAll(detectNetworkPolicyDrifts());
// Detect pod security policy drifts
drifts.addAll(detectPodSecurityPolicyDrifts());
return drifts;
}
/**
* Detect deployment configuration drifts
*/
public List<Drift> detectDeploymentDrifts() {
List<Drift> drifts = new ArrayList<>();
try {
V1DeploymentList deploymentList = appsV1Api.listDeploymentForAllNamespaces(
null, null, null, null, null, null, null, null, null, null, null
);
for (V1Deployment deployment : deploymentList.getItems()) {
List<Drift> deploymentDrifts = analyzeDeployment(deployment);
drifts.addAll(deploymentDrifts);
}
} catch (Exception e) {
logger.error("Failed to detect deployment drifts", e);
}
return drifts;
}
/**
* Detect service configuration drifts
*/
public List<Drift> detectServiceDrifts() {
List<Drift> drifts = new ArrayList<>();
try {
V1ServiceList serviceList = coreV1Api.listServiceForAllNamespaces(
null, null, null, null, null, null, null, null, null, null, null
);
for (V1Service service : serviceList.getItems()) {
List<Drift> serviceDrifts = analyzeService(service);
drifts.addAll(serviceDrifts);
}
} catch (Exception e) {
logger.error("Failed to detect service drifts", e);
}
return drifts;
}
/**
* Analyze deployment for drifts
*/
private List<Drift> analyzeDeployment(V1Deployment deployment) {
List<Drift> drifts = new ArrayList<>();
String deploymentName = deployment.getMetadata().getName();
String namespace = deployment.getMetadata().getNamespace();
// Check image tags
V1PodSpec podSpec = deployment.getSpec().getTemplate().getSpec();
for (V1Container container : podSpec.getContainers()) {
String image = container.getImage();
if (image.contains("latest")) {
drifts.add(createDrift(
"Deployment uses latest tag",
String.format("Deployment %s/%s container %s uses 'latest' tag which can cause version drift",
namespace, deploymentName, container.getName()),
DriftSeverity.MEDIUM,
DriftType.CONFIGURATION,
ResourceType.KUBERNETES,
String.format("deployment/%s/%s", namespace, deploymentName)
));
}
}
// Check resource limits
for (V1Container container : podSpec.getContainers()) {
V1ResourceRequirements resources = container.getResources();
if (resources == null || resources.getLimits() == null) {
drifts.add(createDrift(
"Missing resource limits",
String.format("Deployment %s/%s container %s has no resource limits",
namespace, deploymentName, container.getName()),
DriftSeverity.MEDIUM,
DriftType.SECURITY,
ResourceType.KUBERNETES,
String.format("deployment/%s/%s", namespace, deploymentName)
));
}
}
// Check security context
if (podSpec.getSecurityContext() == null) {
drifts.add(createDrift(
"Missing pod security context",
String.format("Deployment %s/%s has no pod security context",
namespace, deploymentName),
DriftSeverity.HIGH,
DriftType.SECURITY,
ResourceType.KUBERNETES,
String.format("deployment/%s/%s", namespace, deploymentName)
));
}
// Check readiness/liveness probes
for (V1Container container : podSpec.getContainers()) {
if (container.getReadinessProbe() == null) {
drifts.add(createDrift(
"Missing readiness probe",
String.format("Deployment %s/%s container %s has no readiness probe",
namespace, deploymentName, container.getName()),
DriftSeverity.MEDIUM,
DriftType.CONFIGURATION,
ResourceType.KUBERNETES,
String.format("deployment/%s/%s", namespace, deploymentName)
));
}
}
return drifts;
}
/**
* Analyze service for drifts
*/
private List<Drift> analyzeService(V1Service service) {
List<Drift> drifts = new ArrayList<>();
String serviceName = service.getMetadata().getName();
String namespace = service.getMetadata().getNamespace();
// Check service type
String serviceType = service.getSpec().getType();
if ("LoadBalancer".equals(serviceType)) {
drifts.add(createDrift(
"Service uses LoadBalancer type",
String.format("Service %s/%s uses LoadBalancer which may be expensive and unnecessary",
namespace, serviceName),
DriftSeverity.LOW,
DriftType.COST,
ResourceType.KUBERNETES,
String.format("service/%s/%s", namespace, serviceName)
));
}
// Check external IPs
List<String> externalIPs = service.getSpec().getExternalIPs();
if (externalIPs != null && !externalIPs.isEmpty()) {
drifts.add(createDrift(
"Service has external IPs",
String.format("Service %s/%s has external IPs configured: %s",
namespace, serviceName, externalIPs),
DriftSeverity.HIGH,
DriftType.SECURITY,
ResourceType.KUBERNETES,
String.format("service/%s/%s", namespace, serviceName)
));
}
return drifts;
}
/**
* Detect ConfigMap drifts
*/
public List<Drift> detectConfigMapDrifts() {
List<Drift> drifts = new ArrayList<>();
try {
V1ConfigMapList configMapList = coreV1Api.listConfigMapForAllNamespaces(
null, null, null, null, null, null, null, null, null, null, null
);
for (V1ConfigMap configMap : configMapList.getItems()) {
List<Drift> configMapDrifts = analyzeConfigMap(configMap);
drifts.addAll(configMapDrifts);
}
} catch (Exception e) {
logger.error("Failed to detect ConfigMap drifts", e);
}
return drifts;
}
/**
* Analyze ConfigMap for drifts
*/
private List<Drift> analyzeConfigMap(V1ConfigMap configMap) {
List<Drift> drifts = new ArrayList<>();
String configMapName = configMap.getMetadata().getName();
String namespace = configMap.getMetadata().getNamespace();
// Check for sensitive data in ConfigMap
Map<String, String> data = configMap.getData();
if (data != null) {
for (Map.Entry<String, String> entry : data.entrySet()) {
if (containsSensitiveData(entry.getValue())) {
drifts.add(createDrift(
"ConfigMap contains sensitive data",
String.format("ConfigMap %s/%s key %s may contain sensitive data",
namespace, configMapName, entry.getKey()),
DriftSeverity.HIGH,
DriftType.SECURITY,
ResourceType.KUBERNETES,
String.format("configmap/%s/%s", namespace, configMapName)
));
}
}
}
return drifts;
}
/**
* Detect Secret drifts
*/
public List<Drift> detectSecretDrifts() {
List<Drift> drifts = new ArrayList<>();
try {
V1SecretList secretList = coreV1Api.listSecretForAllNamespaces(
null, null, null, null, null, null, null, null, null, null, null
);
for (V1Secret secret : secretList.getItems()) {
List<Drift> secretDrifts = analyzeSecret(secret);
drifts.addAll(secretDrifts);
}
} catch (Exception e) {
logger.error("Failed to detect Secret drifts", e);
}
return drifts;
}
/**
* Analyze Secret for drifts
*/
private List<Drift> analyzeSecret(V1Secret secret) {
List<Drift> drifts = new ArrayList<>();
String secretName = secret.getMetadata().getName();
String namespace = secret.getMetadata().getNamespace();
// Check if secret type is appropriate
String secretType = secret.getType();
if ("Opaque".equals(secretType)) {
// Check for base64 encoded data that should be in specific secret types
Map<String, byte[]> data = secret.getData();
if (data != null && data.containsKey("tls.crt") && data.containsKey("tls.key")) {
drifts.add(createDrift(
"Secret should be TLS type",
String.format("Secret %s/%s contains TLS certificates but is type Opaque",
namespace, secretName),
DriftSeverity.MEDIUM,
DriftType.CONFIGURATION,
ResourceType.KUBERNETES,
String.format("secret/%s/%s", namespace, secretName)
));
}
}
return drifts;
}
/**
* Detect NetworkPolicy drifts
*/
public List<Drift> detectNetworkPolicyDrifts() {
List<Drift> drifts = new ArrayList<>();
try {
// Implementation for NetworkPolicy drift detection
// This would check for missing network policies, overly permissive rules, etc.
} catch (Exception e) {
logger.error("Failed to detect NetworkPolicy drifts", e);
}
return drifts;
}
/**
* Detect PodSecurityPolicy drifts
*/
public List<Drift> detectPodSecurityPolicyDrifts() {
List<Drift> drifts = new ArrayList<>();
try {
// Implementation for PodSecurityPolicy drift detection
// This would check for privileged pods, host namespace sharing, etc.
} catch (Exception e) {
logger.error("Failed to detect PodSecurityPolicy drifts", e);
}
return drifts;
}
/**
* Detect drift for specific Kubernetes resource
*/
public List<Drift> detectResourceDrift(ResourceIdentifier resource) {
// Implementation for specific resource drift detection
return new ArrayList<>();
}
/**
* Check if data contains sensitive information
*/
private boolean containsSensitiveData(String data) {
if (data == null) return false;
String lowerData = data.toLowerCase();
return lowerData.contains("password") ||
lowerData.contains("secret") ||
lowerData.contains("key") ||
lowerData.contains("token") ||
lowerData.contains("credential");
}
/**
* Create drift object
*/
private Drift createDrift(String title, String description, DriftSeverity severity,
DriftType type, ResourceType resourceType, String resourceId) {
Drift drift = new Drift();
drift.setId(UUID.randomUUID().toString());
drift.setTitle(title);
drift.setDescription(description);
drift.setSeverity(severity);
drift.setType(type);
drift.setResourceType(resourceType);
drift.setResourceId(resourceId);
drift.setDetectedAt(new Date());
return drift;
}
}
5. Cloud Infrastructure Drift Detection
package com.example.drift.service.cloud;
import com.example.drift.model.*;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.ec2.Ec2Client;
import software.amazon.awssdk.services.ec2.model.*;
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.s3.model.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import java.util.*;
@Service
public class CloudService {
private static final Logger logger = LoggerFactory.getLogger(CloudService.class);
private final AwsService awsService;
private final AzureService azureService;
private final GcpService gcpService;
public CloudService(AwsService awsService, AzureService azureService, GcpService gcpService) {
this.awsService = awsService;
this.azureService = azureService;
this.gcpService = gcpService;
}
/**
* Detect cloud infrastructure drifts
*/
public List<Drift> detectCloudDrift() {
logger.info("Detecting cloud infrastructure drifts");
List<Drift> drifts = new ArrayList<>();
// AWS drift detection
drifts.addAll(awsService.detectAwsDrifts());
// Azure drift detection
drifts.addAll(azureService.detectAzureDrifts());
// GCP drift detection
drifts.addAll(gcpService.detectGcpDrifts());
return drifts;
}
/**
* Detect drift for specific cloud resource
*/
public List<Drift> detectResourceDrift(ResourceIdentifier resource) {
switch (resource.getCloudProvider()) {
case AWS:
return awsService.detectResourceDrift(resource);
case AZURE:
return azureService.detectResourceDrift(resource);
case GCP:
return gcpService.detectResourceDrift(resource);
default:
throw new IllegalArgumentException("Unsupported cloud provider: " + resource.getCloudProvider());
}
}
}
@Service
class AwsService {
private final Ec2Client ec2Client;
private final S3Client s3Client;
public AwsService() {
// Initialize AWS clients
this.ec2Client = Ec2Client.builder()
.region(Region.US_EAST_1)
.build();
this.s3Client = S3Client.builder()
.region(Region.US_EAST_1)
.build();
}
public List<Drift> detectAwsDrifts() {
List<Drift> drifts = new ArrayList<>();
// EC2 instance drifts
drifts.addAll(detectEc2Drifts());
// S3 bucket drifts
drifts.addAll(detectS3Drifts());
// Security group drifts
drifts.addAll(detectSecurityGroupDrifts());
// IAM policy drifts
drifts.addAll(detectIamDrifts());
return drifts;
}
private List<Drift> detectEc2Drifts() {
List<Drift> drifts = new ArrayList<>();
try {
DescribeInstancesResponse response = ec2Client.describeInstances();
for (Reservation reservation : response.reservations()) {
for (Instance instance : reservation.instances()) {
List<Drift> instanceDrifts = analyzeEc2Instance(instance);
drifts.addAll(instanceDrifts);
}
}
} catch (Exception e) {
logger.error("Failed to detect EC2 drifts", e);
}
return drifts;
}
private List<Drift> analyzeEc2Instance(Instance instance) {
List<Drift> drifts = new ArrayList<>();
String instanceId = instance.instanceId();
// Check instance state
InstanceState state = instance.state();
if (!"running".equals(state.nameAsString()) && !"stopped".equals(state.nameAsString())) {
drifts.add(createDrift(
"EC2 instance in unusual state",
String.format("EC2 instance %s is in state %s", instanceId, state.nameAsString()),
DriftSeverity.MEDIUM,
DriftType.OPERATIONAL,
ResourceType.CLOUD,
String.format("aws/ec2/%s", instanceId)
));
}
// Check public IP assignment
if (instance.publicIpAddress() != null) {
drifts.add(createDrift(
"EC2 instance has public IP",
String.format("EC2 instance %s has public IP %s",
instanceId, instance.publicIpAddress()),
DriftSeverity.HIGH,
DriftType.SECURITY,
ResourceType.CLOUD,
String.format("aws/ec2/%s", instanceId)
));
}
// Check security groups
List<GroupIdentifier> securityGroups = instance.securityGroups();
for (GroupIdentifier sg : securityGroups) {
List<Drift> sgDrifts = analyzeSecurityGroup(sg.groupId());
drifts.addAll(sgDrifts);
}
return drifts;
}
private List<Drift> detectS3Drifts() {
List<Drift> drifts = new ArrayList<>();
try {
ListBucketsResponse response = s3Client.listBuckets();
for (Bucket bucket : response.buckets()) {
List<Drift> bucketDrifts = analyzeS3Bucket(bucket.name());
drifts.addAll(bucketDrifts);
}
} catch (Exception e) {
logger.error("Failed to detect S3 drifts", e);
}
return drifts;
}
private List<Drift> analyzeS3Bucket(String bucketName) {
List<Drift> drifts = new ArrayList<>();
try {
// Check bucket encryption
GetBucketEncryptionResponse encryptionResponse = s3Client.getBucketEncryption(
GetBucketEncryptionRequest.builder().bucket(bucketName).build()
);
// Check bucket policy
GetBucketPolicyResponse policyResponse = s3Client.getBucketPolicy(
GetBucketPolicyRequest.builder().bucket(bucketName).build()
);
// Analyze policy for public access
String policy = policyResponse.policy();
if (policy != null && policy.contains("Principal\":\"*")) {
drifts.add(createDrift(
"S3 bucket has public access",
String.format("S3 bucket %s has policy allowing public access", bucketName),
DriftSeverity.CRITICAL,
DriftType.SECURITY,
ResourceType.CLOUD,
String.format("aws/s3/%s", bucketName)
));
}
} catch (S3Exception e) {
if (e.statusCode() == 404) {
// No encryption or policy configured
drifts.add(createDrift(
"S3 bucket missing encryption",
String.format("S3 bucket %s has no encryption configured", bucketName),
DriftSeverity.HIGH,
DriftType.SECURITY,
ResourceType.CLOUD,
String.format("aws/s3/%s", bucketName)
));
}
} catch (Exception e) {
logger.error("Failed to analyze S3 bucket: {}", bucketName, e);
}
return drifts;
}
private List<Drift> detectSecurityGroupDrifts() {
List<Drift> drifts = new ArrayList<>();
try {
DescribeSecurityGroupsResponse response = ec2Client.describeSecurityGroups();
for (SecurityGroup sg : response.securityGroups()) {
List<Drift> sgDrifts = analyzeSecurityGroup(sg.groupId());
drifts.addAll(sgDrifts);
}
} catch (Exception e) {
logger.error("Failed to detect security group drifts", e);
}
return drifts;
}
private List<Drift> analyzeSecurityGroup(String securityGroupId) {
List<Drift> drifts = new ArrayList<>();
try {
DescribeSecurityGroupsResponse response = ec2Client.describeSecurityGroups(
DescribeSecurityGroupsRequest.builder()
.groupIds(securityGroupId)
.build()
);
SecurityGroup sg = response.securityGroups().get(0);
// Check for overly permissive rules
for (IpPermission permission : sg.ipPermissions()) {
if (isOverlyPermissive(permission)) {
drifts.add(createDrift(
"Security group has overly permissive rule",
String.format("Security group %s has overly permissive rule: %s",
securityGroupId, permission.toString()),
DriftSeverity.HIGH,
DriftType.SECURITY,
ResourceType.CLOUD,
String.format("aws/security-group/%s", securityGroupId)
));
}
}
} catch (Exception e) {
logger.error("Failed to analyze security group: {}", securityGroupId, e);
}
return drifts;
}
private boolean isOverlyPermissive(IpPermission permission) {
// Check for 0.0.0.0/0 in CIDR ranges
for (IpRange ipRange : permission.ipRanges()) {
if ("0.0.0.0/0".equals(ipRange.cidrIp())) {
return true;
}
}
return false;
}
private List<Drift> detectIamDrifts() {
// Implementation for IAM policy drift detection
return new ArrayList<>();
}
public List<Drift> detectResourceDrift(ResourceIdentifier resource) {
// Implementation for specific AWS resource drift detection
return new ArrayList<>();
}
private Drift createDrift(String title, String description, DriftSeverity severity,
DriftType type, ResourceType resourceType, String resourceId) {
Drift drift = new Drift();
drift.setId(UUID.randomUUID().toString());
drift.setTitle(title);
drift.setDescription(description);
drift.setSeverity(severity);
drift.setType(type);
drift.setResourceType(resourceType);
drift.setResourceId(resourceId);
drift.setDetectedAt(new Date());
return drift;
}
}
// AzureService and GcpService implementations would follow similar patterns
6. Data Models
package com.example.drift.model;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.databind.JsonNode;
import java.util.*;
import java.util.stream.Collectors;
@JsonInclude(JsonInclude.Include.NON_NULL)
public class Drift {
private String id;
private String title;
private String description;
private DriftSeverity severity;
private DriftType type;
private ResourceType resourceType;
private String resourceId;
private String resourceName;
private Map<String, Object> details = new HashMap<>();
private Date detectedAt;
private Date resolvedAt;
private DriftStatus status = DriftStatus.OPEN;
private String remediation;
// Getters and setters
public String getId() { return id; }
public void setId(String id) { this.id = id; }
public String getTitle() { return title; }
public void setTitle(String title) { this.title = title; }
public String getDescription() { return description; }
public void setDescription(String description) { this.description = description; }
public DriftSeverity getSeverity() { return severity; }
public void setSeverity(DriftSeverity severity) { this.severity = severity; }
public DriftType getType() { return type; }
public void setType(DriftType type) { this.type = type; }
public ResourceType getResourceType() { return resourceType; }
public void setResourceType(ResourceType resourceType) { this.resourceType = resourceType; }
public String getResourceId() { return resourceId; }
public void setResourceId(String resourceId) { this.resourceId = resourceId; }
public String getResourceName() { return resourceName; }
public void setResourceName(String resourceName) { this.resourceName = resourceName; }
public Map<String, Object> getDetails() { return details; }
public void setDetails(Map<String, Object> details) { this.details = details; }
public void addDetail(String key, Object value) { this.details.put(key, value); }
public Date getDetectedAt() { return detectedAt; }
public void setDetectedAt(Date detectedAt) { this.detectedAt = detectedAt; }
public Date getResolvedAt() { return resolvedAt; }
public void setResolvedAt(Date resolvedAt) { this.resolvedAt = resolvedAt; }
public DriftStatus getStatus() { return status; }
public void setStatus(DriftStatus status) { this.status = status; }
public String getRemediation() { return remediation; }
public void setRemediation(String remediation) { this.remediation = remediation; }
}
public enum DriftSeverity {
CRITICAL, HIGH, MEDIUM, LOW, INFO
}
public enum DriftType {
CONFIGURATION, SECURITY, COST, PERFORMANCE, COMPLIANCE,
AVAILABILITY, OPERATIONAL, ADDITION, DELETION, MODIFICATION
}
public enum ResourceType {
KUBERNETES, CLOUD, APPLICATION, SECURITY, NETWORK, STORAGE, DATABASE
}
public enum DriftStatus {
OPEN, IN_PROGRESS, RESOLVED, IGNORED, FALSE_POSITIVE
}
public class ResourceIdentifier {
private ResourceType resourceType;
private CloudProvider cloudProvider;
private String resourceId;
private String namespace;
private String region;
// Getters and setters
public ResourceType getResourceType() { return resourceType; }
public void setResourceType(ResourceType resourceType) { this.resourceType = resourceType; }
public CloudProvider getCloudProvider() { return cloudProvider; }
public void setCloudProvider(CloudProvider cloudProvider) { this.cloudProvider = cloudProvider; }
public String getResourceId() { return resourceId; }
public void setResourceId(String resourceId) { this.resourceId = resourceId; }
public String getNamespace() { return namespace; }
public void setNamespace(String namespace) { this.namespace = namespace; }
public String getRegion() { return region; }
public void setRegion(String region) { this.region = region; }
@Override
public String toString() {
return String.format("%s/%s/%s", cloudProvider, resourceType, resourceId);
}
}
public enum CloudProvider {
AWS, AZURE, GCP, ON_PREMISES, MULTI_CLOUD
}
public class ResourceState {
private String resourceId;
private ResourceType resourceType;
private JsonNode configuration;
private Map<String, Object> metadata = new HashMap<>();
private Date lastModified;
private String version;
// Getters and setters
public String getResourceId() { return resourceId; }
public void setResourceId(String resourceId) { this.resourceId = resourceId; }
public ResourceType getResourceType() { return resourceType; }
public void setResourceType(ResourceType resourceType) { this.resourceType = resourceType; }
public JsonNode getConfiguration() { return configuration; }
public void setConfiguration(JsonNode configuration) { this.configuration = configuration; }
public Map<String, Object> getMetadata() { return metadata; }
public void setMetadata(Map<String, Object> metadata) { this.metadata = metadata; }
public void addMetadata(String key, Object value) { this.metadata.put(key, value); }
public Date getLastModified() { return lastModified; }
public void setLastModified(Date lastModified) { this.lastModified = lastModified; }
public String getVersion() { return version; }
public void setVersion(String version) { this.version = version; }
}
public class DetectionMetrics {
private int totalDrifts;
private int criticalDrifts;
private int highDrifts;
private int mediumDrifts;
private int lowDrifts;
private long detectionTimeMs;
private double driftRate; // Drifts per hour
// Getters and setters
public int getTotalDrifts() { return totalDrifts; }
public void setTotalDrifts(int totalDrifts) { this.totalDrifts = totalDrifts; }
public int getCriticalDrifts() { return criticalDrifts; }
public void setCriticalDrifts(int criticalDrifts) { this.criticalDrifts = criticalDrifts; }
public int getHighDrifts() { return highDrifts; }
public void setHighDrifts(int highDrifts) { this.highDrifts = highDrifts; }
public int getMediumDrifts() { return mediumDrifts; }
public void setMediumDrifts(int mediumDrifts) { this.mediumDrifts = mediumDrifts; }
public int getLowDrifts() { return lowDrifts; }
public void setLowDrifts(int lowDrifts) { this.lowDrifts = lowDrifts; }
public long getDetectionTimeMs() { return detectionTimeMs; }
public void setDetectionTimeMs(long detectionTimeMs) { this.detectionTimeMs = detectionTimeMs; }
public double getDriftRate() { return driftRate; }
public void setDriftRate(double driftRate) { this.driftRate = driftRate; }
}
// Additional data models for comparison, history, patterns, etc.
7. REST API Controllers
package com.example.drift.controller;
import com.example.drift.service.DriftDetectionService;
import com.example.drift.model.*;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;
import java.util.Date;
import java.util.List;
@RestController
@RequestMapping("/api/drift")
public class DriftController {
private final DriftDetectionService driftService;
public DriftController(DriftDetectionService driftService) {
this.driftService = driftService;
}
@PostMapping("/detect")
public ResponseEntity<DriftDetectionResult> detectDrift() {
try {
DriftDetectionResult result = driftService.detectDrift();
return ResponseEntity.ok(result);
} catch (Exception e) {
return ResponseEntity.internalServerError().build();
}
}
@PostMapping("/detect/resource")
public ResponseEntity<DriftDetectionResult> detectResourceDrift(@RequestBody ResourceIdentifier resource) {
try {
DriftDetectionResult result = driftService.detectResourceDrift(resource);
return ResponseEntity.ok(result);
} catch (Exception e) {
return ResponseEntity.badRequest().build();
}
}
@PostMapping("/baseline")
public ResponseEntity<Baseline> createBaseline(
@RequestParam String name,
@RequestParam(required = false) String description) {
try {
Baseline baseline = driftService.createBaseline(name, description);
return ResponseEntity.ok(baseline);
} catch (Exception e) {
return ResponseEntity.internalServerError().build();
}
}
@PostMapping("/compare")
public ResponseEntity<ComparisonResult> compareWithBaseline(@RequestParam String baselineId) {
try {
ComparisonResult result = driftService.compareWithBaseline(baselineId);
return ResponseEntity.ok(result);
} catch (Exception e) {
return ResponseEntity.badRequest().build();
}
}
@GetMapping("/history")
public ResponseEntity<DriftHistory> getDriftHistory(
@RequestParam Long startTime,
@RequestParam Long endTime,
@RequestParam(required = false) DriftSeverity severity,
@RequestParam(required = false) ResourceType resourceType) {
try {
HistoryFilter filter = new HistoryFilter(
new Date(startTime), new Date(endTime), severity, resourceType
);
DriftHistory history = driftService.getDriftHistory(filter);
return ResponseEntity.ok(history);
} catch (Exception e) {
return ResponseEntity.badRequest().build();
}
}
@PostMapping("/patterns/analyze")
public ResponseEntity<PatternAnalysis> analyzePatterns(@RequestBody PatternAnalysisRequest request) {
try {
PatternAnalysis analysis = driftService.analyzeDriftPatterns(request);
return ResponseEntity.ok(analysis);
} catch (Exception e) {
return ResponseEntity.internalServerError().build();
}
}
@PostMapping("/monitoring/start")
public ResponseEntity<String> startRealTimeMonitoring() {
try {
driftService.startRealTimeMonitoring();
return ResponseEntity.ok("Real-time monitoring started");
} catch (Exception e) {
return ResponseEntity.internalServerError().body("Failed to start monitoring");
}
}
@GetMapping("/health")
public ResponseEntity<HealthStatus> healthCheck() {
try {
HealthStatus status = new HealthStatus("healthy", "Drift detection service is running");
return ResponseEntity.ok(status);
} catch (Exception e) {
return ResponseEntity.status(503)
.body(new HealthStatus("unhealthy", e.getMessage()));
}
}
}
8. Application Configuration
# application.yml
drift:
detection:
enabled: true
mode: scheduled
schedule-interval: 300000
history-retention-days: 30
# Detection scopes
kubernetes-enabled: true
cloud-enabled: true
security-enabled: true
application-enabled: true
# Kubernetes configuration
kube-config-path: ${KUBECONFIG}
monitored-namespaces:
- "default"
- "kube-system"
- "monitoring"
resource-types:
- "deployments"
- "services"
- "configmaps"
- "secrets"
- "networkpolicies"
# Cloud providers
cloud-providers:
- "aws"
- "azure"
aws:
access-key: ${AWS_ACCESS_KEY_ID}
secret-key: ${AWS_SECRET_ACCESS_KEY}
region: us-east-1
services:
- "ec2"
- "s3"
- "iam"
azure:
tenant-id: ${AZURE_TENANT_ID}
client-id: ${AZURE_CLIENT_ID}
client-secret: ${AZURE_CLIENT_SECRET}
subscription-id: ${AZURE_SUBSCRIPTION_ID}
# Alerting
slack-enabled: false
slack-webhook-url: ${SLACK_WEBHOOK_URL}
email-enabled: true
email-recipients: "[email protected]"
# Drift thresholds
critical-severity-threshold: 1
high-severity-threshold: 5
medium-severity-threshold: 10
# Auto-remediation
auto-remediation-enabled: false
auto-remediation-actions:
- "alert"
- "notify"
management:
endpoints:
web:
exposure:
include: health,info,metrics,drift
endpoint:
drift:
enabled: true
spring:
datasource:
url: jdbc:h2:file:./driftdb
driverClassName: org.h2.Driver
username: sa
password: ""
jpa:
database-platform: org.hibernate.dialect.H2Dialect
hibernate:
ddl-auto: update
logging:
level:
com.example.drift: INFO
Best Practices
1. Performance Optimization
@Component
public class DriftDetectionOptimizer {
public List<Drift> filterDuplicateDrifts(List<Drift> drifts) {
return drifts.stream()
.collect(Collectors.toMap(
this::getDriftSignature,
drift -> drift,
(existing, replacement) -> existing
))
.values()
.stream()
.collect(Collectors.toList());
}
private String getDriftSignature(Drift drift) {
return String.format("%s-%s-%s",
drift.getResourceId(),
drift.getType(),
drift.getTitle()
);
}
}
2. Alert Management
@Component
public class SmartAlertService {
public void sendContextualAlerts(DriftDetectionResult result) {
Map<DriftSeverity, List<Drift>> driftsBySeverity = result.getDrifts().stream()
.collect(Collectors.groupingBy(Drift::getSeverity));
// Only alert if drifts are new or severity increased
for (DriftSeverity severity : driftsBySeverity.keySet()) {
if (shouldAlert(severity, driftsBySeverity.get(severity))) {
sendAlert(severity, driftsBySeverity.get(severity));
}
}
}
private boolean shouldAlert(DriftSeverity severity, List<Drift> drifts) {
// Implementation for smart alerting logic
return true;
}
}
Conclusion
This comprehensive drift detection implementation provides:
- Multi-cloud drift detection (AWS, Azure, GCP)
- Kubernetes resource monitoring
- Security policy compliance checking
- Real-time and scheduled detection
- Historical analysis and trend identification
- Automated remediation capabilities
- REST API for integration
Key benefits:
- Proactive infrastructure management
- Security compliance enforcement
- Cost optimization through drift prevention
- Comprehensive visibility across environments
- Automated response to configuration changes
This system helps organizations maintain desired state configurations, ensure security compliance, and prevent unexpected changes in their cloud-native environments.