#atlantis (2020-07)

atlantis

Discuss the Atlantis (http://runatlantis.io|runatlantis.io) *Archive: * https://archive.sweetops.com/atlantis/

2020-07-24

2020-07-23

2020-07-21

RB avatar

whats an easy way to see the version of atlantis? is this exposed on an api call ?

David avatar
David

On the server, you can run the atlantis version command: https://github.com/runatlantis/atlantis/blob/master/cmd/version.go

runatlantis/atlantis

Terraform Pull Request Automation. Contribute to runatlantis/atlantis development by creating an account on GitHub.

RB avatar

ah but i cannot do this since im using a fargate task

David avatar
David

I think the easiest way then is to check however you built the docker image running in the fargate task and see if you specify a version.

Otherwise, you can always pull down the image running in your task by SHA, start a shell in it, and run atlantis version

RB avatar

well, yes that’s what im doing too. i ran into an issue today where i built a new image, updated terraform, and realized that fargate had not deployed a new instance when i was trying to use a 1.4.0 feature

RB avatar

i looked around for an easy way to get the version and couldn’t unless i used a custom workflow script which is pretty hackish

RB avatar

i did a force deployment on the ecs service and viola, new 0.14.0 feaeture was now available

RB avatar

doesn’t seem possible, so created this ticket https://github.com/runatlantis/atlantis/issues/1119

Return atlantis version when hitting /healthz · Issue #1119 · runatlantis/atlantis

It would be convenient if we can get the current version of atlantis when hitting /healthz endpoint and perhaps it could show it in the beginning of its output on any alantis commands This would co…

PePe avatar

in the ui you can see it

party_parrot1
PePe avatar

bottom right

RB avatar

oh man, thank you. that’s just wonderful

PePe avatar

I do not use the UI but one day I was trying to find the same and someone pointed that at me

PePe avatar

and even then trying to find the faded version on the ui took few seconds

RB avatar

perfect.

✗ curl -s <https://atlantis.internal.company.com> | grep -Po '^v.*'
v0.14.0
PePe avatar

lol that so not 2020

1
PePe avatar

I saw your PR

PePe avatar

that is a better way

:--1:1
RB avatar

he wants it in the /status endpoint but im struggling with figuring out how to access the server information in that endpoint

zeid.derhally avatar
zeid.derhally

What is the best way to protect PRs so atlantis accepts “atlantis apply” only from certain users, or only users with “write” access to the repo? I’ve noticed that cloudposse’s atlantis fork had this change https://github.com/cloudposse/atlantis/pull/7/files . Has anyone done this using a service side custom workflow?

Add `gh-team-whitelist` command line argument by aknysh · Pull Request #7 · cloudposse/atlantis

what Add gh-team-whitelist command line argument why Comma separated list of key-value pairs representing the GitHub teams and the operations that the members of a particular team are allowed to…

David avatar
David

I use this script:

/**
 * This script is sets up protections over who can run `atlantis apply`
 * commands on our Infra related PRs to update our infra.
 *
 * It is mounted onto the Docker image, and updates to this file can
 * only be pushed to the remote repository by admins.
 */

const { ADMINS } = process.env;
const APPLY_USER = process.env.USER_NAME;

if (!ADMINS) {
  throw Error(
    'Could not find admin user list for determining if this "Apply" command is allowed',
  );
}

if (!APPLY_USER) {
  throw Error('Could not find user running the Apply command');
}

if (!ADMINS.split(',').includes(APPLY_USER)) {
  throw Error(
    `User ${APPLY_USER} is not an admin, and cannot run Atlantis Apply commands`,
  );
}

console.log(`Validated that ${APPLY_USER} is an admin`);
Add `gh-team-whitelist` command line argument by aknysh · Pull Request #7 · cloudposse/atlantis

what Add gh-team-whitelist command line argument why Comma separated list of key-value pairs representing the GitHub teams and the operations that the members of a particular team are allowed to…

David avatar
David

Not sure if that is the best way, but it works until that PR is merged

PePe avatar

I forked atlantis and added cloudposse gh-team-whitelist

PePe avatar

and I can update and get the new features

zeid.derhally avatar
zeid.derhally

we have our own fork of atlantis that let’s us specify that atlantis config to use so that we can have multiple atlantis services work on the same repo

PePe avatar

I added that too!!! pretty useful

PePe avatar

we have been using the cloudposse feature and it works perfectly

zeid.derhally avatar
zeid.derhally

do you think atlantis maintainers would accept the team whitelist feature?

PePe avatar

nope

PePe avatar

it has been outstanding for a long time

PePe avatar

there is a very long discussion about it

PePe avatar

they added one feature that is not nearly as complete

RB avatar
nitrocode/atlantis-terraform-module

Basic terraform cicd setup using atlantis. Contribute to nitrocode/atlantis-terraform-module development by creating an account on GitHub.

RB avatar

basically i have a users file containing github users. if your username is not in it, then you cannot apply.

RB avatar
nitrocode/atlantis-terraform-module

Basic terraform cicd setup using atlantis. Contribute to nitrocode/atlantis-terraform-module development by creating an account on GitHub.

PePe avatar

yes that is one way I have seen, if Atlantis run exposed more Variables you could do more stuff

RB avatar

by using the cloudposse fork, how often does cloudposse resync with the upstream fork ?

RB avatar

cloudposse/default-backend:0.12

RB avatar

ok this is the fork https://github.com/cloudposse/atlantis

looks like it hasn’t been updated in about 10 months tho

PePe avatar

that is why I created my own fork

PePe avatar
sonatype/atlantis

Terraform Pull Request Automation. Contribute to sonatype/atlantis development by creating an account on GitHub.

RB avatar

oofah, so many forks

RB avatar

so your fork is up to date with lkysow’s repo and has the cloudposse additions ?

PePe avatar

yes

PePe avatar

and one more addition

PePe avatar

for use with multiple atlantis-XXXX.yaml files

PePe avatar

so you can use it with multiple servers

RB avatar

amazing

RB avatar

you should put that in your README.md

PePe avatar

but right now is 0.13

RB avatar

then we can all start using it xD

PePe avatar

I need to pull the latest

RB avatar

if you can automate the sync and merge, that would be even better

PePe avatar

I was about to pull the new version to use github apps aythentication

PePe avatar

we will

PePe avatar

and we are going to security test it

PePe avatar

since that is what we do

PePe avatar
sonatype-nexus-community/nancy

A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index - sonatype-nexus-community/nancy

cool-doge1
zeid.derhally avatar
zeid.derhally

oh nice

2020-07-03

2020-07-02

    keyboard_arrow_up