#atlantis (2020-07)

atlantis

Discuss the Atlantis (http://runatlantis.io|runatlantis.io) *Archive: * https://archive.sweetops.com/atlantis/

2020-07-24

2020-07-23

2020-07-21

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

whats an easy way to see the version of atlantis? is this exposed on an api call ?

David avatar
David

On the server, you can run the atlantis version command: https://github.com/runatlantis/atlantis/blob/master/cmd/version.go

runatlantis/atlantis

Terraform Pull Request Automation. Contribute to runatlantis/atlantis development by creating an account on GitHub.

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

ah but i cannot do this since im using a fargate task

David avatar
David

I think the easiest way then is to check however you built the docker image running in the fargate task and see if you specify a version.

Otherwise, you can always pull down the image running in your task by SHA, start a shell in it, and run atlantis version

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

well, yes that’s what im doing too. i ran into an issue today where i built a new image, updated terraform, and realized that fargate had not deployed a new instance when i was trying to use a 1.4.0 feature

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

i looked around for an easy way to get the version and couldn’t unless i used a custom workflow script which is pretty hackish

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

i did a force deployment on the ecs service and viola, new 0.14.0 feaeture was now available

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

doesn’t seem possible, so created this ticket https://github.com/runatlantis/atlantis/issues/1119

Return atlantis version when hitting /healthz · Issue #1119 · runatlantis/atlantis

It would be convenient if we can get the current version of atlantis when hitting /healthz endpoint and perhaps it could show it in the beginning of its output on any alantis commands This would co…

jose.amengual avatar
jose.amengual

in the ui you can see it

party_parrot1
jose.amengual avatar
jose.amengual

bottom right

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

oh man, thank you. that’s just wonderful

jose.amengual avatar
jose.amengual

I do not use the UI but one day I was trying to find the same and someone pointed that at me

jose.amengual avatar
jose.amengual

and even then trying to find the faded version on the ui took few seconds

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

perfect.

✗ curl -s <https://atlantis.internal.company.com> | grep -Po '^v.*'
v0.14.0
jose.amengual avatar
jose.amengual

lol that so not 2020

1
jose.amengual avatar
jose.amengual

I saw your PR

jose.amengual avatar
jose.amengual

that is a better way

1
RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

he wants it in the /status endpoint but im struggling with figuring out how to access the server information in that endpoint

zeid.derhally avatar
zeid.derhally

What is the best way to protect PRs so atlantis accepts “atlantis apply” only from certain users, or only users with “write” access to the repo? I’ve noticed that cloudposse’s atlantis fork had this change https://github.com/cloudposse/atlantis/pull/7/files . Has anyone done this using a service side custom workflow?

Add `gh-team-whitelist` command line argument by aknysh · Pull Request #7 · cloudposse/atlantis

what Add gh-team-whitelist command line argument why Comma separated list of key-value pairs representing the GitHub teams and the operations that the members of a particular team are allowed to…

David avatar
David

I use this script:

/**
 * This script is sets up protections over who can run `atlantis apply`
 * commands on our Infra related PRs to update our infra.
 *
 * It is mounted onto the Docker image, and updates to this file can
 * only be pushed to the remote repository by admins.
 */

const { ADMINS } = process.env;
const APPLY_USER = process.env.USER_NAME;

if (!ADMINS) {
  throw Error(
    'Could not find admin user list for determining if this "Apply" command is allowed',
  );
}

if (!APPLY_USER) {
  throw Error('Could not find user running the Apply command');
}

if (!ADMINS.split(',').includes(APPLY_USER)) {
  throw Error(
    `User ${APPLY_USER} is not an admin, and cannot run Atlantis Apply commands`,
  );
}

console.log(`Validated that ${APPLY_USER} is an admin`);
Add `gh-team-whitelist` command line argument by aknysh · Pull Request #7 · cloudposse/atlantis

what Add gh-team-whitelist command line argument why Comma separated list of key-value pairs representing the GitHub teams and the operations that the members of a particular team are allowed to…

David avatar
David

Not sure if that is the best way, but it works until that PR is merged

jose.amengual avatar
jose.amengual

I forked atlantis and added cloudposse gh-team-whitelist

jose.amengual avatar
jose.amengual

and I can update and get the new features

zeid.derhally avatar
zeid.derhally

we have our own fork of atlantis that let’s us specify that atlantis config to use so that we can have multiple atlantis services work on the same repo

jose.amengual avatar
jose.amengual

I added that too!!! pretty useful

jose.amengual avatar
jose.amengual

we have been using the cloudposse feature and it works perfectly

zeid.derhally avatar
zeid.derhally

do you think atlantis maintainers would accept the team whitelist feature?

jose.amengual avatar
jose.amengual

nope

jose.amengual avatar
jose.amengual

it has been outstanding for a long time

jose.amengual avatar
jose.amengual

there is a very long discussion about it

jose.amengual avatar
jose.amengual

they added one feature that is not nearly as complete

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)
nitrocode/atlantis-terraform-module

Basic terraform cicd setup using atlantis. Contribute to nitrocode/atlantis-terraform-module development by creating an account on GitHub.

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

basically i have a users file containing github users. if your username is not in it, then you cannot apply.

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)
nitrocode/atlantis-terraform-module

Basic terraform cicd setup using atlantis. Contribute to nitrocode/atlantis-terraform-module development by creating an account on GitHub.

jose.amengual avatar
jose.amengual

yes that is one way I have seen, if Atlantis run exposed more Variables you could do more stuff

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

by using the cloudposse fork, how often does cloudposse resync with the upstream fork ?

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

cloudposse/default-backend:0.12

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

ok this is the fork https://github.com/cloudposse/atlantis

looks like it hasn’t been updated in about 10 months tho

jose.amengual avatar
jose.amengual

that is why I created my own fork

jose.amengual avatar
jose.amengual
sonatype/atlantis

Terraform Pull Request Automation. Contribute to sonatype/atlantis development by creating an account on GitHub.

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

oofah, so many forks

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

so your fork is up to date with lkysow’s repo and has the cloudposse additions ?

jose.amengual avatar
jose.amengual

yes

jose.amengual avatar
jose.amengual

and one more addition

jose.amengual avatar
jose.amengual

for use with multiple atlantis-XXXX.yaml files

jose.amengual avatar
jose.amengual

so you can use it with multiple servers

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

amazing

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

you should put that in your README.md

jose.amengual avatar
jose.amengual

but right now is 0.13

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

then we can all start using it xD

jose.amengual avatar
jose.amengual

I need to pull the latest

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

if you can automate the sync and merge, that would be even better

jose.amengual avatar
jose.amengual

I was about to pull the new version to use github apps aythentication

jose.amengual avatar
jose.amengual

we will

jose.amengual avatar
jose.amengual

and we are going to security test it

jose.amengual avatar
jose.amengual

since that is what we do

jose.amengual avatar
jose.amengual
sonatype-nexus-community/nancy

A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index - sonatype-nexus-community/nancy

cool-doge1
zeid.derhally avatar
zeid.derhally

oh nice

2020-07-03

2020-07-02

    keyboard_arrow_up