#atlantis (2021-01)

atlantis

Discuss the Atlantis (http://runatlantis.io|runatlantis.io) *Archive: * https://archive.sweetops.com/atlantis/

2021-01-21

cytopia avatar
cytopia

Currently trying to use yaml anchors in atlantis.yaml (repo-side) to save some code. No matter how I write it, I always get a parsing atlantis.yaml: yaml: line XXX: did not find expected key Anyone knows if anchors are supported by their yaml parser at all?

joshmyers avatar
joshmyers
version: 3
automerge: true

projects:
  # Project Definitions
  - &terraform_project
    name: "ecr"
    dir: "terraform/coreeng/global/us-east-1/ecr"
    workflow: "terragrunt"
    workspace: "default"
    apply_requirements:
      - "approved"
      - "mergeable"
    autoplan:
      enabled: true
      when_modified:
        - "*.tf"
        - "*.hcl"

    - <<: *terraform_project
    name: "dev/us-east-1/badgers-service"
    dir: "terraform/test/dev/us-east-1/badgers-service"
    autoplan:
      enabled: true
      when_modified:
        - "../../badgers-service.hcl"
        - "*.tf"
        - "*.hcl"
cytopia avatar
cytopia

Trying this in the workflow definition (with no luck) as such:

workflows:
  terraform-playground:
    envs: &envs
      - env:
          name: AWS_SECRET_JSON
          command: aws sts assume-role --role-arn arn:aws:iam::123456789:role/ATLANTIS"
      - env:
          name: AWS_ACCESS_KEY_ID
          command: echo "${AWS_SECRET_JSON}" | grep AccessKeyId     | awk -F'"' '{print $4}'
      - env:
          name: AWS_SECRET_ACCESS_KEY
          command: echo "${AWS_SECRET_JSON}" | grep SecretAccessKey | awk -F'"' '{print $4}'
      - env:
          name: AWS_SESSION_TOKEN
          command: echo "${AWS_SECRET_JSON}" | grep SessionToken    | awk -F'"' '{print $4}'
    plan:
      steps:
        *envs
        - run: terraform init
        - run: terraform plan -no-color -out $PLANFILE
    apply:
      steps:
        *envs
        - run: terraform apply -no-color $PLANFILE

2021-01-14

PePe avatar

https://github.com/runatlantis/atlantis/pull/1340 @Erik Osterman (Cloud Posse) related to our conversation in OfficeHours

Add the ability to disable Atlantis locking a repo by gezb · Pull Request #1340 · runatlantis/atlantis

This change introduces a no-op Locker implementation that when enabled effectively disables the locking of projects and workspace This is another possible solution to #1212, my initial change just …

2

2021-01-13

Joan Porta avatar
Joan Porta

Any recommendation on how to use Atlantis to have a previous step to analyze security in terraform code? I mean, opened Sec Groups, IAM resources wide open…? Or if there is a better tool I would thank you.

joshmyers avatar
joshmyers

Use the OPA integration…

1
PePe avatar

Here is a feature that will be merged soon that enables opa policy checks in Atlantis natively

2021-01-08

imiltchman avatar
imiltchman

Looks like the hashes are different depending on the platform that the init is run

PePe avatar

I have not seen an error like that in 0.13.5 I have not used 0.14 yet

imiltchman avatar
imiltchman

If you use exclusively Atlantis, you won’t see lock files at all, since they won’t ever be committed

imiltchman avatar
imiltchman

Maybe a future use case for Atlantis to commit these lock files

PePe avatar

It could be

2021-01-07

imiltchman avatar
imiltchman

Has anybody had issues with the new TF0.14 dependency lock files and Atlantis?

imiltchman avatar
imiltchman

Getting “Error: Failed to install provider from shared cache” when committing the lock files

    keyboard_arrow_up