#atlantis (2021-01)

atlantis

Discuss the Atlantis (http://runatlantis.io|runatlantis.io) *Archive: * https://archive.sweetops.com/atlantis/

2021-01-26

2021-01-21

cytopia avatar
cytopia

Currently trying to use yaml anchors in atlantis.yaml (repo-side) to save some code. No matter how I write it, I always get a parsing atlantis.yaml: yaml: line XXX: did not find expected key Anyone knows if anchors are supported by their yaml parser at all?

joshmyers avatar
joshmyers
version: 3
automerge: true

projects:
  # Project Definitions
  - &terraform_project
    name: "ecr"
    dir: "terraform/coreeng/global/us-east-1/ecr"
    workflow: "terragrunt"
    workspace: "default"
    apply_requirements:
      - "approved"
      - "mergeable"
    autoplan:
      enabled: true
      when_modified:
        - "*.tf"
        - "*.hcl"

    - <<: *terraform_project
    name: "dev/us-east-1/badgers-service"
    dir: "terraform/test/dev/us-east-1/badgers-service"
    autoplan:
      enabled: true
      when_modified:
        - "../../badgers-service.hcl"
        - "*.tf"
        - "*.hcl"
cytopia avatar
cytopia

Trying this in the workflow definition (with no luck) as such:

workflows:
  terraform-playground:
    envs: &envs
      - env:
          name: AWS_SECRET_JSON
          command: aws sts assume-role --role-arn arn:aws:iam::123456789:role/ATLANTIS"
      - env:
          name: AWS_ACCESS_KEY_ID
          command: echo "${AWS_SECRET_JSON}" | grep AccessKeyId     | awk -F'"' '{print $4}'
      - env:
          name: AWS_SECRET_ACCESS_KEY
          command: echo "${AWS_SECRET_JSON}" | grep SecretAccessKey | awk -F'"' '{print $4}'
      - env:
          name: AWS_SESSION_TOKEN
          command: echo "${AWS_SECRET_JSON}" | grep SessionToken    | awk -F'"' '{print $4}'
    plan:
      steps:
        *envs
        - run: terraform init
        - run: terraform plan -no-color -out $PLANFILE
    apply:
      steps:
        *envs
        - run: terraform apply -no-color $PLANFILE

2021-01-14

jose.amengual avatar
jose.amengual

https://github.com/runatlantis/atlantis/pull/1340 @Erik Osterman (Cloud Posse) related to our conversation in OfficeHours

Add the ability to disable Atlantis locking a repo by gezb · Pull Request #1340 · runatlantis/atlantis

This change introduces a no-op Locker implementation that when enabled effectively disables the locking of projects and workspace This is another possible solution to #1212, my initial change just …

2

2021-01-13

Joan Porta avatar
Joan Porta

Any recommendation on how to use Atlantis to have a previous step to analyze security in terraform code? I mean, opened Sec Groups, IAM resources wide open…? Or if there is a better tool I would thank you.

joshmyers avatar
joshmyers

Use the OPA integration…

1
jose.amengual avatar
jose.amengual

Here is a feature that will be merged soon that enables opa policy checks in Atlantis natively

Steve Wade avatar
Steve Wade

any idea when this is coming?

jose.amengual avatar
jose.amengual

It should come on the next release that is a bit late

Steve Wade avatar
Steve Wade

Nice man can’t wait for this, any chance you could ping over the PR for reference please?

jose.amengual avatar
jose.amengual

yes one sec

jose.amengual avatar
jose.amengual
Implement a new policy check workflow by msarvar · Pull Request #1317 · runatlantis/atlantis

This PR adds policy check workflow into atlantis. It uses conftest to execute policies. At the moment you can only define policies locally and configure them in the server side config. How it works…

Steve Wade avatar
Steve Wade

Thanks man

1

2021-01-08

imiltchman avatar
imiltchman

Looks like the hashes are different depending on the platform that the init is run

jose.amengual avatar
jose.amengual

I have not seen an error like that in 0.13.5 I have not used 0.14 yet

imiltchman avatar
imiltchman

If you use exclusively Atlantis, you won’t see lock files at all, since they won’t ever be committed

imiltchman avatar
imiltchman

Maybe a future use case for Atlantis to commit these lock files

jose.amengual avatar
jose.amengual

It could be

2021-01-07

imiltchman avatar
imiltchman

Has anybody had issues with the new TF0.14 dependency lock files and Atlantis?

imiltchman avatar
imiltchman

Getting “Error: Failed to install provider from shared cache” when committing the lock files

    keyboard_arrow_up